Roadmap
fetchOnce is actively developed. Core zero-knowledge sharing is stable and production-ready. Here is what comes next.
Zero-knowledge secret sharing
AES-256-GCM browser encryption. Server stores only ciphertext. One reveal, then permanent deletion. The core of everything.
Rate limiting & CSRF protection
Per-IP sliding-window rate limits on create and reveal. Signed HMAC tokens with expiry on every POST. Hardened against abuse.
PIN / passphrase protection
Sender sets a PIN communicated out-of-band. The browser derives a combined key from the link key and PIN before encrypting. Two factors: something you have (the link) and something you know (the PIN). Server has zero knowledge of either.
Registered API
Authenticated REST API for programmatic secret creation. Integrate one-time sharing into CI/CD pipelines, scripts, and internal tools. API keys scoped per account, rate-limited independently.
Webhook notifications
Opt-in POST callback the moment your secret is revealed. Provide a URL at creation time and receive a signed notification with the secret ID and reveal timestamp. No secret content — just the signal.
Access tracking
For paid accounts: opt-in logging of when a secret was revealed and basic client metadata. Lets senders confirm the intended recipient opened it. Strictly opt-in. Does not affect the zero-knowledge model for secret content.
Team workspaces
Shared accounts with role-based access, usage dashboards, and centralised billing. Manage secrets across an organisation without compromising the encryption of individual records.
Self-hosted enterprise
Run fetchOnce on your own infrastructure. Annual licence, Docker image, full data sovereignty. For organisations that cannot send secrets outside their environment.