SecretusSecretus
Three Encryption Modes · Encrypted In-Browser

Secret Sharing Built for the Next Decade

Stop sharing passwords over Slack. Secretus gives your team three battle-tested modes: async one-time links, hybrid P2P encryption, and k-of-n threshold Team Split — all in-browser, all zero-knowledge.

Authenticated X3DH-style + ML-KEM-768 hybrid key agreement · Shamir's Secret Sharing · EU / GDPR compliant · Servers never receive plaintext secrets or decryption keys.

Start Free
Async Standard Mode
Signal + ML-KEM-768
🔑Shamir Team Split
EU / GDPR Ready
100%
Client-side encryption
Zero plaintext ever leaves your browser
0 bytes
Server-side key storage
We never receive your encryption keys
EU-only
Data residency
AWS eu-central-1 · Romanian entity
3 modes
Threat models covered
Async · Hybrid post-quantum P2P · Threshold

Why Teams Switch to Secretus

Every week, teams accidentally expose credentials. Here's how it happens — and how Secretus stops it.

Passwords in Slack messages

DMs get archived, searchable by admins, and exposed in breaches. Credentials sit in plaintext forever.

Credentials emailed to new hires

Email is not encrypted end-to-end. Onboarding emails with temporary passwords are a permanent liability.

API keys shared in docs or spreadsheets

Shared drives keep version history. One misconfigured permission exposes every secret ever stored.

No audit trail, no expiry, no threshold control

When an employee leaves, old threads and shared notes retain access. Critical secrets should require multi-party approval — not trust in one person.

Secretus solves this at the root.

Every secret is encrypted in your browser before it leaves your device. The recipient opens it once — then it's gone. Need multi-party approval? Split it with Shamir's Secret Sharing so no single person can access it alone.

Three Modes for Different Threat Models

Choose the mode that fits your situation. No training required.

Send Now. They Open Anytime.

Generate an encrypted one-time link and share it over any channel — email, Slack, SMS, QR code. The recipient opens it whenever they're ready — choose expiry from 15 minutes up to 30 days, or pick a custom date. After first view, the secret is permanently destroyed.

1
✍️

Write your secret

Type your message. An AES-256-GCM key is generated randomly in your browser.

2
🔗

Share the link

The key is embedded in the #fragment — browsers never send this to servers. Only the ciphertext is stored.

3
👁️

They open anytime

Recipient decrypts locally in their browser. No app, no account, no simultaneous presence needed.

4
💨

Deleted after first view

After first view the link is invalidated immediately and the ciphertext is removed from the server shortly after. The key was never on the server.

Built for Business-Grade Security

Every feature designed for security-conscious teams — from a single developer to a distributed org.

X3DH-style + ML-KEM-768

Maximum Security mode: authenticated X3DH-style session setup hybridized with ML-KEM-768, plus per-message symmetric key rotation during the live transfer.

Async Standard Mode

AES-256-GCM encrypted one-time links. Set expiry from 15 minutes to 30 days, or pick a specific date. The decryption key lives only in the URL #fragment — never on the server.

Team Split — Shamir SSS

Split secrets with k-of-n threshold control: 2-of-3, 3-of-5, and more. Optionally set a 24h / 7-day / 30-day expiry on share links. Information-theoretically secure — no single holder can reconstruct alone.

One-Time Viewing

Each secret link is single-use. After the recipient views it once, the secret is permanently destroyed and the link becomes invalid.

File & Audio Support

Business plan supports encrypted file and audio attachments up to 5 MB — share voice messages and documents with the same one-time guarantee.

EU / GDPR Compliant

Operated from Romania, EU. All infrastructure within the EU (eu-central-1). Optional analytics only after explicit consent. GDPR-first by design.

Zero-Knowledge Architecture

Our servers never hold your encryption keys. All crypto runs in your browser via Web Crypto API. For async secrets the server only stores ciphertext. For P2P, compare the safety number with your recipient to rule out relay-server interception.

Post-Quantum Ready

ML-KEM-768 (NIST FIPS 203) is used as a hybrid layer to reduce harvest-now-decrypt-later exposure during P2P setup.

Installable PWA

Add Secretus to your home screen — no app store needed. Works on iOS, Android, and desktop via Chrome/Edge. Full offline-ready shell with push-installable experience on any device.

