FAQ
Getting started
Go to the register page, enter an email address and a password. We'll send you a verification email — click the link and you're in. No phone number, no real name required. A temporary or alias email works fine.
Yes. Ephemeral is a web app — it runs in any browser, including on your phone. Open it in your mobile browser and optionally add it to your home screen for a native-app feel (Safari → Share → Add to Home Screen on iOS; Chrome → Install app on Android). No app store needed.
No. Ephemeral runs in the browser. On iOS, push notifications only work when the app is installed to your Home Screen. On Android and desktop it works without any extra steps.
How it works
Once the recipient opens the message, a 60-second countdown starts. When it reaches zero the message fades out on both screens — permanently. There is no way to extend or disable this timer. That's not a bug; it's the whole point.
The message is held securely until they open the app, for up to 48 hours. Once they open the conversation the 60-second timer starts. If 48 hours pass without delivery, the message is deleted and you'll see a notice that it was never delivered.
You can — but each browser and device is treated as a separate identity, so there are a few things to know. Your encryption key is generated on the device and never leaves it, which means it can't be synced. As a result:
In short: for a given contact, stick to one browser on one device when you can. Switching is fine, but anything in flight at that moment may need to be re-sent. Full multi-device support is on the list for a future version.
Ephemeral can't technically prevent screenshots. If this is a concern, only exchange sensitive information with someone you trust.
Yes. Messages are encrypted on your device before they're sent. Our server only ever sees encrypted data it cannot read. Your private key never leaves your device.
What it's good for
Sharing things that are sensitive now but don't need to exist tomorrow:
.env secret, or SSH credential you need to pass to a developerNot really — that's not what it's for. If you want secure day-to-day messaging, use Signal. Ephemeral is a sharp tool for a specific job: sharing something sensitive with someone you trust, without leaving a trace.
Experimental service
You said this is experimental — what does that mean?
Ephemeral is an independent project built by a solo developer. It is not backed by a security company and has not been independently audited. The cryptographic design follows established best practices (ECDH key agreement + AES-GCM encryption — the same algorithms used by Signal), but "best practices" is not the same as "audited at scale."
Use it with that in mind. For anything where the stakes are very high, treat Ephemeral as one layer of protection, not the only one.
Comparisons
A few reasons:
Ephemeral requires only an email address, keeps no permanent chat history, and there is no conversation log to export or restore.
Signal is excellent and we genuinely recommend it for secure day-to-day communication. But a couple of things make it a poor fit in some situations:
Ephemeral is not a Signal replacement — it's a much simpler tool for a much narrower job. If you can use Signal, use Signal. Ephemeral is for the moments when you can't.