Encrypted · Self-destructing · Zero-knowledge
Send a secure message.
It reads once, then disappears.
Write your message. Get a link. Send it anywhere. The recipient reads it once — and it's gone, with no trace in chat logs or server backups.
No account needed to send your first message.
Where most secure messages aren't
Every channel you use for sensitive messages stores a copy — on their servers, on your device, in search indexes. "Secure" usually means encrypted in transit, not encrypted at rest, and certainly not destroyed after reading.
Slack / Teams
Stored indefinitely in workspace history. Admins can read any message. Searchable across the organisation.
Copies live in sent folder, inbox, and all synced devices. Email servers store messages for years.
Signal
End-to-end encrypted, but messages persist on both devices. Backups, linked devices, and screenshots create copies.
Backed up to iCloud or Google Drive — often unencrypted. Disappearing messages are not zero-knowledge.
iMessage
iCloud backups may include message history in plaintext. Shared across all Apple devices signed in to the same account.
Telegram
Cloud chats are stored on Telegram servers in plaintext. Only 'Secret Chats' are E2E encrypted — and those still persist on devices.
How a self-destructing message works
- 1
Write your message
Any text — a private note, a password, legal information, personal details. Optionally set a view limit (1 to 100) and add a second-factor password for extra protection.
- 2
Encrypted before it leaves your browser
AES-256-GCM encryption runs locally. A random decryption key is generated and embedded in the URL fragment — a part of the URL that browsers never send to servers. VoidNote's server receives only ciphertext it cannot read.
- 3
Share the link — via any channel
Send the link over email, Slack, WhatsApp, SMS — anywhere. The link itself is safe to transmit; it contains only a reference to an encrypted blob. The decryption key rides in the URL fragment.
- 4
The message self-destructs on read
The recipient's browser decrypts the message locally. The server immediately deletes the encrypted record. The link stops working. No transcript, no log, no recovery.
Two-channel security with an extra password
Add a second password to your message. Share the link over one channel (email, Slack) and the password over another (phone call, in person). An attacker who intercepts the link cannot read the message without the password. This is the recommended pattern for anything highly sensitive.
Signal vs VoidNote — which to use
These tools solve different problems. Signal is excellent for ongoing private conversations. VoidNote is for one-shot secrets that must not persist anywhere.
Use Signal when…
- ·You need an ongoing private conversation
- ·You want voice or video calling
- ·The recipient is a known contact
- ·You need message history
Use VoidNote when…
- ·You're sharing a password or secret
- ·The message must not persist anywhere
- ·The recipient doesn't have Signal
- ·You need proof the message self-destructed
Common questions
Does the recipient need an account or app?
No. The recipient just needs a browser. They click the link, optionally enter a password, and read the message — no registration, no app install. The link works on any device.
What if the message is sensitive enough that I don't trust any link?
Use the extra password option and share the password via a fully out-of-band channel (in person or by phone). The link alone is useless without the password — an intercepted link reveals nothing.
How long does the link stay active?
A maximum of 24 hours, or until the view count reaches zero — whichever comes first. You can set a lower expiry for more time-sensitive messages.
Can I send long messages?
Yes. VoidNote notes support up to 10,000 characters. For larger content — documents, files — use the Vault feature, which encrypts and delivers files via a single-use download link.
Send a message that actually disappears
No account needed. Works in any browser. Zero plaintext stored — ever.