about

1. open plaintxt in your browser

2. choose a temporary username (auto-generated or custom)

3. your browser generates an encryption key pair locally

4. your public key goes to the server. your private key never leaves your browser.

5. send messages. they are encrypted in your browser before transmission.

6. the server stores and relays only ciphertext — it cannot read your messages.

7. messages burn automatically: 60 seconds after reading, 24 hours if unread.

8. your identity expires based on your tier: 24 hours (free), up to 30 days (pro), up to 365 days (power). nothing is retained after expiry.

encryption: ECDH P-256 key exchange + HKDF-SHA-256 derivation + AES-256-GCM per message. each message uses an ephemeral key pair — forward secrecy is per-message.

key storage: private keys are stored in your browser's IndexedDB. they are not extractable from the API and are never transmitted. clearing browser data destroys the key permanently.

server stack: Cloudflare Workers (API), D1 (database), R2 (attachments), Durable Objects (WebSocket relay). no persistent application servers.

identity resumption: your identity can be resumed from this browser while local storage remains intact. incognito close, cleared site data, or a different device means the key is gone and cannot be recovered — by you or by us.

✗ not a social network

✗ not a permanent messenger

✗ not a place to store files or conversations

✗ not backed by venture capital or ad revenue

✗ not the Signal Double Ratchet protocol (we document our limitations honestly)