# Secretus > End-to-end encrypted secret sharing platform with three cryptographic modes: async one-time links (AES-256-GCM), post-quantum P2P (Signal Protocol + ML-KEM-768 NIST FIPS 203), and threshold multi-party sharing (Shamir's Secret Sharing k-of-n). All encryption runs entirely in-browser via the Web Crypto API. Zero server-side key storage. EU-operated, GDPR-compliant. ## What is Secretus? Secretus is a B2B SaaS for securely sharing secrets — passwords, API keys, SSH keys, database credentials, sensitive files, and voice messages. It replaces email, Slack, and password-manager shared vaults for one-time sensitive transfers. Three encryption modes cover every threat model from quick async sharing to quantum-resistant direct P2P transfers. ## Three Encryption Modes ### Standard Mode (Async One-Time Link) AES-256-GCM encrypted link with configurable expiry (15 minutes to 30 days, or a custom date). After the recipient opens the link once, the ciphertext is permanently deleted from EU servers. The encryption key lives in the URL #fragment — it is never sent to or stored on the server. The server stores only the ciphertext and can never read the plaintext. ### Maximum Security (Post-Quantum P2P) Signal Protocol X3DH key agreement (with a dedicated ephemeral key, not reused from signedPrekey) hybridized with ML-KEM-768 (NIST FIPS 203 post-quantum KEM). The secret travels directly between browsers via a WebRTC data channel and is never stored on any server. Resistant to Shor's algorithm on quantum computers. Defends against "harvest now, decrypt later" attacks by nation-state actors. ### Team Split (Shamir's Secret Sharing k-of-n) Split a secret into N shares using Shamir's Secret Sharing (1979). Any K holders can reconstruct the secret; fewer than K shares reveal mathematically nothing (information-theoretically secure). Each holder receives a unique share link containing their share in the URL #fragment. Optional expiry: 24 hours, 7 days, or 30 days — enforced client-side in the recipient's browser. Reconstruction requires K holders to visit the reconstruction link and each paste their share. ## Pricing Plans All plans include a 14-day free trial. No self-serve checkout — contact billing@secretus.app to subscribe. Monthly billing only, no annual lock-in. - **Starter** ($9/month): Standard Mode (AES-256-GCM async one-time links), custom expiry (15 min to 30 days or custom date), secret labels and annotations, revocation, delivery confirmation, secret request links, structured templates (SSH keys, database credentials, API keys, Wi-Fi passwords), audit log (90-day retention, JSON/CSV export), MFA, installable PWA. - **Pro** ($19/month): Everything in Starter plus Maximum Security — Signal Protocol + ML-KEM-768 post-quantum P2P with zero server storage. - **Business** ($33/month): Everything in Pro plus Team Split (Shamir k-of-n), file and audio attachments (up to 5 MB), REST API keys (up to 5), Compliance PDF export (SOC-2 Type II evidence / GDPR Art. 30 Records of Processing / DORA ICT resilience), 1-year audit log retention. - **Enterprise**: Custom limits, SSO/SAML, SLA, dedicated support, volume licensing, compliance review. Contact sales at the /contact page. ## Security Architecture - All cryptographic operations run in-browser using the Web Crypto API (no external crypto libraries) - Private keys and plaintext secrets never leave the browser - Standard Mode: only ciphertext reaches the server; the decryption key is in the URL fragment - Maximum Security: secret never touches any server; pure P2P via WebRTC - Team Split: shares live in URL fragments; servers store nothing - Forward secrecy via Double Ratchet algorithm (Signal Protocol) - Post-quantum security via ML-KEM-768 (NIST FIPS 203, standardized August 2024) - X3DH key agreement uses a separate per-session ephemeral key (not reused from signedPrekey) - Zero-knowledge: Secretus operators cannot read user secrets under any circumstances ## Compliance & Privacy - EU-operated: Romanian legal entity (MUNTEANU C.D. MIHAI PFA / Awarely), AWS eu-central-1 infrastructure - GDPR-by-design: data minimization, storage limitation, explicit cookie consent (Cookiebot) - Data subject rights: export or deletion at any time via privacy@secretus.app - Supervisory authority: ANSPDCP (Romanian National Supervisory Authority for Personal Data Processing) - Compliance PDF export covers: SOC-2 Type II evidence, GDPR Art. 30 Records of Processing Activities, DORA (EU 2022/2554) ICT resilience reporting ## Key Pages - [Home — live app + feature overview](https://secretus.app/) - [Offer — pricing, use cases, comparison, FAQ](https://secretus.app/offer) - [About — technical architecture deep-dive](https://secretus.app/about) - [Privacy Policy](https://secretus.app/privacy) - [Terms of Service](https://secretus.app/terms) - [Contact](https://secretus.app/contact) - [Sign Up — 14-day free trial](https://secretus.app/signup) ## Frequently Asked Questions **Can Secretus read our secrets?** No. All encryption and decryption happens entirely in your browser. Keys never leave your browser. In Maximum Security mode secrets travel P2P and never touch any server. In Team Split mode shares live in URL fragments. Secretus operators never receive or store your plaintext secrets or encryption keys. **What is ML-KEM-768 and why does it matter?** ML-KEM-768 (NIST FIPS 203) is the standardized post-quantum key encapsulation mechanism, resistant to Shor's algorithm on quantum computers. Classical ECDH is vulnerable to quantum attacks. Nation-state actors already run "harvest now, decrypt later" attacks. Maximum Security mode hybridizes Signal Protocol X3DH with ML-KEM-768, providing both classical and post-quantum security simultaneously. **Is Secretus GDPR compliant?** Yes. Secretus is operated by a Romanian (EU) entity. Infrastructure is hosted in AWS eu-central-1 (EU). Analytics are optional and only activated after explicit cookie consent. Data minimization and storage limitation are enforced by design. Data subjects can request export or deletion at any time via privacy@secretus.app. **What is Shamir's Secret Sharing?** A cryptographic algorithm (Adi Shamir, 1979) that splits a secret into N shares such that any K shares reconstruct the secret exactly. Fewer than K shares reveal nothing — this property is information-theoretically secure, meaning no amount of computing power can break it. Used in Secretus Team Split mode for multi-party secret access (e.g., 2-of-3 for dual-control access to critical credentials). **How does billing work?** Secretus does not have a self-serve checkout. Sign up to start a 14-day free trial with no credit card required. To subscribe to a paid plan, contact billing@secretus.app. Monthly billing only, cancel anytime. ## Contact - General support: support@secretus.app - Billing and sales: billing@secretus.app - Privacy and data: privacy@secretus.app - Legal: legal@secretus.app - Website: https://secretus.app