Seecret.it Public Inbox: receive passwords and confidential documents through an encrypted public URL

The Seecret.it Inbox is an encrypted inbox accessible through a public URL at seecret.it/@yourslug. It lets anyone — client, colleague, vendor, candidate or journalist — send you a password, a 2FA code, a confidential document or a sensitive file without signing up and without going through your e-mail inbox. Every message is encrypted in the sender's browser with AES-256 before being sent: Seecret.it never has access to the content or the decryption key.

Who is the Seecret.it Inbox for?

The Inbox is designed for professionals and individuals who regularly receive sensitive information and want a secure, encrypted alternative to e-mail:

  • Lawyers, notaries, accountants: receive client documents (bank details, contracts, ID) in GDPR-compliant fashion
  • IT & DevOps teams: collect passwords, API keys and vendor tokens without exposing them in e-mails
  • HR teams: centralise payslips, ID copies, candidate files
  • Journalists & whistleblowers: receive confidential information from anonymous sources
  • Freelancers & agencies: replace Gmail/Outlook attachments with an end-to-end encrypted channel
  • Healthcare professionals: receive patient documents in line with GDPR / HIPAA-style requirements

How does it work? (zero-knowledge encryption)

When a sender drops a message on your @yourslug URL, their browser generates a random AES-256 encryption key. The content (text + optional files) is encrypted locally before being sent to our servers. The key is then placed in the URL fragment of the notification e-mail — never transmitted to the server. This is called the zero-knowledge model: even if our database were compromised, your messages would remain unreadable. The same model secures our one-time password sharing links.

Where can you publish your Inbox link?

  • Professional e-mail signature
  • LinkedIn bio, X (Twitter), Instagram, GitHub
  • Contact page of your website or portfolio
  • QR code printed on business cards, flyers or physical kiosks
  • Footer of commercial proposals, quotes and invoices
  • Footer of HR forms or booking pages

Inbox vs email: why email is no longer fit for sensitive data

Sending a password by email, a bank account, an API key or a confidential document is still a daily habit — and one of the riskiest in business. Email was not designed for confidentiality: it transits through multiple intermediate servers, stays indexed at your provider, and survives indefinitely in your archives as well as your recipient's.

The hidden risks of email for sensitive data

  • Unlimited storage at Gmail, Outlook, Yahoo: a password sent in 2018 is still readable in 2026
  • Mailbox compromise: a single stolen Gmail password exposes years of shared data
  • Accidental forwarding: one mis-clicked "Reply All" and the secret leaks to 30 people
  • Indexation by anti-spam filters and third-party tools (Microsoft Defender, Google Workspace API, etc.)
  • GDPR non-compliance for sensitive personal data (Article 32 GDPR: security of processing)
  • No read tracking: impossible to know who, when and how many times the message was read

Benefits of the Seecret.it Inbox

  • AES-256 end-to-end encryption in the sender's browser
  • One-time read: self-destruction after consultation
  • Automatic expiration after 7 days by default
  • Instant email notification with the direct decryption link
  • GDPR-compliant by design: no plain-text storage, EU hosting
  • No account required for senders: zero friction
  • Encrypted attachments up to 100M per file for Pro subscribers

Seecret.it Inbox vs email vs WhatsApp: the comparison

  • Classic email: convenient but not end-to-end encrypted, infinite retention, GDPR compliance difficult
  • WhatsApp / Signal: E2E encrypted but requires both parties to have an account + phone number, poorly suited to B2B and one-off exchanges
  • Shared password vault: secure but requires the recipient to register and an explicit credential sharing
  • Seecret.it Inbox: E2E encryption, one-time read, anonymous account-less sender, GDPR compliance, embeddable in email signatures or QR codes

Going further with other Seecret.it tools

Once your Inbox is active, complete your security toolbox with: one-time password sharing to send a secret to a recipient, multi-party secure sharing (Shamir's Secret Sharing), the strong password generator, the diceware passphrase generator and our encrypted REST API to integrate sharing into your internal workflows.