We don’t do security theater. No fake locks. No "encrypted" messages that pass through our servers in plain text. BareSend uses real client-side encryption with AES-GCM — a trusted, fast, and secure standard that’s battle-tested by cryptographers and browsers alike.
AES-GCM (Galois/Counter Mode) isn’t just fast — it’s authenticated. That means it encrypts your message and also ensures its integrity. If someone tries to tamper with the ciphertext, the decryption fails. That’s not a bug. That’s the point.
We use 256-bit keys, randomly generated in your browser. The encryption happens before the message ever touches our servers. All we store is encrypted gibberish and an expiration time.
The decryption key never hits our server — not even for a millisecond. You share it yourself however you like. If you lose it, we can’t help you. And that’s by design.
Why? Because if we stored your key, even briefly, it opens the door to abuse. We’d be lying if we said “we can’t read your messages.” With BareSend, we don’t lie. We literally can’t.
No custom algorithms. No snake oil. Just solid, open standards implemented with care. We’re not trying to reinvent encryption — we’re trying to respect it.
If you're looking for buzzwords like blockchain, zero-knowledge proofs, or post-quantum encryption… maybe someday. For now? AES-GCM, no stored keys, no nonsense.
That’s how you build trust. Or at least, that’s how we do it.