Self-Destructing Note Creator

A self-destructing note is a secure, encrypted message that automatically deletes itself after being read by the intended recipient. Think of it as a digital version of a message that burns up after reading — like in spy movies. The note is encrypted client-side using AES-256 encryption, stored temporarily, and permanently destroyed upon viewing.

We use AES-256 encryption (Advanced Encryption Standard) to encrypt your note directly in your browser before it's stored. The encryption key is embedded in the URL fragment (the part after the # symbol), which is never sent to any server. Only someone with the complete link can decrypt and read the note. If you add password protection, the encryption key itself is also encrypted with your passphrase using PBKDF2 key derivation — adding an extra layer of security.

Your encrypted note is stored in your browser's localStorage — a client-side storage mechanism. It never leaves your device until someone accesses it via the shared link. When the recipient opens the link on the same domain, the browser retrieves and decrypts the note locally, then immediately deletes it from storage. No servers, no databases, no logs.

No. Once a note is read (and the read limit is reached), it is permanently deleted from localStorage. There is no backup, no recycle bin, and no way to recover it. This is by design — the whole point is that the message is ephemeral. Even we cannot recover it because we never had access to the unencrypted content or the decryption key.

If a note reaches its expiration time before anyone reads it, the encrypted data is automatically removed from localStorage. The shared link will show an error message indicating that the note has expired. You can set expiration times from 1 hour up to 30 days, giving you full control over how long the note remains available.

Yes. When you enable password protection, the randomly generated encryption key is itself encrypted using your passphrase with a key derivation function (PBKDF2). This means that even if someone intercepts the full URL, they cannot decrypt the note without also knowing the passphrase. The passphrase is never stored anywhere — it's only used in the recipient's browser to derive the decryption key. We recommend using a strong, unique passphrase for maximum security.

Yes! While the default is 1 read (true self-destruct), you can configure the read limit to allow 2, 3, 5, or unlimited reads until the expiration time. Each time the note is accessed, the read counter decreases. When it reaches zero, the note is permanently destroyed. This gives you flexibility depending on your use case.

• Same-origin requirement: The note must be created and viewed on the same domain (same website) because localStorage is origin-specific.
• Maximum note length: 10,000 characters to ensure optimal performance.
• Browser dependent: The tool requires a modern browser with JavaScript enabled and localStorage support.
• No server backup: If you clear your browser data before sharing the link, the note is lost.

Unlike encrypted email, a self-destructing note leaves no trace after being read. Emails sit in inboxes, can be forwarded, screenshotted, or stored on servers indefinitely. With self-destructing notes, the content is only accessible through a unique link and is permanently destroyed after reading. There's no copy sitting on any server or inbox — it's truly ephemeral communication.

Yes, completely free. There are no hidden fees, no premium tiers, and no account required. The tool runs entirely in your browser — we don't have servers processing your notes. You can create unlimited self-destructing notes at no cost. Our goal is to provide a secure, private communication tool accessible to everyone.