Security model
NexFade is built to minimize what the server can know.
Zero-knowledge transfer
Files and notes encrypt in the browser with AES-256-GCM using Web Crypto. The decryption key stays in the URL fragment, which browsers do not send to the server. NexFade stores ciphertext, expiry metadata, and burn lifecycle state.
Burn semantics
Burn-after-read is tied to the first successful intentional open that grants a download token. Pages do not auto-fetch ciphertext, which reduces accidental consumption by link scanners and preview bots.
Operational controls
The MVP includes strict security headers, rate limits, provider-managed secrets, minimal logs, and scheduled deletion of expired or consumed ciphertext. Raw IPs are not retained by design in app-level logs.