Secret Request Links

Reverse flow: generate a request link and ask someone to send YOU a secret. They encrypt it in their browser — only you can decrypt it. Perfect for collecting credentials from contractors or new hires without exposing your own keys.

Delivery Confirmation & Revocation

Know the moment your secret is opened — real-time delivery status shown in the sender UI. Changed your mind? Revoke any unread secret instantly, even hours after sharing the link.

Labels & Structured Templates

Annotate every secret with a plaintext label visible in your audit log and dashboard. Use built-in templates for SSH keys, database credentials, API keys, or Wi-Fi — structured fields with per-field copy and masked passwords.

QR Code — Tap to Reveal

Every secret link has a built-in QR code. It stays hidden by default and only appears when you tap — preventing passive scanning by nearby cameras or screen-recording tools. Auto-hides after 60 seconds.

Flexible Expiry — Pick Any Date

Standard Mode offers preset durations (15 min, 1h, 24h, 7d, 30d) plus a custom date picker — set expiry to any specific day you choose. Team Split links also support optional TTL: 24h, 7 days, or 30 days.

Browser Extension — Coming Soon

Share a one-time secret from any page: right-click selected text or press Ctrl+Shift+S. The same in-browser AES-256-GCM encryption, with SRP sign-in that keeps your password on your device. Track and revoke your links from the popup. Coming soon to Chrome and Firefox.

What Teams Use Secretus For

Any time your team needs to share sensitive information exactly once — or require threshold approval — Secretus is the right tool.

Password Sharing

Most Common

Share database passwords, admin credentials, and service account logins without leaving a permanent record in your chat history.

⚡ Standard

Team Approval Workflows

New

Split API keys, root credentials, or recovery codes with Shamir's Secret Sharing. Require 2-of-3 or 3-of-5 holders to approve before anyone can access. No single point of trust.

🔑 Team Split

Employee Onboarding

Send new hires their temporary credentials, VPN access, and system logins securely on day one — credentials expire immediately after first use.

⚡ Standard

Sensitive Documents

Business

Share contracts, financial summaries, or confidential reports as encrypted file attachments that disappear after the recipient downloads them.

⚡ Standard

API Keys & Tokens

Distribute API keys, OAuth tokens, and webhook secrets to developers without exposing them in pull requests, emails, or shared docs.

⚡ Standard or 🔑 Team Split

High-Security Transfers

When you need browser-to-browser delivery with no server-side secret-payload storage, share directly over P2P with an ML-KEM-768 hybrid handshake.

🔒 Maximum Security

Why Not Just Use…?

Slack, email, and password managers weren't designed for one-time secret sharing. Here's exactly what they're missing.

Feature
Secretus
Slack / Teams
/ Chat
Email
Password
Manager
Self-destructing one-time links

Link becomes permanently invalid after the recipient opens it once.

Recipient needs no account

Recipients open secrets in any browser — no sign-up required.

End-to-end encrypted

Encryption happens in-browser; only ciphertext is ever transmitted.

Vault only
Zero server key storage

The server never receives or stores your encryption key.

Post-quantum protection

ML-KEM-768 (NIST FIPS 203) guards the key exchange against future quantum computers.

k-of-n threshold approval

Require multiple parties to reconstruct — no single holder can access it alone.

Delivery confirmation

Know the exact moment the recipient opens the secret.

Read receipts
Revocation (cancel before view)

Invalidate the link immediately after sharing — before it's been opened.

Full audit log

Every create, view, revoke event with timestamps — exportable as JSON or CSV.

Partial
GDPR / EU data residency

Infrastructure physically located in the EU; data minimization by design.

Partial
Partial
Zero-knowledge architecture

For async secrets the server only stores ciphertext — it never holds the key. For P2P sessions, verify the safety number with your recipient to confirm direct connection.

Password managers are excellent for storing credentials you use repeatedly — Secretus is designed for the complementary task: sharing a secret once, then destroying it.

Quantum Resistance — What It Actually Means

Every plan's AES-256-GCM symmetric encryption is designed to resist Grover's algorithm. But "quantum-resistant" covers two different threats — and only Maximum Security adds protection against the other one.

⚙️

Grover's Algorithm

Attacks symmetric encryption (like AES). A quantum computer running Grover's algorithm can halve the effective key length — so AES-256 becomes the equivalent of AES-128. That still means 2¹²⁸ possible keys to brute-force. Considered secure for the foreseeable future. AES-256-GCM is resistant to this.

