A plain-language guide to the zero-knowledge model behind zipz.space — how a secret is encrypted in your browser, why our servers can never read it, and how each message self-destructs after it's read.
You write a secret. Your browser seals it with a fresh AES-256 key before anything leaves the page, and hands you a one-time link. Share the link. The recipient opens it and the message decrypts on their device. After a set number of reads, the payload is destroyed for good.
The key lives only in the part of the link after the # — the #fragment. Browsers never send the fragment over the network. So the key never reaches our server, our logs, or our database. We store only opaque ciphertext, which is useless without the key. We can'tread your message — not won't, can't.
You choose how many times a drop can be opened (1–5) and when it expires (10 minutes to 7 days). Each open spends one read. A read is spent only when the recipient explicitly clicks Reveal— never on page load — so link previews in Slack or iMessage can't burn it. The final read deletes the ciphertext permanently.
The link is the key. Anyone who sees the whole link can read the message once. Send it over a channel only your recipient controls, and let it self-destruct.
Your plaintext. Your key. We never log request bodies or links. The Referrer-Policy is no-referrer, so the fragment can't leak that way either.