Security

Every document uploaded to Sealed is encrypted in your browser before it leaves your device. We use AES-256-GCM encryption, the same standard used by governments and financial institutions worldwide.

The encryption key is embedded in your unique link (the part after the # symbol). This fragment is never sent to our server — it stays in your browser. This means the server stores only encrypted data it cannot read.

Sealed uses end-to-end encryption for all documents. Our server never receives your encryption keys. This means we cannot:

• Read any uploaded document
• Identify document contents, even under legal compulsion
• Recover documents after they are deleted
• Decrypt your files, even if our servers were compromised

This is a mathematical guarantee, not a policy promise. The architecture makes it impossible, not just forbidden.

Sealed is a transit mechanism, not a repository. All data is automatically and permanently deleted on a fixed schedule:

• Empty rooms (no submissions): deleted after 30 days
• Partial rooms (some submissions, no release): deleted after 90 days
• Completed exchanges: deleted 30 days after release

When deletion occurs, we execute deletion of all encrypted files, room metadata, party data, and audit events. We do not maintain recovery copies beyond this point.

Sealed requires no user accounts and stores no passwords. Access is controlled entirely through unique, high-entropy links. Each link contains 256 bits of randomness — guessing a valid link is computationally infeasible.

The only personal information stored is the organizer's email address (required for notifications) and optional party email addresses. These are deleted along with all other room data on the auto-deletion schedule.