# Secretus > End-to-end encrypted secret sharing platform with three cryptographic modes: async one-time links (AES-256-GCM), browser-to-browser P2P transfers using authenticated X3DH-style session setup plus ML-KEM-768 hybrid key agreement, and threshold multi-party sharing (Shamir's Secret Sharing k-of-n). All encryption runs in-browser via the Web Crypto API. Secretus servers do not receive plaintext secrets or decryption keys. EU-operated, GDPR-compliant. ## What is Secretus? Secretus is a B2B SaaS for securely sharing secrets — passwords, API keys, SSH keys, database credentials, sensitive files, and voice messages. It replaces email, Slack, and password-manager shared vaults for one-time sensitive transfers. Three encryption modes span a range of use cases, from quick async sharing to a live, direct P2P transfer mode with a post-quantum key-agreement component. ## Three Encryption Modes ### Standard Mode (Async One-Time Link) AES-256-GCM encrypted link with configurable expiry (15 minutes to 30 days, or a custom date). After the recipient opens the link once, the link is invalidated immediately (a synchronous metadata delete gates the response) and the ciphertext object is deleted from EU servers shortly after on a best-effort basis, backstopped by a storage lifecycle rule. The encryption key lives in the URL #fragment — it is never sent to or stored on the server. The server stores only the ciphertext and can never read the plaintext. ### Maximum Security (Hybrid P2P) Authenticated X3DH-style session setup (with a dedicated ephemeral key, not reused from signedPrekey) hybridized with ML-KEM-768 (NIST FIPS 203 post-quantum KEM). The secret travels directly between browsers via a WebRTC data channel and the secret payload is not stored on the server in this mode. ML-KEM-768 is included to reduce harvest-now-decrypt-later exposure if future quantum attacks weaken classical key agreement. ### Team Split (Shamir's Secret Sharing k-of-n) Split a secret into N shares using Shamir's Secret Sharing (1979). Any K holders can reconstruct the secret; fewer than K shares reveal mathematically nothing (information-theoretically secure). Each holder receives a unique share link containing their share in the URL #fragment. Optional expiry: 24 hours, 7 days, or 30 days — enforced client-side in the recipient's browser. Reconstruction requires K holders to visit the reconstruction link and each paste their share. ## Pricing Plans All plans include a 14-day free trial (no card required). Fully self-serve: subscribe in-app via Stripe-hosted checkout (Link as merchant of record, VAT handled automatically, downloadable invoices); upgrades/downgrades prorated; cancel anytime. Billing is monthly, or annual with 2 months free (Starter 90 EUR/yr, Pro 190 EUR/yr, Business 330 EUR/yr). Enterprise: billing@secretus.app. - **Starter** (€9/month): Standard Mode (AES-256-GCM async one-time links), custom expiry (15 min to 30 days or custom date), secret labels and annotations, revocation, delivery confirmation, secret request links, structured templates (SSH keys, database credentials, API keys, Wi-Fi passwords), audit log (90-day retention, JSON/CSV export), MFA, installable PWA. - **Pro** (€19/month): Everything in Starter plus Maximum Security — browser-to-browser P2P with authenticated X3DH-style session setup and ML-KEM-768 hybrid key agreement. - **Business** (€33/month): Everything in Pro plus Team Split (Shamir k-of-n), Teams (share the plan with up to 5 members via single-use invite links), file and audio attachments (up to 5 MB), REST API keys (up to 5), Compliance PDF export (SOC-2 Type II evidence / GDPR Art. 30 Records of Processing / DORA ICT resilience), 1-year audit log retention. - **Enterprise**: Custom limits, SSO/SAML, SLA, dedicated support, volume licensing, compliance review. Contact sales at the /contact page. ## Security Architecture - Standard Mode and Team Split cryptographic operations run in-browser using the Web Crypto API only; Maximum Security's ML-KEM-768 layer uses the audited `@noble/post-quantum` library, hybridized with a Web Crypto API ECDH component - Private keys and plaintext secrets never leave the browser - Standard Mode: only ciphertext reaches the server; the decryption key is in the URL fragment - Maximum Security: secret never touches any server; pure P2P via WebRTC - Team Split: shares live in URL fragments; servers store nothing - Authenticated X3DH-style P2P setup with per-message symmetric key rotation - Post-quantum security via ML-KEM-768 (NIST FIPS 203, standardized August 2024) - X3DH key agreement uses a separate per-session ephemeral key (not reused from signedPrekey) - Zero-knowledge: Secretus servers do not receive plaintext secrets or decryption keys ## Compliance & Privacy - EU-operated: Romanian legal entity (MUNTEANU C.D. MIHAI PFA / Secretus), AWS eu-central-1 infrastructure - GDPR-by-design: data minimization, storage limitation, explicit cookie consent (Cookiebot) - Data subject rights: export or deletion at any time via privacy@secretus.app - Supervisory authority: ANSPDCP (Romanian National Supervisory Authority for Personal Data Processing) - Compliance PDF export covers: SOC-2 Type II evidence, GDPR Art. 30 Records of Processing Activities, DORA (EU 2022/2554) ICT resilience reporting ## Key Pages - [Home — live app + feature overview](https://secretus.app/) - [Offer — pricing, use cases, comparison, FAQ](https://secretus.app/offer) - [About — technical architecture deep-dive](https://secretus.app/about) - [Blog — practical cryptography & secret-sharing articles](https://secretus.app/blog) - [Dex — cybersecurity, hacking & cryptography glossary](https://secretus.app/dex) - [Privacy Policy](https://secretus.app/privacy) - [Terms of Service](https://secretus.app/terms) - [Contact](https://secretus.app/contact) - [Sign Up — 14-day free trial](https://secretus.app/signup) ## Frequently Asked Questions **Can Secretus read our secrets?** No. All encryption and decryption happens entirely in your browser. Keys never leave your browser. In Maximum Security mode secrets travel P2P and never touch any server. In Team Split mode shares live in URL fragments. Secretus operators never receive or store your plaintext secrets or encryption keys. **What is ML-KEM-768 and why does it matter?** ML-KEM-768 (NIST FIPS 203) is the standardized post-quantum key encapsulation mechanism. Classical ECDH may become vulnerable if large-scale quantum attacks become practical. Maximum Security mode hybridizes authenticated X3DH-style key agreement with ML-KEM-768 to reduce harvest-now-decrypt-later risk; it is a mitigation against that specific risk, not an unconditional guarantee against all future quantum attacks. **Is Secretus GDPR compliant?** Yes. Secretus is operated by a Romanian (EU) entity. Infrastructure is hosted in AWS eu-central-1 (EU). Analytics are optional and only activated after explicit cookie consent. Data minimization and storage limitation are enforced by design. Data subjects can request export or deletion at any time via privacy@secretus.app. **What is Shamir's Secret Sharing?** A cryptographic algorithm (Adi Shamir, 1979) that splits a secret into N shares such that any K shares reconstruct the secret exactly. Fewer than K shares reveal nothing — this property is information-theoretically secure, meaning no amount of computing power can break it. Used in Secretus Team Split mode for multi-party secret access (e.g., 2-of-3 for dual-control access to critical credentials). **How does billing work?** Secretus has a fully self-serve checkout. Sign up to start a 14-day free trial with no credit card required, then subscribe in-app through Stripe (Link as merchant of record). Plan switches are prorated; cancel anytime from your profile. Billing is monthly or annual (2 months free on annual). Enterprise agreements: billing@secretus.app. ## Contact - General support: support@secretus.app - Billing and sales: billing@secretus.app - Privacy and data: privacy@secretus.app - Legal: legal@secretus.app - Website: https://secretus.app