Shor's Algorithm

Attacks asymmetric key exchange (like the ECDH used in most key-agreement protocols). Shor's can efficiently break elliptic curve cryptography — the foundation of most key agreements today. Nation-state actors already run "harvest now, decrypt later" attacks. This is what ML-KEM-768 guards against.

Protection by mode

⚡ Standard ModeAll plans

vs. Grover's (symmetric)

AES-256-GCM → 128-bit equivalent. Still strong.

vs. Shor's (asymmetric)

N/A — there is no ECDH key exchange. The key is generated locally and embedded in the URL #fragment. Nothing for Shor's to attack.

🔒 Maximum SecurityPro & Business

vs. Grover's (symmetric)

AES-256-GCM for the actual message encryption.

vs. Shor's (asymmetric)

ML-KEM-768 (NIST FIPS 203) is hybridized with authenticated X3DH-style key agreement to reduce harvest-now-decrypt-later exposure.

🔑 Team SplitBusiness

vs. Grover's (symmetric)

Shamir's Secret Sharing is built on finite field arithmetic — not AES — but is information-theoretically secure regardless of computing power.

vs. Shor's (asymmetric)

N/A — Shamir's SSS uses polynomial arithmetic over GF(2⁸), not elliptic curves. Quantum computers offer no advantage here.

The "Grover-resistant symmetric encryption" label on Standard Mode refers specifically to Grover's algorithm — NIST considers AES-256 to retain an adequate security margin (128-bit equivalent) against a quantum attacker running Grover's. It does not cover key-exchange attacks (Shor's algorithm); ML-KEM-768 adds that protection separately, only in Maximum Security mode.

Simple, Transparent Pricing

Every plan starts with a 14-day free trial — full access, no credit card required.

14 days free · No credit card required · Cancel anytime · Monthly or annual (2 months free)

Starter

Async one-time secret sharing for individuals

€9/per month

14-day free trial included

  • Unlimited secrets — no monthly quota
  • Text-only secrets
  • ⚡ Standard Mode — AES-256-GCM (Grover-resistant symmetric encryption)
  • Custom expiry: 15 min to 30 days
  • One-time viewing — auto-deleted on open
  • Zero-knowledge architecture
  • Secret labels & annotations
  • Secret revocation — cancel before opening
  • Delivery confirmation — know when opened
  • 📬 Secret request links — ask others to send you secrets
  • Secret templates — SSH, database, API key, Wi-Fi
  • Audit log — 90-day history, JSON & CSV export
  • Two-factor authentication (TOTP / MFA)
  • Installable PWA — iOS & Android
Start Free Trial
Most Popular

Pro

Add hybrid P2P for high-security transfers

€19/per month

14-day free trial included

  • Everything in Starter
  • 🔒 Maximum Security — X3DH-style + ML-KEM-768 hybrid P2P
  • Zero server storage (P2P mode)
  • Priority support
Start Free Trial
Best for Teams

Business

Full suite: files, voice & k-of-n team approval

€33/per month

14-day free trial included

  • Everything in Pro
  • 👥 Teams — share your plan with up to 5 members
  • 🔑 Team Split — Shamir k-of-n threshold
  • Text + file + audio attachments (up to 5 MB)
  • API keys — up to 5 keys, REST API integration
  • 📊 Compliance PDF — SOC-2, GDPR Art. 30, DORA
  • 1-year audit log retention
Start Free Trial

Enterprise

Custom

Custom limits · SSO / SAML · SLA · Dedicated support · Volume licensing · Compliance review

Contact for Pricing

Self-serve, trial first. Sign up for a 14-day free trial — no card required. When you're ready, subscribe in-app through Stripe's secure checkout; plan changes are prorated automatically and you can cancel anytime from your profile. Billed monthly, or annually with 2 months free. Enterprise? billing@secretus.app.

Frequently Asked Questions

Three Modes. One Platform. Zero Compromise.

Whether you need async convenience, browser-to-browser P2P, or k-of-n threshold control — Secretus has the right tool for every secret.

⚡ Standard · AES-256-GCM🔒 Maximum Security · ML-KEM-768🔑 Team Split · Shamir SSS