Understanding Zero-Knowledge Encryption

Last updated: Apr 26, 2026

Zero-Knowledge Encryption

PassLink uses a zero-knowledge architecture — we never see your secrets.

How It Works

When you create a secret, the encryption key is placed in the URL fragment (the part after #):

https://passlink.click/s/abc123#ENCRYPTION_KEY_HERE

The URL fragment is never sent to our servers — this is a fundamental behavior of web browsers defined in RFC 3986. It stays entirely in your browser.

What We Store vs. What We Don't

✅ We Store (Encrypted)

  • Encrypted ciphertext (unreadable without the key)
  • Expiration timestamp
  • View count metadata

❌ We Never Store

  • Your original secret text
  • The encryption key
  • Your IP address
  • Any personally identifiable information

Encryption Standard

  • Algorithm: AES-128-GCM
  • Key generation: Client-side, cryptographically random
  • Transport: HTTPS (TLS 1.3)
  • Storage: Encrypted at rest, auto-deleted after viewing

Was this article helpful?

More in Sharing & Security

Expiration & Self-Destruction

How PassLink's expiration timers and self-destruction mechanism protect your secrets

Best Practices for Sharing Secrets

Security guidelines and best practices for safely sharing secrets through PassLink

Security Best Practices Guide

Comprehensive security guidelines for expiration strategy, password protection, channel selection, and corporate policies

We use cookies to improve your experience and analyze site usage. You can accept or reject non-essential cookies. Learn more