Hey Product Hunt,
I’m Joy, the creator of BurnLink — a product of Paperfrogs/Open (paperfrogs.dev) — and I want to tell you exactly why I built it.
I kept sending sensitive files incorrectly. Credentials on Slack. API keys in email. Organize files on Google Drive with “links to anyone”. Every now and then, a quiet voice says it’s a terrible idea. So I built what I originally wanted to use.
What is burn link?
BurnLink is a zero-knowledge, one-time file sharing tool. You upload a file, get a link, share it. The recipient opens it once – and it’s gone. Permanently. No second chance, no recovery, no scars.
What actually makes it different?
Every other “secure” sharing tool makes a tacit assumption: Trust us with your data. They encrypt in transit. They store on their servers. They have the keys. You just have to hope.
Burnlink reverses this model completely:
Zero knowledge by design — encryption happens entirely in your browser via the native WebCrypto API (AES-256-GCM + PBKDF2). Your file never travels over the network unencrypted. ever
The key never hits our server – it stays in the (#) fragment of the URL. Browsers do not add fragments to HTTP requests. We are architecturally unable to decrypt your file. Not a policy. Not a promise. Physics.
True one-time links — not “expires in 7 days.” Burns on first opening. A sight, gone forever. The moment someone opens it, it’s dead.
No accounts, no metadata, no logs — we can’t tell you who opened it or when, because we don’t really know. That’s the point.
Why not just use (X)?
Bitwarden Send — Great, but requires a Bitwarden account on both ends.
OnionShare — Powerful, but requires installation and technical setup.
WeTransfer / Google Drive – No real encryption, files stay intact, they can read it
Just emailing it – please don’t.
A burn link is just a link. There is no install. No accounts. You paste it, they open it, it’s over. We don’t ask you to trust us—we made it so you don’t have to.
Under the hood
Built as a solo project at Paperfrogs Labs, using Node.js + Express, Netlify serverless functions, Supabase for storage, and the browser’s native WebCrypto API — no heavyweight crypto libraries. Clear, audible, minimal.
Who is it for?
If you’ve ever refused to send a password on Slack, shared credentials in a Notion doc, or emailed an .env file, this is for you. Perfect for developers, operations teams, freelancers, and anyone who handles sensitive files without a proper privacy manager.