How it works: Your text is encrypted locally using AES-256-GCM before leaving your device. The server stores only unreadable ciphertext. The decryption key travels exclusively in the URL fragment (#k=...) which browsers never send to servers. Even a full server compromise cannot expose your message.