# Share Encrypted Self-Destructing Notes

> Free online secure note sharing. Create encrypted self-destructing notes that can only be read once. Close the tab and the password is gone.

Live tool: https://lofttools.com/tools/security-tools/secure-note-sharing

Category: Security & Privacy

## How it works

1. **Write note** — Type the sensitive information you want to share
2. **Set options** — Choose an expiration time and optionally add a password
3. **Share link** — Copy the generated link — the note self-destructs after being read

## FAQ

### Can the note be read more than once?

By default, notes self-destruct after one viewing. You can optionally allow multiple views with a time expiration.

### What if the link is never opened?

Unopened notes are automatically deleted after the expiration time (default 24 hours).

### Is this cryptographically secure?

Yes. The tool uses the Web Crypto API for cryptographic operations, providing the same security level as native applications.

### How is this different from Privnote or OneTimeSecret?

Zero-server architecture. Privnote, OneTimeSecret, and similar services store the encrypted ciphertext on their servers and hand you a link to a server-side record — meaning their database holds your encrypted payload (and any future breach or subpoena could expose it). Loft's secure-note tool encrypts client-side and packs the entire ciphertext plus the AES-256-GCM key into the URL fragment (after the # in the link). Browsers never send the fragment to any server, so the encrypted note literally cannot leave the recipient's device. Close the tab and the note is gone — there's no record on our side because there's no record at all. Self-destruct is enforced locally via a fingerprint stored on the recipient's device.


## Privacy — what we do not do

This tool runs entirely in the browser via WebAssembly. Your file never reaches a Loft Tools server. Specifically:

- **No upload.** The file bytes load into the browser tab's memory and process on your own CPU. Open DevTools → Network and observe zero outbound requests carrying file data while Share Encrypted Self-Destructing Notes runs.
- **No AI training on your file.** Loft does not train models. We could not train on a file we cannot see.
- **No content scanning.** No virus, copyright, or content-moderation pass against your file. The bytes are not accessible to us.
- **No server-side log of file contents, filenames, or EXIF metadata.** Cloudflare edge captures URL and truncated IP for abuse defense (standard CDN behaviour). Cloudflare Web Analytics records anonymous page hits, no cookies, no PII. Nothing about your file content reaches any log.
- **No retention.** Close the tab and the file leaves browser memory. No backups exist on our side because no copy ever existed on our side.
- **No account.** No email, no signup, no auth, no telemetry tied to you.
- **Offline-capable after first visit** (PWA). Once you've loaded a tool, it caches; later sessions work without internet. For high-sensitivity files, run the tool once online to warm the cache, then disconnect before processing.

Compare with upload-based services: each transmits your file to a processing server. Even over HTTPS, each has logs, retention windows, and subpoena exposure. Loft has none of these because the server architecture does not include your file.

## More

- All tools: https://lofttools.com/tools
- Category: https://lofttools.com/tools/security-tools
- LLM index: https://lofttools.com/llms.txt