Stop sharing passwords over Slack. Secretus gives your team three battle-tested modes: async one-time links, hybrid P2P encryption, and k-of-n threshold Team Split — all in-browser, all zero-knowledge.
Authenticated X3DH-style + ML-KEM-768 hybrid key agreement · Shamir's Secret Sharing · EU / GDPR compliant · Servers never receive plaintext secrets or decryption keys.
Every week, teams accidentally expose credentials. Here's how it happens — and how Secretus stops it.
DMs get archived, searchable by admins, and exposed in breaches. Credentials sit in plaintext forever.
Email is not encrypted end-to-end. Onboarding emails with temporary passwords are a permanent liability.
Shared drives keep version history. One misconfigured permission exposes every secret ever stored.
When an employee leaves, old threads and shared notes retain access. Critical secrets should require multi-party approval — not trust in one person.
Every secret is encrypted in your browser before it leaves your device. The recipient opens it once — then it's gone. Need multi-party approval? Split it with Shamir's Secret Sharing so no single person can access it alone.
Choose the mode that fits your situation. No training required.
Generate an encrypted one-time link and share it over any channel — email, Slack, SMS, QR code. The recipient opens it whenever they're ready — choose expiry from 15 minutes up to 30 days, or pick a custom date. After first view, the secret is permanently destroyed.
Type your message. An AES-256-GCM key is generated randomly in your browser.
The key is embedded in the #fragment — browsers never send this to servers. Only the ciphertext is stored.
Recipient decrypts locally in their browser. No app, no account, no simultaneous presence needed.
After first view the link is invalidated immediately and the ciphertext is removed from the server shortly after. The key was never on the server.
Every feature designed for security-conscious teams — from a single developer to a distributed org.
Maximum Security mode: authenticated X3DH-style session setup hybridized with ML-KEM-768, plus per-message symmetric key rotation during the live transfer.
AES-256-GCM encrypted one-time links. Set expiry from 15 minutes to 30 days, or pick a specific date. The decryption key lives only in the URL #fragment — never on the server.
Split secrets with k-of-n threshold control: 2-of-3, 3-of-5, and more. Optionally set a 24h / 7-day / 30-day expiry on share links. Information-theoretically secure — no single holder can reconstruct alone.
Each secret link is single-use. After the recipient views it once, the secret is permanently destroyed and the link becomes invalid.
Business plan supports encrypted file and audio attachments up to 5 MB — share voice messages and documents with the same one-time guarantee.
Operated from Romania, EU. All infrastructure within the EU (eu-central-1). Optional analytics only after explicit consent. GDPR-first by design.
Our servers never hold your encryption keys. All crypto runs in your browser via Web Crypto API. For async secrets the server only stores ciphertext. For P2P, compare the safety number with your recipient to rule out relay-server interception.
ML-KEM-768 (NIST FIPS 203) is used as a hybrid layer to reduce harvest-now-decrypt-later exposure during P2P setup.
Add Secretus to your home screen — no app store needed. Works on iOS, Android, and desktop via Chrome/Edge. Full offline-ready shell with push-installable experience on any device.
Reverse flow: generate a request link and ask someone to send YOU a secret. They encrypt it in their browser — only you can decrypt it. Perfect for collecting credentials from contractors or new hires without exposing your own keys.
Know the moment your secret is opened — real-time delivery status shown in the sender UI. Changed your mind? Revoke any unread secret instantly, even hours after sharing the link.
Annotate every secret with a plaintext label visible in your audit log and dashboard. Use built-in templates for SSH keys, database credentials, API keys, or Wi-Fi — structured fields with per-field copy and masked passwords.
Every secret link has a built-in QR code. It stays hidden by default and only appears when you tap — preventing passive scanning by nearby cameras or screen-recording tools. Auto-hides after 60 seconds.
Standard Mode offers preset durations (15 min, 1h, 24h, 7d, 30d) plus a custom date picker — set expiry to any specific day you choose. Team Split links also support optional TTL: 24h, 7 days, or 30 days.
Share a one-time secret from any page: right-click selected text or press Ctrl+Shift+S. The same in-browser AES-256-GCM encryption, with SRP sign-in that keeps your password on your device. Track and revoke your links from the popup. Coming soon to Chrome and Firefox.
Any time your team needs to share sensitive information exactly once — or require threshold approval — Secretus is the right tool.
Share database passwords, admin credentials, and service account logins without leaving a permanent record in your chat history.
⚡ StandardSplit API keys, root credentials, or recovery codes with Shamir's Secret Sharing. Require 2-of-3 or 3-of-5 holders to approve before anyone can access. No single point of trust.
🔑 Team SplitSend new hires their temporary credentials, VPN access, and system logins securely on day one — credentials expire immediately after first use.
