Client-Side Encryption

Encryption happens in your browser using the Web Crypto API (AES-GCM) before any data touches the network. The server only ever receives the encrypted blob.

The encryption key is generated locally and is part of the URL hash (the part after #). Because hash fragments are never sent to the server, we literally cannot decrypt your data even if we wanted to.

Zero Knowledge Architecture

Nix operates on a zero-knowledge basis. We store the encrypted message, but we do not store the key.

• The key never leaves your device (except when you share the link).
• If our database were compromised, the attacker would only find useless encrypted gibberish.
• We have no logs of your keys or decrypted content.

Ephemeral & Self-Destructing

Data is transient. You choose the lifetime of your secret (from one-time use to 24 hours).

Once a "Burn on read" link is visited, it is immediately deleted from our database. Time-based links are automatically purged by a background worker precisely when they expire. Once deleted, data is unrecoverable.