Skip to main content
How It WorksUse CasesPricingSecurityDevOpsDocs
Log InGet Started

Send it once.
Then it's gone forever.

Create encrypted links that self-destruct after one view — or on a schedule you control. Built for teams that need audit trails, compliance, and zero-knowledge security.

secure-link
ciph4.com/dd/7Xk2pL9mQ
EXPIRES: 23H · 1 VIEW · 3 DOWNLOADS
Get Started

Start with 20 free links this month — no credit card required

End-to-End EncryptedZero-KnowledgeAES-256-GCMCompound ExpiryFile Requests
AES-256
End-to-end encrypted
6
Threat rules, auto-disable
7
Framework templates
API
Full REST API coverage
<1s
Instant self-destruct

Trusted by security teams sharing credentials, legal docs, and API keys across

Financial ServicesHealthcareLegalGovernmentTechnologyConsulting
ciph4.com/dashboard

Dashboard

Welcome back

+ New Share
Active Links
12
Views (7d)
47
Burned
8
Failed Auth
0
TypeNameStatusCreatedExpires
SENTProd DB credentialsActive2h ago23h
SENTAWS access keyViewed5h ago19h
REQVendor NDA uploadFulfilled1d ago6d
SENTSSH key - stagingRevoked2d ago
SENTStripe webhook secretBurned3d ago

// See It In Action

Watch a secure link in 30 seconds

From secret to ashes. No accounts, no installs, no trace.

Demo only
ciph4.com

Starting demo...

Ready to try it? Create a free link →

// How It Works

Dead simple. Dead secure.

An old spy technique reimagined for the enterprise. Four steps. Zero accounts for recipients.

01

Upload Your Secret

Drop files or paste text. The content scanner checks for personal information, health data, and sensitive keywords before anything leaves your browser.

Content scanner + AES-256-GCM encryption
02

Encrypt

Everything is end-to-end encrypted with AES-256-GCM in your browser. Enterprise organizations can manage their file collection keypair through AWS KMS, Azure Key Vault, or GCP KMS. The server stores only ciphertext — never plaintext.

Client-side encryption + key management
03

Share

Send via email or copy the secure link. Share it over any channel. The link itself reveals nothing. No account required for recipients.

Email or copy link
04

Self-Destruct

Set expiry by time, view count, or download limit — the link burns on whichever triggers first. Every destruction produces a signed receipt your auditors can verify offline.

Time × Views × Downloads · signed receipts
CISO_PITCH.md
“You know how your employees share passwords, API keys, and legal docs over email? Those emails sit in Exchange forever. Any admin, any compromised account, any subpoena — they're all exposed. CIPH4 gives them a secure link. One view. Then it's gone. Even we can't retrieve it.

// Security

Trust nothing. Encrypt everything.

A hybrid security architecture: zero-knowledge encryption for sharing, customer-controlled encryption for file collection, and enterprise-grade controls for compliance and monitoring.

KEY MGMT

Key Management (BYOK)

Two modes for your organization’s file collection keypair: CIPH4-managed or Cloud KMS (AWS KMS, Azure Key Vault, GCP KMS). Shared secrets are always encrypted client-side with AES-256-GCM — keys live in the URL fragment and never reach the server.

DRM

Access Restrictions

Apply watermarks, disable printing, block downloads, and disable access at any time. Granular controls ensure your files stay under your authority even after sharing.

SCANNER

Content Scanner

Analyzes your content in your browser before encryption and recommends security settings — passphrase protection for credentials, shorter expiry for sensitive documents, view limits for confidential files. No plaintext ever leaves your device.

THREAT INTEL

Security Alerts & Auto-Disable

Six detection rules on every access: IP scanning, geo-anomaly, brute force, rapid access, link forwarding, and time-zone mismatch. Threats auto-disable the link and alert your team in real time.

SSO / SCIM

SSO Enforcement & SCIM Provisioning

Enforce single sign-on with popular identity providers (Azure AD, Okta, Google, and more). Automatically add and remove users as they join or leave your organization.

FILE REQUESTS

Encrypted File Requests

Request files from anyone — no account needed. Share a secure upload link, and recipients upload directly into your encrypted workspace. Inbound file collection with end-to-end encryption.

COMPLIANCE

7 Compliance Framework Templates

Built-in policy templates and health dashboards for SOC 2, HIPAA, GDPR, ISO 27001, NIST 800-53, FedRAMP, and CMMC. Executive-branded PDF reports included.

PROOF-OF-DELETION

Tamper-Evident Audit & Deletion Receipts

Every event is SHA-256 hash-chained — tampering with one row breaks the chain, detectable instantly. Enterprise burns produce Ed25519-signed deletion receipts your auditors can verify offline with our public JWKS.

