protonURL

Secure and confidential sharing

Secured End-to-end encrypted   Unique Single use

(optional, by default your content is encrypted with a protonURL secret key)
Remember to write down your secret key on your side and send it to the recipient of the protonURL so that he can discover its content.
Without this key it will be impossible to retrieve the content of this protonURL because we do not keep your key.
Advanced options

Choose the expiration duration


Tool used to share information secret, private or non-private
with a link whose content will be deleted on first reading.

Frequently asked questions

The protonURL and its content are deleted as soon as they are accessed.
Additionally, protonURL has an automatic deletion policy for sharing links that are not accessed within 72 hours by default. It is possible to modify the lifespan of the link in the advanced options. This means that if the sharing link is not accessed during the selected duration after its creation, it will be permanently deleted from our servers. This measure is taken to ensure that shared data is stored on protonURL's servers for a limited time and to protect the confidentiality of the content.
Yes.
protonURL is designed to provide a secure and confidential content-sharing service. The service ensures that sharing links self-destruct after the first access, meaning that shared data can only be viewed once. This limits access to the shared data and reduces the risk of leaks or misuse.

Regarding data deletion, protonURL does not store shared data on its servers after it has been accessed. The shared data is temporarily stored on our servers only for the duration of the sharing link. Once the sharing link has expired or the data has been accessed, the data is automatically deleted from protonURL’s servers. This ensures that data is not stored longer than necessary and is securely and permanently deleted.

It should be noted that protonURL has an automatic deletion policy for sharing links that are not accessed within 72 hours or the duration selected in the Advanced Options. This means that if the sharing link is not accessed within this period after its creation, it will be permanently deleted from our servers. This measure is taken to ensure that shared data is stored on protonURL’s servers for a limited time and to protect the confidentiality of the content. This also applies to any attached files, which are permanently deleted from our filesystem at the same time.
protonURL is a service designed to ensure the security and confidentiality of shared data. The service guarantees that sharing links self-destruct after the first view and that shared data is automatically deleted from the protonURL.ch servers once the sharing link has expired or the data has been accessed. This ensures that shared data is not stored longer than necessary and that it is securely and permanently deleted.

Regarding traces of shared content, protonURL does not store a copy of the shared data on its servers and does not track the activity of viewing sharing links. This means that we do not keep any record of the shared content or of the people who have viewed the sharing links. This privacy policy is designed to protect users' privacy and ensure that shared data is only accessible to those who have received the sharing link.
Data stored on protonURL is encrypted with AES-256-CBC encryption. A different key and IV are used for each content. This means that even if an attacker manages to access the encrypted data, they will not be able to decrypt it without the corresponding IV. The IV is a random number that is generated for each piece of content when it is encrypted and is stored separately from the encrypted data itself. Encrypted data is stored on secure servers in Europe and is constantly monitored to ensure its security and confidentiality.

Attached files are encrypted with the same AES-256-CBC method and stored outside the web directory, making them inaccessible via HTTP. The original filename is also encrypted separately. Both the file and its metadata are permanently deleted upon first access or expiration.
No, it is not possible to retrieve the content of a protonURL once it has been viewed and the sharing link has expired. When the sharing link is accessed for the first time, the shared content is automatically destroyed and can no longer be viewed or retrieved from the protonURL.

The automatic destruction feature of shared content is an important security measure to protect the confidentiality of the shared data and ensure that it can only be accessed once. This greatly reduces the risk of data leaks or misuse of confidential information.

