Encrypted in your browser
Your secret is AES-GCM encrypted on your device using Web Crypto. Vanishly receives ciphertext only, never the key.
Send a secret. Forget it.
Vanishly is a one-time link for one secret. Your browser encrypts it before it leaves the page. The link works once, then destroys itself. The server never sees plaintext, can't recover the secret, and forgets the rest.
Single-use, time-bound
The recipient opens the link once. After that, the link is dead. You also pick an expiry; whichever comes first wins.
Server forgets
Once read or expired, the ciphertext is destroyed. There is no archive, no audit trail of contents, no recovery path.
Zero-knowledge by construction
We can't read your secrets even if we wanted to. The decryption key never reaches our server; it travels in the URL fragment (or as a password the recipient types), both of which browsers handle entirely client-side. Our page integrity hash is published so you can verify the JavaScript and CSS doing the encryption haven't been tampered with.