Security model
Security boundaries for Shhhs accounts, links, previews, support, and Cloudflare protection.
No recovery promise
Shhhs is designed for temporary sharing, not permanent retention. Support cannot decrypt, recover, or recreate secret content.
- No secret recovery
- No plaintext support access
- Billing support is metadata-only
Preview protection
No-fragment or preview access must not reveal or burn a secret. Messaging systems should receive metadata-safe pages only.
- No plaintext in previews
- No destructive preview controls
- Private routes noindex
Cloudflare protection
The public service runs behind Cloudflare Workers, D1, R2, Access for platform admin, Turnstile where configured, API Shield, WAF rules, and edge security settings.
- API Shield schema validation
- Abuse rules
- Admin protected by Access