How classified works

classified is a free, no-signup tool for sending encrypted notes that self-destruct after a single view. Open the app →

Step by step

  1. You write a note in your browser.
  2. Your browser encrypts it with a strong random key using the Web Crypto API. The key lives only inside the share link's #fragment, which browsers never send to any server.
  3. Only the encrypted blob is uploaded to the server, tagged with the expiry you chose (5 minutes to 24 hours).
  4. You share the link — and can optionally protect it with a password sent through a separate channel.
  5. The recipient clicks "Reveal & destroy note." The server hands back the ciphertext and deletes it in the same step; the browser decrypts it locally and shows it once. Reloading the link shows nothing.

Frequently asked questions

Can you read my notes?

No. classified is zero-knowledge: your note is encrypted in your browser before it is uploaded, and the decryption key never reaches our server. We only ever store unreadable ciphertext.

What if I lose the link or forget the password?

The note is unrecoverable — by design. Because we hold no keys, there is no reset or backup. A lost link or forgotten password means the content is gone for good.

How long do notes last?

You choose an expiry from 5 minutes to 24 hours. A note is destroyed on its first view, and any un-opened note is automatically purged at its deadline by the storage layer.

Do I need an account?

No accounts, no profiles, nothing to install. Nothing identifies who created a note or who read it.

Is one-time view guaranteed?

It is best-effort. Any automated system that opens the link — an aggressive link-prefetcher or security scanner — could trigger the one-time read before the human does. The explicit "Reveal & destroy" button mitigates this, but it is inherent to any burn-after-reading tool.

What is under the hood?

A static Vue 3 front end on Cloudflare Pages with a small Cloudflare Worker API; encrypted blobs are held in Cloudflare KV using native TTL. Encryption is AES-256-GCM, with the content key derived via HKDF-SHA-256 from a 128-bit link secret; optional password protection adds PBKDF2-HMAC-SHA-512 (310,000 iterations). All cryptography uses the browser-native Web Crypto API — no third-party crypto libraries.

Why are there ads?

Ads keep classified free to use. They are served by Google AdSense with a Google-certified consent banner, and they never have access to your notes, which are decrypted only in your browser.