BurnLink lets you share sensitive files with end-to-end encryption and one-time links that burn themselves after access. No accounts. No permanent storage. No trust required.
Hey Product Hunt, I'm Joy, the maker of BurnLink — a product by Paperfrogs/Open (paperfrogs.dev) — and I want to tell you exactly why I built it. I kept sending sensitive files the wrong way. Credentials over Slack. API keys in email. Config files on Google Drive with "anyone with the link." Every time, a quiet voice saying this is a terrible idea. So I built the thing I actually wanted to use.
What is BurnLink? BurnLink is a zero-knowledge, one-time file sharing tool. You upload a file, get a link, share it. The recipient opens it once — and it's gone. Permanently. No second chances, no recovery, no trace.
What actually makes it different? Every other "secure" sharing tool makes one quiet assumption: trust us with your data. They encrypt in transit. They store on their servers. They hold the keys. You just hope. BurnLink flips that model entirely:
Zero-knowledge by design — encryption happens entirely in your browser via the native WebCrypto API (AES-256-GCM + PBKDF2). Your file never travels the network unencrypted. Ever.
The key never hits our server — it lives in the URL fragment (#). Browsers don't include fragments in HTTP requests. We are architecturally incapable of decrypting your file. Not policy. Not a promise. Physics.
True one-time links — not "expires in 7 days." Burns on first open. One view, gone forever. The moment someone opens it, it's dead.
No accounts, no metadata, no logs — we can't tell you who opened it or when, because we genuinely don't know. That's the point.
Why not just use [X]?
Bitwarden Send — great, but requires a Bitwarden account on both ends OnionShare — powerful, but needs an install and technical setup WeTransfer / Google Drive — no real encryption, files persist, they can read it Just emailing it — please don't
BurnLink is just a link. No installs. No accounts. You paste it, they open it, it's gone. We don't ask you to trust us — we built it so you don't have to.
Under the hood Built at Paperfrogs Labs as a solo project, using Node.js + Express, Netlify serverless functions, Supabase for storage, and the browser's native WebCrypto API — no heavyweight crypto libraries. Clean, auditable, minimal.
Who is it for? If you've ever cringed sending a password over Slack, shared credentials in a Notion doc, or emailed a .env file — this is for you. Perfect for developers, ops teams, freelancers, and anyone handling sensitive files without a proper secrets manager.
Joy G. Majumdar
Hey Product Hunt,
I'm Joy, the maker of BurnLink — a product by Paperfrogs/Open (paperfrogs.dev) — and I want to tell you exactly why I built it.
I kept sending sensitive files the wrong way. Credentials over Slack. API keys in email. Config files on Google Drive with "anyone with the link." Every time, a quiet voice saying this is a terrible idea. So I built the thing I actually wanted to use.
What is BurnLink?
BurnLink is a zero-knowledge, one-time file sharing tool. You upload a file, get a link, share it. The recipient opens it once — and it's gone. Permanently. No second chances, no recovery, no trace.
What actually makes it different?
Every other "secure" sharing tool makes one quiet assumption: trust us with your data. They encrypt in transit. They store on their servers. They hold the keys. You just hope.
BurnLink flips that model entirely:
Zero-knowledge by design — encryption happens entirely in your browser via the native WebCrypto API (AES-256-GCM + PBKDF2). Your file never travels the network unencrypted. Ever.
The key never hits our server — it lives in the URL fragment (#). Browsers don't include fragments in HTTP requests. We are architecturally incapable of decrypting your file. Not policy. Not a promise. Physics.
True one-time links — not "expires in 7 days." Burns on first open. One view, gone forever. The moment someone opens it, it's dead.
No accounts, no metadata, no logs — we can't tell you who opened it or when, because we genuinely don't know. That's the point.
Why not just use [X]?
Bitwarden Send — great, but requires a Bitwarden account on both ends
OnionShare — powerful, but needs an install and technical setup
WeTransfer / Google Drive — no real encryption, files persist, they can read it
Just emailing it — please don't
BurnLink is just a link. No installs. No accounts. You paste it, they open it, it's gone. We don't ask you to trust us — we built it so you don't have to.
Under the hood
Built at Paperfrogs Labs as a solo project, using Node.js + Express, Netlify serverless functions, Supabase for storage, and the browser's native WebCrypto API — no heavyweight crypto libraries. Clean, auditable, minimal.
Who is it for?
If you've ever cringed sending a password over Slack, shared credentials in a Notion doc, or emailed a .env file — this is for you. Perfect for developers, ops teams, freelancers, and anyone handling sensitive files without a proper secrets manager.