BurnLink lets you share sensitive files with end-to-end encryption and one-time links that burn themselves after access. No accounts. No permanent storage. No trust required.
Hey Product Hunt, I'm Joy, the maker of BurnLink — a product by Paperfrogs/Open (paperfrogs.dev) — and I want to tell you exactly why I built it. I kept sending sensitive files the wrong way. Credentials over Slack. API keys in email. Config files on Google Drive with "anyone with the link." Every time, a quiet voice saying this is a terrible idea. So I built the thing I actually wanted to use.
What is BurnLink? BurnLink is a zero-knowledge, one-time file sharing tool. You upload a file, get a link, share it. The recipient opens it once — and it's gone. Permanently. No second chances, no recovery, no trace.
What actually makes it different? Every other "secure" sharing tool makes one quiet assumption: trust us with your data. They encrypt in transit. They store on their servers. They hold the keys. You just hope. BurnLink flips that model entirely:
Zero-knowledge by design — encryption happens entirely in your browser via the native WebCrypto API (AES-256-GCM + PBKDF2). Your file never travels the network unencrypted. Ever.
The key never hits our server — it lives in the URL fragment (#). Browsers don't include fragments in HTTP requests. We are architecturally incapable of decrypting your file. Not policy. Not a promise. Physics.
True one-time links — not "expires in 7 days." Burns on first open. One view, gone forever. The moment someone opens it, it's dead.
No accounts, no metadata, no logs — we can't tell you who opened it or when, because we genuinely don't know. That's the point.
Why not just use [X]?
Bitwarden Send — great, but requires a Bitwarden account on both ends OnionShare — powerful, but needs an install and technical setup WeTransfer / Google Drive — no real encryption, files persist, they can read it Just emailing it — please don't
BurnLink is just a link. No installs. No accounts. You paste it, they open it, it's gone. We don't ask you to trust us — we built it so you don't have to.
Under the hood Built at Paperfrogs Labs as a solo project, using Node.js + Express, Netlify serverless functions, Supabase for storage, and the browser's native WebCrypto API — no heavyweight crypto libraries. Clean, auditable, minimal.
Who is it for? If you've ever cringed sending a password over Slack, shared credentials in a Notion doc, or emailed a .env file — this is for you. Perfect for developers, ops teams, freelancers, and anyone handling sensitive files without a proper secrets manager.
What I appreciate most is the scope discipline. Congrats on this! Longer term — have you thought about a “burn after N minutes” time-limited option in addition to the one-open model? Sometimes you want the link to self-destruct before anyone opens it if it was sent to the wrong person.
What an amazing project, simple, useful, and secure. I've been searching for something like this for ages, and BurnLink solves the problem perfectly. I'll definitely start using it from now on. Congratulations on the launch!
Hey everyone! 👋
Excited to share that BurnLink is now live on Product Hunt and available at burnlink.page.
I’m Niloy, one of the makers and the product designer behind BurnLink, and it’s been amazing seeing this idea evolve into a real product.
BurnLink is a product of Paperfrogs/Open, where we build and release open-source tools and systems.
The project is fully open source, and we’re hoping to grow it with community feedback.
If you get a chance to try it, I’d love to hear your thoughts on:
• the design and experience • potential use cases • how you’d use a tool like this in real workflows • ideas for features or improvements • the privacy approach • the design and experience • the open-source direction
Feedback, ideas, and suggestions are all welcome!
Thanks for checking out BurnLink and supporting the launch ❤️
Nice concept. I like the idea of truly one-time links that disappear after access.
Curious: how do you handle cases where the recipient opens the link but doesn’t fully download the file? Is the burn triggered on first access or only after a successful transfer?
Joy G. Majumdar
Hey Product Hunt,
I'm Joy, the maker of BurnLink — a product by Paperfrogs/Open (paperfrogs.dev) — and I want to tell you exactly why I built it.
I kept sending sensitive files the wrong way. Credentials over Slack. API keys in email. Config files on Google Drive with "anyone with the link." Every time, a quiet voice saying this is a terrible idea. So I built the thing I actually wanted to use.
What is BurnLink?
BurnLink is a zero-knowledge, one-time file sharing tool. You upload a file, get a link, share it. The recipient opens it once — and it's gone. Permanently. No second chances, no recovery, no trace.
What actually makes it different?
Every other "secure" sharing tool makes one quiet assumption: trust us with your data. They encrypt in transit. They store on their servers. They hold the keys. You just hope.
BurnLink flips that model entirely:
Zero-knowledge by design — encryption happens entirely in your browser via the native WebCrypto API (AES-256-GCM + PBKDF2). Your file never travels the network unencrypted. Ever.
The key never hits our server — it lives in the URL fragment (#). Browsers don't include fragments in HTTP requests. We are architecturally incapable of decrypting your file. Not policy. Not a promise. Physics.
True one-time links — not "expires in 7 days." Burns on first open. One view, gone forever. The moment someone opens it, it's dead.
No accounts, no metadata, no logs — we can't tell you who opened it or when, because we genuinely don't know. That's the point.
Why not just use [X]?
Bitwarden Send — great, but requires a Bitwarden account on both ends
OnionShare — powerful, but needs an install and technical setup
WeTransfer / Google Drive — no real encryption, files persist, they can read it
Just emailing it — please don't
BurnLink is just a link. No installs. No accounts. You paste it, they open it, it's gone. We don't ask you to trust us — we built it so you don't have to.
Under the hood
Built at Paperfrogs Labs as a solo project, using Node.js + Express, Netlify serverless functions, Supabase for storage, and the browser's native WebCrypto API — no heavyweight crypto libraries. Clean, auditable, minimal.
Who is it for?
If you've ever cringed sending a password over Slack, shared credentials in a Notion doc, or emailed a .env file — this is for you. Perfect for developers, ops teams, freelancers, and anyone handling sensitive files without a proper secrets manager.