Frequently Asked Questions

What happens to my secret after it's revealed?

When "Burn after reading" is enabled, the content is permanently deleted from the server the moment your recipient reveals it. It cannot be retrieved by anyone โ€” including the server operator. If the option is disabled, the content persists until the link expires.

Can YourSiteName read my secrets?

Secret content is stored in an obfuscated form keyed to the public token. The server processes the content when generating and revealing a secret, but no plaintext is stored at rest. Because this is a self-hosted application, security depends on who controls the server infrastructure.

What if someone opens my link before the intended recipient?

With "Burn after reading" enabled, the link can only be opened once. If an unintended party opens it first, the secret will be consumed and your intended recipient will see an "unavailable" message. Your Control Link will show you exactly when and from where the link was accessed, so you can detect this immediately and revoke or re-create the secret.

How do I monitor who accessed my link?

Every secret comes with a private Control Link. Open it to see a full access log with timestamps, approximate locations, device types, and referrers. You can also configure a webhook to receive an instant notification when your link is first opened.

What is the Control Link and how do I keep it safe?

The Control Link is your private dashboard for a specific secret. It is a long, random URL that is only generated once and never shown again after creation. Treat it like a password โ€” anyone who has it can view access logs, update the webhook, and manually destroy the secret. Store it somewhere safe, such as a password manager.

Can I revoke a link before it's opened?

Yes. From your Control Link dashboard, click "Burn Now" at any time to permanently destroy the secret before anyone has a chance to reveal it. This is useful if you sent a link to the wrong person or simply changed your mind.

What happens when a link expires?

Expired links stop working immediately. The content is marked for deletion and removed on the next cleanup cycle. Your recipient will see an "unavailable" message if they try to access an expired link.

Is there a size limit on secrets?

Yes. Secret content is capped at 4,096 characters. This is intentional โ€” YourSiteName is designed for short, discrete pieces of sensitive information such as passwords, tokens, and one-time codes, not for transferring large files.

Can I use YourSiteName via the API?

Yes. The POST /create endpoint accepts JSON and requires an X-Creation-Secret header configured by the server operator. This allows you to integrate secret sharing into scripts, CI/CD pipelines, and other automated workflows.

Does YourSiteName log IP addresses?

Yes โ€” the access log records the IP address of anyone who visits a public link. This is disclosed clearly in our Privacy Policy. The IP is used solely for the access log visible to the link creator through the Control Link. It is never sold or shared with third parties.

How long are access logs retained?

Access logs are automatically deleted after 30 days by default. The server operator can configure this retention window. Logs for a secret are also deleted when the secret itself is burned or expires.

Is YourSiteName open source?

Yes. The full source code is publicly available. You can audit it, self-host it, and verify exactly what the application does.