Terms of Service

The rules for using iKrypt safely and responsibly.

These terms explain what iKrypt does, what you are responsible for, what is not allowed, and the limits of the service.

Last updated: July 2026

Use it responsibly

iKrypt is for legitimate one-time secret sharing. Do not use it for illegal, abusive, harmful, or malicious activity.

You control the link

iKrypt creates encrypted links, but you choose where and how to share them. Treat the full link as sensitive.

Service is provided as-is

iKrypt is a simple utility, not a password manager, compliance platform, or guaranteed delivery service.

1. Acceptance of these terms

By accessing or using iKrypt, you agree to these Terms of Service. If you do not agree with these terms, do not use the service.

“iKrypt,” “we,” “us,” and “our” refer to the operators of ikrypt.com. “You” refers to anyone who accesses or uses the service.

2. What iKrypt is

iKrypt is a one-time encrypted secret sharing tool. It helps you create encrypted links for temporary secrets such as passwords, API keys, .env values, login credentials, and short notes.

You choose how to send the generated link. iKrypt does not deliver the link on your behalf through email, chat, SMS, or any other channel.

Secrets become inaccessible after the configured expiry time, after the maximum view count is reached, or when the encrypted record is no longer available.

3. Your responsibilities

You are responsible for how you create, manage, and share iKrypt links.

  • Share secret links only with intended recipients.
  • Treat the full link, including the part after #, as sensitive.
  • Use short expiry times and one-view links for higher-risk secrets.
  • Do not paste real secrets into the contact form or other non-secret pages.
  • Do not use iKrypt as a long-term password vault or permanent storage system.

4. Acceptable use

You agree not to use iKrypt for harmful, illegal, abusive, or unauthorized activity. Prohibited uses include:

  • Sharing illegal, harmful, abusive, threatening, or harassing content
  • Distributing malware, phishing links, stolen credentials, or harmful code
  • Attempting to bypass rate limits, abuse controls, or security protections
  • Using the service to impersonate others or gain unauthorized access
  • Interfering with the availability, integrity, or operation of iKrypt
  • Using iKrypt in violation of applicable laws or regulations

5. Security model

iKrypt uses browser-side encryption. The plaintext secret is encrypted in your browser before it is uploaded. The decryption key is placed in the URL fragment, which is the part after the # symbol.

In normal HTTP requests, browsers do not send URL fragments to servers. This means iKrypt receives the secret ID and encrypted ciphertext, but not the decryption key.

You are responsible for treating the full link as sensitive. Anyone with the full link, including the fragment key, may be able to decrypt the secret until it expires or reaches its view limit.

For a plain-language explanation of the architecture, read the security architecture.

6. Deletion and expiry

A secret becomes inaccessible when it reaches its maximum view count, passes its expiration time, or is otherwise unavailable.

When the final allowed view is consumed, the encrypted record is deleted as part of the server-side transaction that reserves that final view.

For secrets that expire without being viewed, encrypted records are removed by Firestore's time-to-live policy, typically within 24 hours of expiry. During this period, the API still blocks access after expiry.

Because iKrypt does not require accounts and cannot read secret contents, we may not be able to identify or recover a specific secret unless you provide the exact link or related context.

7. iKrypt is not a password vault

iKrypt is designed for short-lived secret handoffs. It is not a password manager, team vault, backup system, identity provider, compliance platform, or long-term storage product.

Do not use iKrypt as your only copy of important credentials. Once a secret expires, reaches its view limit, or is deleted, it may not be recoverable.

8. Availability and changes

We aim to keep iKrypt available, but we do not guarantee uninterrupted, error-free, or permanent availability.

We may change, suspend, limit, or discontinue parts of the service at any time, including to improve security, prevent abuse, comply with legal obligations, or maintain the service.

We may apply rate limits, block requests, or restrict access where we believe the service is being abused or attacked.

9. Disclaimers

iKrypt is provided on an “as is” and “as available” basis. To the maximum extent permitted by law, we disclaim all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, availability, and security.

iKrypt reduces some risks involved in sending temporary secrets, but it does not eliminate all risks. For example, it cannot protect against compromised devices, malicious browser extensions, unsafe sharing channels, screenshots, or a recipient intentionally copying or forwarding revealed content.

iKrypt is not legal, security, compliance, medical, financial, or professional advice. You are responsible for deciding whether iKrypt is appropriate for your use case.

10. Limitation of liability

To the maximum extent permitted by law, iKrypt and its operators will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for loss of data, secrets, credentials, profits, business, goodwill, or security incidents arising from or related to your use of the service.

11. Your responsibility for misuse

You are responsible for your use of iKrypt and for any content or links you create or share through the service. If your use of iKrypt causes claims, disputes, losses, or legal issues because you violated these terms or applicable law, you are responsible for that misuse.

12. Privacy

Our handling of encrypted secrets, metadata, analytics, contact forms, and third-party services is described in the Privacy Policy.

13. Changes to these terms

We may update these terms from time to time. When we make meaningful changes, we will update the “Last updated” date and, where appropriate, post a notice on the website. Continued use of iKrypt after changes means you accept the updated terms.

14. Contact

For questions about these Terms, contact us at write@digiwares.xyz or use the contact page.