For us, privacy is not negotiable. We deliberately choose and limit the tools we use to protect everyone's right to privacy. We don't show ads, we don't track individuals across the web, we don't sell data, and we keep personal data to the bare minimum. Even with an account, we'd never ask for personally identifiable information (PII) without a good reason.
Our privacy principles
Minimal data collection
We collect only what's strictly necessary to run the service. No profiling, no advertising trackers.
End-to-end encryption
Secrets and files are encrypted on your device before they reach us. We can't read them, and they're deleted after access or expiry.
No cross-site tracking
We don't use third-party advertising cookies or surveillance analytics.
Anonymous by default
You can share secrets without an account. When you do create one, an email address is all we need.
Ephemeral storage
Encrypted content is stored only until it's retrieved or expires, then permanently deleted.
Open source
Our code is open for anyone to inspect.
Third-party services
The few external services we rely on to run scrt.link — what they do and where your data is processed.
| Service | Purpose | Data region | GDPR |
|---|---|---|---|
| Vercel | Website & API hosting | Global | |
| Neon | Postgres database | US | |
| Flow Swiss | Object storage (files) | CH | |
| Plausible | Cookieless, privacy-friendly website analytics | EU | |
| Stripe | Subscription payments and billing | Global | |
| Brevo | Transactional and account emails | EU | |
| Sign-in with Google (optional) | Global |
We share only what each service needs to function. Your secrets and files stay end-to-end encrypted and are never accessible to them.