Go to Web App
Zero-Knowledge by design

The security architecture of

Every share is encrypted inside your browser before it ever touches the internet. Follow the entire journey below — from the moment you hit send to the instant the data self-destructs. The server only ever holds scrambled bytes.

Encrypted in your browser Key never leaves your device No keys on server Self-destructing

The sharing process, end to end

Three zones · thirteen steps · one secret that never leaves the browser.

Zone 1 · On the sender's device

Your browser does the encrypting

Nothing readable is created here that ever leaves. The plaintext and the key exist only in this browser tab.

Step 1 · Compose

You add what you want to send

Text, code snippets, links, passwords, or files up to 50 MB. It all sits in the page — nothing has been uploaded yet.

Step 2 · Reserve a code

A one-time 6-digit passcode is minted

The browser asks the server to reserve a slot. The server returns a random XXX-XXX passcode and quietly files the reservation under a private reference. The passcode itself is never written to disk.

Codes aren't handed out by a naïve random draw — that would quietly start colliding far too soon. Instead they're issued so that every code stays unpredictable while the full range is used without two shares ever clashing.

Step 3 · How the passcode works

One 6-digit passcode, two separate jobs

Your passcode does two completely different things at once — and the part that actually unlocks your data never leaves your browser.

429-317
Job 1 · Find the right box

The passcode lets the server figure out which sealed box to hand back — like a locker number. That's all it's used for on the server side: it points to a box but reveals nothing about what's inside, and it can't be turned back into your key.

Job 2 · Unlock the box

The passcode is also what your browser turns into the actual encryption key. This step happens entirely on your device and the resulting key is never sent anywhere — so only someone who knows the passcode can ever unlock the contents.

Step 4 · Encrypt everything

Each item is sealed individually

Every item is locked with strong, authenticated encryption — the kind that not only hides the contents but also detects any tampering. A hidden marker is sealed in alongside so the recipient's passcode can be checked without exposing anything. Large files are encrypted and sliced into smaller pieces.

Step 5 · Upload ciphertext

Only scrambled bytes leave your device

The sealed items and each file piece are uploaded, with safeguards that stop anyone from grafting extra data onto your share. The plaintext and the key stay behind, in your browser.

Zone 2 · On the bridg.fun server

A vault that cannot read its own contents

The server stores, guards, and expires — but it holds no key and no passcode, so it can never open the box.

Step 6 · Store the sealed package

Encrypted data only, nothing readable

The sealed package is saved in encrypted storage alongside an expiry time. There is no plaintext, no key, and no passcode anywhere on the server — by construction it is zero-knowledge. Even a full copy of what's stored reveals nothing without the passcode that never reached it.

Step 7 · Guard the door

Brute-force protection & rate limits

Repeated wrong codes trigger temporary lockouts, each link can only be tried a limited number of times, and overall request volume is throttled per visitor — so a short code can't be machine-guessed at scale.

Step 8 · Hand back the code

You get a passcode & share link

The sender receives the 6-digit code and a /s/XXX-XXX link to deliver however they like — text, chat, in person. The secret travels out-of-band, separate from the encrypted data.

Zone 3 · On the recipient's device

Decryption happens in their browser too

The same passcode rebuilds the same key locally — the only place the data is ever readable again.

Step 9 · Enter the passcode

The recipient types the 6 digits

Their browser uses the passcode to locate the matching sealed package — the same reference the sender's browser set up. No account, no install.

Step 10 · Fetch the sealed package

The sealed package comes back — still locked

The server returns the sealed data for that reference (subject to the same brute-force limits). At this point everything on the wire is still completely unreadable.

Step 11 · Re-derive the key

Same passcode → identical key

The recipient's browser turns the passcode back into the exact same key, then checks it against the sealed package. A correct passcode unlocks the contents and its built-in tamper check passes; a wrong one matches nothing, so access is refused and no data is shown. The unlocking secret is worked out entirely on the device and never reaches the server.

Step 12 · Decrypt & reassemble

The content reappears, in their browser

Items are decrypted in place; file pieces are fetched, decrypted, and stitched back into the original file — all on the recipient's device. The plaintext only ever exists on the two endpoints, never in between.

Step 13 · Self-destruct

The share erases itself

If "delete after download" is on, the encrypted blob is wiped the instant it's received. Otherwise it expires automatically after 15, 30, or 60 minutes, and an hourly cleanup sweep removes anything left behind. Nothing is ever backed up.

What the server can — and can't — see

Because encryption happens before upload, the vault is deliberately kept in the dark.

The server holds

  • + Encrypted data it cannot read
  • + A private reference used only to hand the right sealed package back
  • + An expiry timestamp
  • + Basic file metadata (name, size)

The server never sees

  • Your files, text, or passwords in readable form
  • The decryption key
  • Your passcode (it's never stored)
  • Any account, email, or identity — there are none

The guarantees, in plain terms

End-to-end encrypted

Strong, authenticated encryption locks every share in the browser and only unlocks it in the recipient's browser.

Zero-knowledge

The key is derived from your passcode and never leaves your device, so bridg.fun is mathematically unable to read what you send.

Ephemeral

Shares live 15–60 minutes, or vanish on first download. Nothing is retained, indexed, or backed up.

Brute-force resistant

Lockouts after repeated wrong codes, per-link guess caps, and request throttling stop codes from being machine-guessed.

No accounts

No sign-up, no email, no profile. There's no identity to leak because none is ever collected.

HTTPS-only crypto

All cryptography uses your browser's built-in, hardened crypto engine and only runs over a secure (HTTPS) connection.

Security questions, answered

Can bridg.fun read what I share?

No. Everything is encrypted inside your browser before it is uploaded. The key is derived from your passcode locally and never sent to the server, so bridg.fun only ever holds scrambled bytes it cannot decrypt.

Why is the passcode only 6 digits — isn't that guessable?

A short code is paired with strong throttling and a short lifetime. Repeated wrong attempts lock the requester out, each link can only be tried a limited number of times, and the whole share expires within an hour. That makes exhaustive guessing impractical, while keeping the code easy to read aloud.

Can two shares ever clash on the same code?

No. Codes aren't drawn at random, so they can't quietly overwrite each other — they're issued in a way that keeps every code unpredictable while making sure two live shares never land on the same one. Each share stays completely separate, and one can never clobber another.

Could someone else open my share?

Only someone holding the exact passcode can unlock a share. Without it, the data is just scrambled bytes — there's nothing to read and no way to derive the key. Each share is sealed independently, so unlocking one tells you nothing about any other, and a wrong code simply unlocks nothing at all.

What happens to my data after it's received?

It self-destructs. With "delete after download" on, the encrypted blob is wiped the moment it's received. Otherwise it expires after 15, 30, or 60 minutes, and an hourly cleanup job removes anything left over. Nothing is backed up or recoverable afterwards.

Should I send the passcode through the same channel as the link?

For the most sensitive shares, send the passcode out-of-band — a different app, a phone call, or in person. The encrypted data and the secret that unlocks it travelling by separate routes means intercepting one is useless without the other.

⚡ Try a secure share

No account required • Encrypted in your browser • Self-destructing