Home | Security | File Encryption | FAQ's | Privacy | About Us

Privacy & Terms — OneTimeMessage.com

Effective: March 2024 · This page explains how we handle privacy and the terms under which you use the service.

Privacy Policy (Zero-Tracking, Zero-Log)

No personal data collection. We don’t collect names, emails, phone numbers, or any persistent identifiers.

No IP storage or fingerprinting. We don’t retain IP addresses or use browser fingerprinting for analytics or tracking.

No long-term tracking. We don’t use third-party analytics beacons, retargeting pixels, or cross-site tracking.

Minimal operational metrics only. We keep aggregate counters (e.g., messages/files processed, success/error counts) to keep the site healthy. And yes, we log “no errors ever”… until an error happens—then we fix it fast.

No message contents retained after use. Message links are designed to be single-use. When a message is viewed, it’s deleted.

Cookies. If set at all, they’re strictly necessary (e.g., CSRF/session defense). No tracking cookies.

Encryption first. Messages/files are encrypted at rest and in transit. Only the one-time URL and (optional) user password can decrypt them.

Ultra Encrypt (client-side). An optional layer that encrypts in your browser before upload, using your password. We never see the plaintext.

Children’s privacy. The service is for adults. Do not use if you are under the age of digital consent in your region.

Contact. For privacy questions, contact support@onetimemessage.com.

Security Notes

Double encryption. We apply strong server-side encryption. With Ultra Encrypt enabled, your browser also does AES-256-GCM before upload.

Password-protected content. If you add a password, only someone with both the unique one-time URL and the password can decrypt.

IP Lock (optional). You can bind a message to a recipient IP. Only requests from that IP will succeed—ideal for targeted sharing.

Key handling. Decryption needs the unique URL token; when a message is already viewed/expired, the ciphertext is removed.

What We Log (Briefly)

  • Aggregate counts: messages and files processed, totals by day/week/month.
  • Operational errors: short-lived logs for diagnosing incidents (we joke that we never have any—but if we do, we fix them).
  • No content analytics: we don’t profile or mine your data.

Terms of Service

Use at your own risk. The service is provided “as is” and “as available,” without warranties of any kind (express or implied).

No warranty of fitness. We make no guarantees that the service meets your requirements or is error-free, uninterrupted, or secure against every threat.

Acceptable use. Don’t use OneTimeMessage.com for illegal content, abuse, malware distribution, or anything that violates applicable law.

Availability. We may change, suspend, or discontinue parts of the service without notice. We try hard to keep it humming.

Encryption caveats. If you forget your password or lose the unique URL, we can’t help you recover content. That’s by design.

No liability. To the maximum extent permitted by law, OneTimeMessage.com is not liable for any indirect, incidental, or consequential damages.

Indemnification. You agree to hold us harmless from claims arising from your use of the service or your violation of these terms.

Changes to terms. We may update these terms. Continued use means you accept the latest version (we keep this page current).

Governing law. These terms are governed by applicable law in our jurisdiction; venue and forum provisions apply accordingly.

Ultra Encrypt & One-Time Links

Ultra Encrypt (client-side AES-256-GCM). Your message/file is encrypted in your browser using your password before it reaches our servers. We only store ciphertext.

One-time URL. Each message gets a unique, unguessable URL token. When it’s viewed, the ciphertext is deleted—link reuse fails.

Password secrecy. We never know your password; without it, ciphertext is useless to us or anyone else—even with server access.