ZERO-KNOWLEDGE

Zero-Knowledge Architecture

Zero-knowledge for shared secrets — we store only ciphertext and cannot decrypt your data. File collection uses envelope encryption where your organization controls the decryption key via BYOK or CIPH4-managed wrapping.

Don't trust us — verify it yourself. Enterprise deletions come with a cryptographic receipt you can independently verify.

security-audit.sh
# CIPH4 Security Audit
Encryption✓ End-to-end encrypted
Custom Key✓ 2 modes available
Access Restrictions✓ Watermark + disable
Content scanner✓ PII/PHI detection
SSO/SCIM✓ SAML, OIDC, SCIM 2.0
Compliance✓ 7 frameworks
Server knowledge✓ Zero (ciphertext only)
Security alerts✓ Auto-disable enabled
File requests✓ Encrypted inbound collection
Proof-of-deletion✓ Ed25519 receipts
Audit chain✓ SHA-256 hash-chained
All checks passed. Privacy confirmed.

// Use Cases

Every department has secrets.

Current solutions are clunky, expensive, or insecure. CIPH4 fixes all three.

Email

Stored forever, accessible by IT admins, subpoena-able

Encrypted ZIP

Clunky — people share the password in the same email

Secure FTP

Expensive, slow onboarding for external users

Signal / WhatsApp

Not auditable, not enterprise-approved

CIPH4 replaces all of the above
Security

Securely share security reports with external researchers

Legal

Send confidential documents to opposing counsel

HR

Securely deliver termination packets and credentials

Incident Response

Share security audit logs with external vendors

Compliance

Give auditors one-time access to evidence

M&A

Share data rooms with bidders — track who viewed what

// Pricing

Simple pricing. No secrets there.

Start free. Upgrade when your team needs audit logs, analytics, compliance, and enterprise security.

Free

Secure Sharing for Individuals

$0

Free forever

Get Started

GET FREE IF YOU:

  • Need to share passwords or keys occasionally
  • Want zero-knowledge encryption without paying
  • Are evaluating CIPH4 for your team

Key Features:

  • 20 secure links/month
  • 10 MB file size
  • 1 GB storage
  • 1h or 24h expiry
  • Passphrase protection
  • Audit log
Most Popular

Teams

End-to-End Security for Growing Teams

$29/seat

Per month

Start Now

GET TEAMS IF YOU:

  • Share credentials with team members daily
  • Need analytics and audit trails for compliance
  • Want API access and CSV exports

Everything in Free, plus:

  • 250 secure links/month
  • 100 MB file size
  • 50 GB/seat storage
  • 1h, 24h, or 7d expiry
  • File requests
  • Departments
  • API key access
  • CSV export

Enterprise

Full Compliance & Access Control Suite

$49/seat

Per month · Minimum 10 users

Start Nowor request a demo →

GET ENTERPRISE IF YOU:

  • Must meet SOC 2, HIPAA, or GDPR requirements
  • Need SSO, SCIM, and org-wide policies
  • Require cryptographic deletion receipts

Everything in Teams, plus:

  • Unlimited secure links
  • 1 GB file size
  • 500 GB/seat storage
  • SSO (SAML / OIDC)
  • SCIM provisioning
  • Compliance suite (SOC 2, HIPAA)
  • Deletion receipts
  • DRM protection
  • BYOK key management
  • Custom branding & SMTP
  • Webhooks
  • Dedicated support

The cost of not securing shared secrets

The average data breach costs $4.45M (IBM, 2023). CIPH4 Enterprise for a 50-person team costs $2,450/month — less than the cost of a single compromised credential in an incident response. Every password pasted in Slack is a breach waiting to happen.

All prices are per seat, billed monthly. No annual commitment required.

Need a custom plan? Talk to sales

Developer Experience

Built for Developers

Full REST API covering every feature. Automate secure sharing in your pipeline.

REST API

API key authentication. Create and manage drops, file requests, and compliance data programmatically. Endpoints covering every major feature.

Webhooks

Real-time HTTP callbacks when links are viewed, burned, or expire. Trigger your own workflows without polling.

Slack Integration

Create secure links and receive view notifications directly in Slack channels. No context switching.

OpenAPI Spec

Full OpenAPI 3.0 specification. Generate client libraries in any language. Detailed request and response schemas.

terminal
# Create a self-destructing secret via API
# Content is encrypted client-side before sending
$ curl -X POST https://www.ciph4.com/api/dead-drops \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{"encryptedPayload":"U2FsdGVk...","iv":"rBc4OH...","expiresIn":"1h","maxViews":1,"isText":true}'
# Response
{"id":"clxyz...","expiresAt":"2026-04-19T15:00:00.000Z","burned":false,"viewsRemaining":1,"maxViews":1,"maxDownloads":null}

Stop pasting secrets into Slack.

Create your first encrypted link in under 10 seconds. One view, then it's gone. No credit card required.

Get StartedTalk to Sales