⚡ StandardShare contracts, financial summaries, or confidential reports as encrypted file attachments that disappear after the recipient downloads them.
⚡ StandardDistribute API keys, OAuth tokens, and webhook secrets to developers without exposing them in pull requests, emails, or shared docs.
⚡ Standard or 🔑 Team SplitWhen you need browser-to-browser delivery with no server-side secret-payload storage, share directly over P2P with an ML-KEM-768 hybrid handshake.
🔒 Maximum SecuritySlack, email, and password managers weren't designed for one-time secret sharing. Here's exactly what they're missing.
| Feature | Secretus | Slack / Teams / Chat | Email | Password Manager |
|---|---|---|---|---|
| Self-destructing one-time links Link becomes permanently invalid after the recipient opens it once. | ||||
| Recipient needs no account Recipients open secrets in any browser — no sign-up required. | ||||
| End-to-end encrypted Encryption happens in-browser; only ciphertext is ever transmitted. | Vault only | |||
| Zero server key storage The server never receives or stores your encryption key. | ||||
| Post-quantum protection ML-KEM-768 (NIST FIPS 203) guards the key exchange against future quantum computers. | ||||
| k-of-n threshold approval Require multiple parties to reconstruct — no single holder can access it alone. | ||||
| Delivery confirmation Know the exact moment the recipient opens the secret. | Read receipts | |||
| Revocation (cancel before view) Invalidate the link immediately after sharing — before it's been opened. | ||||
| Full audit log Every create, view, revoke event with timestamps — exportable as JSON or CSV. | Partial | |||
| GDPR / EU data residency Infrastructure physically located in the EU; data minimization by design. | Partial | Partial | ||
| Zero-knowledge architecture For async secrets the server only stores ciphertext — it never holds the key. For P2P sessions, verify the safety number with your recipient to confirm direct connection. |
Password managers are excellent for storing credentials you use repeatedly — Secretus is designed for the complementary task: sharing a secret once, then destroying it.
Every plan's AES-256-GCM symmetric encryption is designed to resist Grover's algorithm. But "quantum-resistant" covers two different threats — and only Maximum Security adds protection against the other one.
Attacks symmetric encryption (like AES). A quantum computer running Grover's algorithm can halve the effective key length — so AES-256 becomes the equivalent of AES-128. That still means 2¹²⁸ possible keys to brute-force. Considered secure for the foreseeable future. AES-256-GCM is resistant to this.
Attacks asymmetric key exchange (like the ECDH used in most key-agreement protocols). Shor's can efficiently break elliptic curve cryptography — the foundation of most key agreements today. Nation-state actors already run "harvest now, decrypt later" attacks. This is what ML-KEM-768 guards against.
vs. Grover's (symmetric)
AES-256-GCM → 128-bit equivalent. Still strong.
vs. Shor's (asymmetric)
N/A — there is no ECDH key exchange. The key is generated locally and embedded in the URL #fragment. Nothing for Shor's to attack.
vs. Grover's (symmetric)
AES-256-GCM for the actual message encryption.
vs. Shor's (asymmetric)
ML-KEM-768 (NIST FIPS 203) is hybridized with authenticated X3DH-style key agreement to reduce harvest-now-decrypt-later exposure.
vs. Grover's (symmetric)
Shamir's Secret Sharing is built on finite field arithmetic — not AES — but is information-theoretically secure regardless of computing power.
vs. Shor's (asymmetric)
N/A — Shamir's SSS uses polynomial arithmetic over GF(2⁸), not elliptic curves. Quantum computers offer no advantage here.
The "Grover-resistant symmetric encryption" label on Standard Mode refers specifically to Grover's algorithm — NIST considers AES-256 to retain an adequate security margin (128-bit equivalent) against a quantum attacker running Grover's. It does not cover key-exchange attacks (Shor's algorithm); ML-KEM-768 adds that protection separately, only in Maximum Security mode.
Every plan starts with a 14-day free trial — full access, no credit card required.
Async one-time secret sharing for individuals
14-day free trial included
Add hybrid P2P for high-security transfers
14-day free trial included
Full suite: files, voice & k-of-n team approval
14-day free trial included
Custom limits · SSO / SAML · SLA · Dedicated support · Volume licensing · Compliance review
Self-serve, trial first. Sign up for a 14-day free trial — no card required. When you're ready, subscribe in-app through Stripe's secure checkout; plan changes are prorated automatically and you can cancel anytime from your profile. Billed monthly, or annually with 2 months free. Enterprise? billing@secretus.app.
Whether you need async convenience, browser-to-browser P2P, or k-of-n threshold control — Secretus has the right tool for every secret.