Home | Security | File Encryption | FAQ's | Privacy | About Us

About OneTimeMessage.com

OneTimeMessage.com began in 2017 as a weekend coding project by Peter, a software engineer with 20+ years in the craft. What started as a personal challenge - “Can a secure message be truly one-time, truly private, and truly simple?”-has grown into a service that everyday people rely on for sharing a secret, a password, a contract term, or a vulnerable thought, safely.

From the beginning, our guiding idea was love-at-first-use simplicity with defense-grade security. We couldn’t find anything that packaged those ideas the way we needed-so we built it, piece by piece, layering privacy by design. Today, OneTimeMessage balances warmth and rigor: a gentle UI wrapped around serious cryptographic practices, so you can feel safe and seen.

What makes us different

  • One-time, one chance. Your message is delivered through a unique, unguessable URL. Once it’s read, it’s gone. That moment matters, and then it’s over. No inbox trails. No second chances for snoops.
  • User Password (Layer 2). Add a password that only your recipient knows. Even if someone found your unique URL, they would still need the password.
  • IP Lock (Layer 3). If you know the recipient’s IP address, you can lock the message so it only opens from that address. Think of it as a door key (the URL) plus a secret knock (the password) plus a familiar face (the IP).
  • Ultra Encrypt (2025) - client-side pre-encryption (Layer 4). This is a new, fourth layer: your browser encrypts the message with a password before it ever touches our servers. Then our platform applies its usual server-side encryption on top. That means we never see your plaintext, and we never see your Ultra password. It’s your lock on top of our lock.

A hug wrapped in math

We’re warm people who like warm software-so yes, we obsess over the details that make privacy feel human. But underneath, it’s math all the way down.

  • Unique one-time URL: Think of it as a long, random capability token. It’s not a guessable path-it’s a cryptographic-strength secret baked into a link.
  • Server-side encryption (“our lock”): On the platform, your content is encrypted at rest using robust, modern ciphers. The one-time URL is your capability to request decryption (subject to any extra checks like IP Lock and User Password).
  • User Password (“your secret knock”): If you enable it, the correct password is required at read time. No password, no message.
  • IP Lock (“home turf only”): When enabled, the message can only be read from the IP you designate. This blocks replay from other networks-even if the URL leaks.
  • Ultra Encrypt (client-side pre-encryption): Your browser derives a key from your Ultra password and encrypts the message locally (e.g., with modern AEAD such as AES-GCM). We then store only ciphertext-of-ciphertext. When your recipient opens the link, we hand back your still-encrypted payload so their browser can decrypt it-we can’t, and that’s the point.

Why this layering matters

  1. URL Capability – A long, random, one-time URL that acts like a unique key.
  2. User Password – A secret you share off-channel, known only to sender and recipient.
  3. IP Lock – Ties the unlock to a specific network address, stopping drive-by attempts.
  4. Ultra Encrypt – Browser-side encryption that keeps plaintext out of our hands entirely.

Even if an attacker grabbed our database, they’d see only encrypted blobs-no plaintext, no Ultra password, and a one-time URL that had likely already been consumed. The one-time model narrows the attack window; the password and IP lock add hurdles; Ultra Encrypt ensures we never possess the keys to your content.

Built by real humans, for real humans

We’re small by choice. We ship features when they’re ready, not when a calendar says so. We write documentation in plain English. We care about people who don’t speak “crypto” but still deserve strong privacy. And we listen-because you tell us what actually works.

Why trust us?

  • Minimal data by design. If we don’t need it, we don’t ask for it.
  • Transparency. Clear language, straightforward settings, no dark patterns.
  • Defense in depth. If one layer fails, the others stand ready.
  • You first. We optimize for your safety, not our convenience.

Where we’re going

In 2025, Ultra Encrypt made “double encryption” even more meaningful by adding your lock, on your device, with your password, before our systems ever participate. We’ll keep building tools that help humans share sensitive things without losing sleep-because some moments deserve both a hug and a vault.

If you’ve read this far: thank you. OneTimeMessage.com is a love letter to thoughtful privacy-practical, caring, and strong. We hope it feels like that to you every time you click “Create one-time message.”