Encrypted · read once · gone

Say it once.
Then let it burn.

A note that opens a single time, then destroys itself. We never hold the key — so we can't read it, and neither can anyone after you.

zero-knowledge end-to-end encrypted never written to disk open source
New notexchacha20
FREE Your settings
Burns after
Expires in

Free notes are fixed at 1 read · 24 hours.

The whole thing takes 30 seconds

Three steps, then it's ash.

01

Write it

Type a note or drop a file. It's encrypted in your browser before anything leaves your device — the key is generated locally and stays there.

02

Share the link

You get one link with the key tucked into the part of the URL your browser never sends us. Pass it along however you like.

03

It burns

The moment it's read — or when the timer runs out — the note is wiped from memory. No copy, no backup, no trace on our side.

The last thing you'll see

Watch it go.

Most tools hide the delete behind a spinner. We made it the moment worth remembering — a secret that visibly disappears is one you actually trust is gone. Try it →

This note destroys itself when you close it
Ceramic vault code: 7 · 41 · 19. Burn this once you're in.
// destroyed

Gone.

nothing was saved · no copy exists
Why "we can't read it" is literally true

Zero-knowledge, not just a promise.

The design makes it impossible for us to see your note — even if we were compromised, subpoenaed, or curious.

01

The key never reaches us

Encryption happens in your browser. The decryption key lives in the URL fragment after the "#", which browsers are built to never transmit to a server.

02

We only ever hold ciphertext

What lands on our server is an unreadable blob. Under a breach, a subpoena, or a rogue admin, there's nothing meaningful to hand over.

03

Memory only, never disk

Notes live in RAM with a strict timer, then evaporate. Nothing is written to disk, so nothing survives in a backup.

04

You can check our work

Every line is open source with reproducible, signed builds — so you can verify the code you're running is the code we published.

// in your browser, before sending
key = generateKey() // local only
blob = encrypt(note, key)

// sent to server
POST /note → { blob } ciphertext only

// the shareable link
cindernote.to/a1f9…#key
└ never sent ┘

Some things aren't
meant to be kept.

Write it once. Send it. Let it burn.