OTPBase

Privacy & encryption

Verification codes are sensitive but short-lived. OTPBase is built to hold them for as little time as possible, encrypt them while they're held, and then erase them for good. This page explains exactly how.

Encrypted at rest

Every secret — codes, TOTP seeds — is encrypted with AES-256-GCM before it touches disk. The encryption key lives only in the server environment, never in the database alongside the data it protects. A copy of the database on its own reveals nothing readable.

Lifecycle of a code

A code doesn't linger. From the moment it arrives, it's on a clock:

Stage What happens
Arrives Encrypted before it's committed to storage.
Visible Readable for 15 minutes — in the web view and over the API.
Hidden After 15 minutes it drops out of every view and the API.
Wiped The row is physically deleted within 1 hour of arrival. No backup keeps it past that.

So a code you can see now is gone within the hour, with nothing to recover later.

Burn after reading

You can turn on burn-after-reading. When you do, copying a code drops it roughly 30 seconds later, instead of waiting out the 15-minute window. Use it when you want a code to exist only as long as it takes to paste it.

The optional view password (client-side E2EE)

By default, codes are encrypted at rest and decrypted on our server to show them to you. That's strong, but it means we technically could read them.

Set a view password and that changes. It turns on client-side end-to-end encryption: your codes are decrypted only in your browser, with a key derived from your view password. We store and serve them, but we can't read them — they're unreadable even to us.

The tradeoff is real and worth stating plainly: because the key never reaches us, if you forget your view password, we cannot recover those codes. There's no reset and no backdoor; that's the whole point. Choose this if you want maximum privacy and can manage the password yourself.

Default (server-side) View password (E2EE)
Encrypted at rest Yes Yes
Decrypted on server Yes No — only in your browser
Readable by us Technically possible No
Recoverable if you forget N/A No — codes are lost

No telemetry

There's no analytics, no tracking, and no behavioural telemetry. We don't measure what you open or build a profile of your usage. The less we collect, the less there is to leak.

Where to toggle this

Burn-after-reading and the view password both live under Settings → Privacy (/settings/privacy). Turn them on when you want them; the defaults already encrypt everything at rest and wipe it within the hour.

Это ответило на ваш вопрос? Написать в поддержку