How SnapSend Works
We built SnapSend around one rule: we should never be able to read what you share. Here's exactly how that works.
Zero-Knowledge by Design
When you type a password or paste an API key into SnapSend, your browser encrypts it using AES-256-GCM — the same standard used by banks and governments — before the data ever leaves your device. The encryption key is generated locally and embedded only in the URL fragment (the part after #).
URL fragments are never sent to servers by browsers. That means our servers receive only ciphertext — random bytes with no key. We cannot decrypt it. No employee, no court order, no data breach can expose your plaintext. When the recipient opens the link, their browser extracts the key from the fragment and decrypts locally.
What a share link looks like
https://snapsend.site/text/abc123#AES256KeyHereNeverSentToServer
abc123 — ID stored on server (just a pointer to ciphertext)
AES256Key… — decryption key, exists only in your browser
The Tools
Text Share
Share passwords, API keys, notes, or any sensitive text. Encrypted in your browser, read once, then permanently deleted.
File Share
Send SSH keys, signed contracts, certificates, or any file up to 100MB. Deleted from our servers immediately after download.
Secure Receive
Generate a link to request secrets from someone else. Only you hold the decryption key — the sender can't even re-read what they submitted.
JWT Decoder
Decode JSON Web Tokens entirely in your browser. Unlike jwt.io, your tokens never leave your device.
AES-256-GCM Encryption
Every text share is encrypted client-side before upload. The IV is prepended to the ciphertext and the key lives only in the URL fragment.
Self-Destructing
Data is deleted the moment it's read. Files are destroyed immediately after download. Nothing persists — not even on backups.
No Account, No Trace
No sign-up, no email, no tracking history tied to you. We don't know who you are and we don't want to.
Server-Side Zero Knowledge
Our servers store only ciphertext. We have no keys, no access, and no ability to comply with a request to reveal your data — because we don't have it.
No account needed · Free · Zero logs