Once the unique password link is accessed, our servers send the private encryption key part with the ciphertext and then the actual password is decrypted in the viewer's browser using the public encryption key part in the link and the private encryption key part from our database. After this our servers wipe the private encryption key part and the ciphertext from our database making the accessed password link completely void. Our servers will never see the public encryption key part because it is stored in the URL as a fragment identifier (#...). A browser does not send the fragment identifier to a server.
As the whole service uses HTTPS only, you can be sure that the secret can not be seen by anyone else than those who have access to the original, unique password link. If, however, someone has accessed the password link before the actual recipient, the link will show a message that the password has already been seen and actions should be taken. Notifications can also be sent when the secret has been viewed (read more about the additional features).