FAQ

Explain 1Secret Like I'm 5

You can share information with someone using a "secret" link generated on the create page.

  • Select a duration (after this many minutes the secret will self-destruct) and a number of attempts (the secret will self-destruct once the link has been accesed this many times).
  • Finally enter your message and hit Create.
  • Copy the generated URL and share it with someone.
  • Whoever has the link can now view the secret.

For more options, create an account and sign in.

  • Optionally, you can add an email address and the secret link will be emailed there in addition to being displayed.
  • Optionally - and more importantly, you can encrypt your message with a password (the longer the better). The recipient would need the password in order to view the decrypted message, in addition to the secret link.

What are the differences between Anonymous, Standard, and Premium accounts?

Premium is the only paid account type at the moment, but you can check out all the features on the pricing page.

How secure is your platform?

1Secret is built on the latest version of the trusted Laravel platform, and hosted with a world class cloud provider.

We keep our platform and systems updated and test them frequently for weaknesses.

We strive to use the best possible, continuously researched, security practices.

How does 1Secret actually protect my secrets?

We use a multi-tier approach.

  1. To start, your information is transported securely and encrypted via SSL from your browser to our servers and back.
  2. Next, your secrets are stored encrypted in the database, whether you password-protect them or not. This means that an attacker would have to compromise both the database and the web server in order to, first, gain access to the encrypted data, and second, to decrypt it.
  3. Third, protecting a secret with your own password ensures that no one - not even us - will be able to decrypt the data. We use government standard AES-256 encryption which is virtually impossible to compromise.
  4. Lastly, once a secret expires, it is gone forever. It is wiped from the database without a trace.

How well can I trust your service?

While it is plausible we could be malicious actors trying to get a hold of your sensitive data for our own nefarious purposes, the simple reality is that we intend for 1Secret to grow and become a sustainable business.

Aside from that, the data that you store with us is, for practical purposes, anonymized. There is no way we can associate a particular secret with your person. We don't collect any personal information, except for email, but we strongly advise you to use a disposable or anonymous address for this purpose. Think of it, if you will, as us holding a key but no lock.

For complete peace of mind, be sure to encrypt your secrets with a password (this does require you to register an account).

Can you recover a deleted secret?

As mentioned above, no. We do not soft-delete records. (A soft-delete means marking a record as deleted instead of removing it). To keep true to 1Secret's mission statement, we wipe secret records permanently when they expire.

Any other features in the pipeline?

Yes, plenty!

To see what's on the table, check out the roadmap page.