Securely send and receive sensitive information

Client-side encrypted one-time secrets since 2016


Length exceeded, please use a shorter secret.

Create an account (it's free, no credit card required) to access all features like attachments, branding and notifications.

One-time links for total security

Send

Ensure the confidentiality of your data with our one-time links for sending information. Create a secure link, share your sensitive data, and rest assured knowing that once the link is accessed, it expires immediately, leaving no trace. Ideal for protecting financial details, confidential agreements, or any private information.

Receive

Receive sensitive information securely with our one-time links. Request data from others and get it delivered through a self-destructing link that guarantees complete privacy. Once you access the information, the link deactivates, ensuring that the data cannot be retrieved again. Perfect for safeguarding received sensitive messages.

Chat

Chat privately without leaving a digital footprint with our secure one-time links. Start a conversation using a link that expires as soon as your chat ends, ensuring all your communications remain confidential. This feature is excellent for negotiating sensitive deals or discussing private matters with complete security.

Leading the way in secure one-time links for top brands.

Features

Features

One-time links for secure data sharing

Share passwords and other confidential data - along with files - with self-destructing one-time links. There are several settings which you can configure for each link like expiration time, password and CAPTCHA. You can also set how many times the link can be opened.

Request sensitive data with a Secret Request link

Create a Secret Request link for securely requesting sensitive data from your clients and users. It works the same way as sharing data with a one-time link, except that the end result is that you will receive the one-time link containing the data you have requested.

Create links from a CSV file

With our Bulk Secrets feature, you can easily create lots of one-time links from a CSV file. The CSV file parsing is performed in the browser, making sure that we don't have access to any of the data it contains.

Teams

We also have features designed for team collaboration and integration. Create separate accounts for team members, manage settings centrally, and ensure secure access with single sign-on (SSO).

Notifications

Stay up-to-date of all updates with our handy notification system. Notifications, triggered when a link is created, viewed, or has expired, can be sent via email, Slack messages, or webhooks for easy integration with external systems.

API

Our simple REST API can be used to integrate Password.link into any application. It also makes it possible to encrypt and decrypt the sensitive information outside of our service for maximum security and peace of mind.

Branding

For those who seek a fully branded solution, we offer the option to remove all Password.link branding from the service. This feature ensures that your users interact with a platform that is entirely branded to your specifications, without visible references to Password.link. It's an ideal solution for businesses aiming to maintain a strong and cohesive brand image across all tools and services.

Custom domain

To further integrate Password.link into your business ecosystem, we offer the ability to use a custom domain for accessing the service. This can be a subdomain of password.link specifically created for your brand or a completely separate domain provided by you. Utilizing a custom domain enhances brand visibility and trust, making the platform distinctly yours. It ensures that every interaction your users have with the service reinforces your brand identity and provides a consistent, professional appearance.

Geo-blocking

The geo-blocking feature provides an added layer of security, ensuring that sensitive information is accessed only from locations you authorize. Whether it's a single country or multiple regions, the geo-blocking functionality will safeguard your secrets by blocking unauthorized access attempts.

IP and email whitelisting

The IP whitelisting feature elevates security measures by permitting only pre-approved IP addresses and CIDR ranges to access the link. In addition, the email whitelisting feature enhances security by allowing only approved email address domains to view your secrets. These capabilities provide granular control over who is allowed to access your sensitive information, adding critical layers of protection. Through precise access management, it ensures your data remains secure from unauthorized attempts.

Secure chats with one-time links

Secure chats with one-time links

We've expanded our one-time link technology to include secure chats, providing a reliable way to communicate with end-to-end encryption.

Just like our one-time links, these chats are exclusive to the initial participants and are designed to automatically self-destruct once closed, ensuring complete privacy.

Key features:

  • End-to-end encryption: Every message is encrypted using AES-256-GCM, the industry standard for secure communication. Encryption and decryption occur directly in your browser, never exposing plain text.
  • Private and temporary: The encryption key is exclusively known to the chat participants and is never stored, making the chat content accessible only to those initially involved.
  • No data retention: We prioritize your privacy by not logging, storing, or having the ability to decrypt any of your messages.
Ideal for IT teams of all sizes

Ideal for IT teams of all sizes

A common scenario: you need to send credentials via email or Slack. But how can you ensure they're not intercepted or who has viewed them?

With our service, you can create a one-time link for credentials, ensuring they remain unseen until the intended recipient accesses them. Additionally, you can set up notifications through various channels to inform you when and by whom the credentials have been viewed.

Since the link is valid for a single use, it guarantees the credentials cannot be accessed again by anyone else.

We also support encrypted attachments for secure file sharing. Secret requests enable secure communication for sensitive information exchange.

Our platform allows for complete customization, enabling you to remove our branding, add your own, and tailor the content seen by users when accessing credentials.

Looking to integrate our service into your software or manage encryption and decryption externally? Our user-friendly REST API facilitates just that.

Developed with standard, security-proven technologies

Developed with standard, security-proven technologies

Given the nature of our service and its partial operation within browsers, security and privacy are of paramount importance. Our commitment to these principles is evident in how our service operates.

We employ only industry-standard, security-proven technologies and adhere to best practices in security for our service's development. This includes the use of AES-256-GCM for encryption, ensuring the highest level of data protection.

Always encrypted communications

Our service operates exclusively over HTTPS to ensure all communications are encrypted. This is crucial for maintaining the confidentiality and integrity of the data transmitted between the browser and our servers.

Advanced security measures

We implement advanced security technologies, such as Content Security Policy, Strict Transport Security, and Secure Cookies, alongside our unique encryption process to safeguard against both known and emerging security threats.

Encryption at rest and in transit

All data stored in our databases is encrypted at rest, providing an additional layer of security. Similarly, the encryption process begins in the browser, ensuring data is encrypted before it is even transmitted.

Unique one-time link generation process

When creating a new one-time link for a secret, two 18-character long random strings are generated in the browser as public and private encryption key parts. The secret is encrypted using these key parts, with the encrypted secret and the private part sent to our backend. This process ensures that full encryption data is never fully accessible, requiring both the link and database information to decrypt the secret.

No external JavaScript

To prevent the injection of malicious scripts, our service does not load any external JavaScript on pages that handle secrets.

No logging of sensitive data

Our logging strategy is designed to minimize data collection, ensuring no sensitive information is ever recorded. This includes not seeing or logging the public encryption key part, as it's stored in the link using a fragment identifier that the browser doesn't transmit to servers.

Secure one-time access

The backend server allows the data of the secret to be fetched only once, ensuring the link can be opened a single time. After the data has been fetched, the backend deletes the encrypted secret and private key part from the database, making it impossible to access the secret again.

Introducing ScriptGuard.AI

ScriptGuard, developed by the Password.Link team, is a website monitoring service designed to safeguard your website by tracking changes to its scripts. Unauthorized or accidental modifications can pose serious security risks, including malware injections, data breaches, and compromised website integrity.

ScriptGuard promptly alerts you to any changes, allowing swift response to potential issues. With features like historical script versioning, AI-driven impact analysis, and contextual insights, ScriptGuard helps you maintain control over your website's scripts while ensuring compliance with security standards and providing enhanced developer accountability.

→ ScriptGuard.AI

Secure password sharing since 2016.

Since our inception in 2016, we've dedicated ourselves to developing this service, which has since become the leading tool for transmitting confidential information among IT companies worldwide. Our commitment to continuous improvement is driven by one core principle: maintaining simplicity while ensuring security.