It is therefore important to ensure that the people who have access to the protonURL have the necessary information to view the shared content upon first reading. If the recipients are unable to view the content of the protonURL within the given timeframe, it is recommended to recreate a sharing link with a new protonURL to ensure that the data remains protected.
No. As soon as the first contact consults the protonURL, its content will be erased, so the next contact who wishes to consult the content will no longer have access to it.
Yes. You can attach a file (up to 10 MB) when creating a protonURL. The file is encrypted with AES-256-CBC using the same key as the text — including your custom key if you use one. It is stored outside the web directory and is permanently deleted the moment the protonURL is first accessed, or when it expires. The recipient downloads the file directly from the reveal page, and like the text, it can only be accessed once.
Yes. You can activate this option by checking the box for it under the text box and filling in your key. Be sure to save it and pass it on to the person who will need to open your protonURL, because as we do not store users' private keys, without it it will be impossible to display the content. This key also encrypts any attached file — the recipient will need it to download the file as well.
No. This private key is used when creating the protonURL to encrypt the content but is not saved. It is therefore important that you keep it on your side and pass it on to the recipient in order that it can display the content.
The system will try to decrypt the protonURL with this bad key, the content will be displayed still encrypted, then as soon as it is displayed it will be deleted like a classic protonURL. Indeed, as we do not save the private keys, it it was not possible for us to test if the entered key is the correct one.
No. protonURL is not primarily designed as a fake URL shortener.
Its main purpose is to let you create and share temporary links securely, without storing or tracking the original URL in any way.

However, you can paste any URL and share a protonURL instead of the original one.
This means the main URL won’t appear in the link you send, which can sometimes look similar to a “fake URL shortener” — but there is no redirect manipulation, no tracking, and no hidden behavior.

protonURL simply generates a clean temporary link, nothing more.
Simply because sending passwords, or sensitive content, by email or SMS is very risky, especially since this content remains available for months, and even years, in the inbox and in the sent items.
With our system, all that will remain in these boxes is a link to content that no longer exists.

Do you want to create a pre-filled link?

You can link to protonURL with the text box pre-filled to have the protonURL ready to be created. To do this, you just need to create a link like:
https://protonurl.ch?prefilled=TG9yZW0gaXBzdW0KZG9sb3Igc2l0IGFtZXQ=

The content of the "prefilled" field must be encoded in base64. Here is an example code in PHP:
<a href="https://protonurl.ch/?prefilled=<?php echo base64_encode("Login: my-login\nPassword: my-password"); ?>" target="_blank">Bouton</a>

You can also include the language to redirect the visitor directly to your language:
<a href="https://protonurl.ch/en?prefilled=<?php echo base64_encode("Login: my-login\nPassword: my-password"); ?>" target="_blank">Bouton</a>

Please note, this feature is intended for experienced users, use these pre-filled links with care, they should only be displayed to people who are already aware of the content or to whom this content is voluntarily sent, and not to the public. The "prefilled" content encoded via base64 is not encrypted, this encoding is used simply to facilitate the creation and sharing of the link. We decline all responsibility in the event of misuse of our system.

Proof of deletion

Deletion proofs certify that a URL's content has been permanently destroyed — after being read or upon expiration.

Since version 2, each proof is cryptographically signed with protonURL's ECDSA private key. Anyone can verify it independently using the published public key — no server trust required.

- https://api.protonurl.ch/deletion_proof/dfedb23a4437ae2652763d26b38463d072bd2ef28862fbafeadcc98249516bb2

To verify independently:

# 1. To verify independently:
echo -n "URL|HASH|DELETED_AT|REASON" > data.txt
base64 -d <<<"SIGNATURE_FROM_JSON" > sig.bin
openssl dgst -sha256 -verify public-key.pem -signature sig.bin data.txt Download public key

Proofs generated before the v2 update contain a SHA-256 hash of content metadata. They serve as a server-side audit trail but require trusting the protonURL server.

- https://api.protonurl.ch/deletion_proof/dfedb23a4437ae2652763d26b38463d072bd2ef28862fbafeadcc98249516bb2

- https://api.protonurl.ch/deletion_proof/https://protonurl.ch/en/dfedb23a4437ae2652763d26b38463d072bd2ef28862fbafeadcc98249516bb2

- https://api.protonurl.ch/deletion_proof/https://protonurl.ch/dfedb23a4437ae2652763d26b38463d072bd2ef28862fbafeadcc98249516bb2