Security model
Zero-knowledge, burn-after-read
Encryption happens client-side. The server stores only ciphertext and never sees the key.
Core value
One product, adapted for different operational needs
Zero-knowledge by design
The decryption key stays in the URL fragment, so the server never receives it.
Ephemeral transfer
Data is deleted after the first access or after the chosen expiry window passes unread.
Auditable deployment
Minimal stack, no runtime package sprawl, and clean deployment paths for managed or sovereign installs.
What matters most
Deployment models
Buy the control model that matches your risk profile
The same product can be delivered as a hosted tool, a managed isolated environment, or an internal deployment.
Hosted SaaS
Fastest route for individuals and small teams that want secure sharing without infrastructure work.
Managed instance
Dedicated isolated environment with updates and uptime handled for you.
On-prem or private cloud
For regulated environments that need network control, internal review, or residency guarantees.
Pricing
Hosted plans are priced per workspace. Need a larger team or private deployment? Talk to sales.
API / Integrations are available on request for teams embedding PrivateBurn into internal tools or customer workflows. Contact sales to discuss packaging and commercial terms.
FAQ
Questions teams ask before deployment
Does PrivateBurn replace email or chat?
No. It replaces the unsafe habit of placing secrets into systems that keep searchable history.
Can we deploy it inside our own environment?
Yes. Private cloud, dedicated environments, and on-prem deployment are all supported.
What is actually stored on the server?
Only encrypted bytes. The decryption key stays client-side in the link fragment and is never stored with the payload.
Next step