// privacy

Nothing leaves your browser.

Ciphriend is a static site. There is no backend, no API, and no telemetry. The only network traffic between your browser and our servers happens once: when you load the page. After that, everything you type, every cipher you run, every key you enter — all of it stays inside your tab.

Sharing via link

The "Share link" button copies a URL where your input lives in the URL fragment (the part after #). Browsers don't send fragments to servers, so even your share links keep payloads off the wire. Recipients open the link and your browser reconstructs the state locally.

Keys and passwords

Any field marked as a key or password is treated as ephemeral: it lives only in the current tab's memory. We never write it to local storage, never include it in share links, and never log it. Closing the tab forgets it.

Modern crypto

Ciphers that need real cryptographic primitives (AES-GCM, SHA-256) use the browser's native crypto.subtle. We don't ship our own crypto and we don't depend on third-party libraries for it.

Trust, but verify

Open the network tab in your browser's devtools and watch what Ciphriend does (or, more importantly, what it doesn't do).