Send a Secret Message — No Account, One-Time Link

Why send secrets through Message Shuttle?

When you share a password, API key, or one-time code through Slack, WeChat, email, or SMS, that message sits in chat history, server logs, and backups — often for years. Even if you “delete” it, the recipient may have already screenshot it, and the platform may retain a copy.

Message Shuttle takes a different approach: the message exists on the server for exactly one read. When the recipient enters the 4-character pickup code, the server executes a getAndDelete operation — read and destroy in a single atomic call. After that, the content is gone. There is no chat history, no search index, and no backup to leak.

The pickup code is a 4-character uppercase hex string (0–9, A–F) generated from crypto.randomUUID(), giving 65,536 possible combinations. Even if someone has the link to the pickup page, they still need the code to retrieve the message. And because the code is short, you can easily read it aloud over a phone call or write it on a sticky note.

Use cases for secret messages

Any time you need to share a piece of sensitive text and you do not want it to persist in someone's chat history, email inbox, or company Slack workspace, a one-time message is the right tool. Here are the most common scenarios:

• Share a Wi-Fi password with a visitor without it sitting in your office Slack channel forever.
• Send an API key or token to a co-developer for a one-time setup — it disappears after they use it.
• Transfer a one-time password (OTP) or verification code to a client without email trails.
• Share a home address or phone number with a friend without it being cached in cloud chat history.
• Send bank account details to a family member for a single transfer — auto-deleted in 24 hours.

How to send a secret message with Message Shuttle

1. Write your secret. Open msg.shuttlelab.org/send and paste or type the sensitive content into the text box.
2. Click “Send Message”. Message Shuttle generates a 4-character uppercase hex pickup code (for example, B7E2). The code comes from crypto.randomUUID() and has 65,536 possible combinations.
3. Share the code privately. Use the “Share with code” button to copy the pickup URL and code to your clipboard, then paste them into any channel — chat, email, or voice call.
4. Recipient retrieves once. The recipient opens msg.shuttlelab.org/pickup, enters the code, and clicks “Confirm”. The message is copied to their clipboard and permanently deleted from the server.

The entire process takes about 30 seconds. No accounts, no app installations, no browser extensions. Works on desktop and mobile browsers. For an extra layer of security, share the pickup code through a different channel than the URL — for example, send the link via email and the code via SMS.

Privacy and threat model

Being honest about what Message Shuttle does and does not protect against:

Message Shuttle protects: server-side data retention

Messages are deleted immediately on read via getAndDelete. Unread messages expire after 24 hours (86,400 seconds). There is no chat history, no search index, and no permanent storage.

Message Shuttle protects: accidental oversharing

Unlike a message in a group chat, the secret is only visible to whoever has the pickup code. It is not broadcast to a channel or stored in a shared workspace.

Message Shuttle does NOT protect: content during storage

Messages are stored in Cloudflare KV without application-level encryption. Cloudflare encrypts data at rest at the infrastructure level, but the server can technically read message content. Message Shuttle does not log message content, but it is not end-to-end encrypted.

Message Shuttle does NOT protect: recipient-side capture

The recipient can screenshot, copy, or photograph the message before it is deleted. No web tool can prevent this.

Message Shuttle does NOT protect: code interception

The 4-character pickup code is transmitted in plain text. Anyone who intercepts the code (e.g. from a forwarded chat message) can retrieve the content. For high-security scenarios, share the code through a different channel than the URL.

Common issues when sharing secrets

“I sent a password in Slack and now it's in the search index forever”

Slack, Microsoft Teams, and similar platforms index every message for search. Even if you delete your copy, the recipient's workspace may retain it in compliance archives. Use a one-time message instead — it never enters the chat system.

“I emailed an API key and now it's in my sent folder”

Email is stored on multiple servers (sender, recipient, backup). Deleting an email does not guarantee removal from all copies. Message Shuttle stores the content in one place (Cloudflare KV) and deletes it on read.

“I shared a code over WeChat but the recipient didn't read it in time”

WeChat recall has a 2-minute limit and does not guarantee the message is gone. Message Shuttle gives the recipient a full 24-hour window, after which the message is automatically deleted by Cloudflare KV — no manual recall needed.

“Someone forwarded my secret message to a group chat”

With Message Shuttle, there is no message to forward. The recipient sees the content on a web page; there is no embeddable card, no preview, and no message object that can be forwarded to another conversation.

Frequently Asked Questions

Can I send a password securely with Message Shuttle?

Message Shuttle is suitable for one-time password sharing. The password is stored in Cloudflare KV, deleted after the recipient reads it, and auto-expires in 24 hours. However, it is not end-to-end encrypted — the server can technically read the content during the storage window. For the highest security needs, combine with tools like GPG or Signal.

Why not just send secrets via Slack, WeChat, or email?

Messages in Slack, WeChat, and email persist in chat history, server logs, and backups — often indefinitely. Even 'deleting' a WeChat message does not guarantee the recipient hasn't already seen or cached it. Message Shuttle deletes the message from the server immediately after it is read, leaving no history to search or leak.

Does the recipient need to create an account?

No. Neither the sender nor the recipient needs to sign up. Open the page, type a message, share the code. The recipient opens the pickup page, enters the code, and reads the message — all in about 30 seconds.

Is there a limit on how many secret messages I can send?

There is no per-user limit. Message Shuttle does not track users or require authentication, so there is no account to rate-limit. Each message is independent and gets its own 4-character code.

What happens if I share the wrong content?

If the recipient has not yet picked up the message, you can delete it via the API using the pickup code (DELETE /api/messages/{id}). Once the message is read, it is already deleted from the server. The current UI does not expose a recall button — only the API supports this.

Can I send files or images?

No. Message Shuttle currently supports text-only messages. The practical limit is Cloudflare KV's 25 MB per-value maximum, but the tool is designed for short-form text like passwords, codes, addresses, and notes.

Is Message Shuttle open source?

Yes. The source code is available on GitHub at github.com/ShuttleLab/message-shuttle. It is built with Next.js 15, React 19, and deployed on Cloudflare Pages.