Frequently asked

Quick answers

The questions we hear most often.

Do I need an account to send a one-time link?

+

No. Anonymous use is supported and free. Accounts only unlock history, notifications, and team features.

Can Sealed read my secret if it wanted to?

+

No. The encryption key never reaches our servers. We only store ciphertext. Even our engineers operating the database cannot decrypt your secret — there's no key to use.

What happens if I lose the link?

+

It's gone. There is no recovery flow. Re-create the secret and send a new link.

What happens if someone intercepts the link?

+

Anyone with the full link can view the secret once (or up to your view limit). Share links through secure channels (Signal, encrypted email, direct DM). For extra safety, add a password to the link and share the password separately.

Why does the link have a # in it?

+

The encryption key lives after the # symbol — that part of a URL is called the 'fragment.' Browsers never send fragments to servers, so the key stays on the client. It's a 30-year-old web feature that's the cleanest way to keep us from ever seeing the key.

How long do links last?

+

Default is 7 days. You can set 1 hour, 1 day, 7 days, or 30 days at creation time. After expiry the row is deleted regardless of view count.

Can I see who viewed my secret?

+

On the Pro and Business plans, yes — you'll get an email/Slack/webhook notification when the link is consumed. The Free tier deliberately doesn't track this.

Where are servers hosted?

+

We run on Vercel's global edge with primary storage in EU-region data centers, which keeps GDPR-aligned customers in compliance.

Is the source code open?

+

Core encryption logic is auditable at /source so security teams can verify the zero-knowledge claim independently.