Secret Pusher

Security at Secret Pusher

Last Updated: July 06, 2026

Secret Pusher is built for temporary transfer of sensitive information through expiring links, access limits, and client-side encryption where supported by the product flow.

What We Protect

  • Text secrets, file secrets, file upload requests, MFA share links, and URL redirects are designed to expire.
  • Links can be limited by views, downloads, time, passwords, and account access controls depending on feature and plan.
  • Secrets and encrypted files are removed after expiration or successful use according to their configured policy.

Encryption Model

  • Text and file flows use modern browser cryptography for client-side encryption where supported.
  • Encrypted file transfers use authenticated encryption and preserve encrypted payload handling on the server.
  • Password protected flows require the recipient to prove access before protected content is displayed.

Abuse Prevention

  • Public creation and access routes use rate limits and validation.
  • Generated links are excluded from normal search indexing signals.
  • We may suspend, delete, block, or investigate links that are reported for phishing, malware, spam, illegal content, credential theft, or platform abuse.

Responsible Disclosure

Please report security issues to [email protected]. Include:

  • A clear description of the issue.
  • Steps to reproduce.
  • Affected URL or feature.
  • Your contact information for follow-up.

Do not access, modify, delete, or disclose other users' data. Do not run automated destructive testing against production.

Security Contacts

You can also find our machine-readable security contact at /.well-known/security.txt.

Secret Pusher Chrome Extension

Secret sharing just got easier! 🔐
The new Secret Pusher Chrome Extension is here. ⚡