Privacy & encryption
Verification codes are sensitive but short-lived. OTPBase is built to hold them for as little time as possible, encrypt them while they're held, and then erase them for good. This page explains exactly how.
Encrypted at rest
Every secret — codes, TOTP seeds — is encrypted with AES-256-GCM before it touches disk. The encryption key lives only in the server environment, never in the database alongside the data it protects. A copy of the database on its own reveals nothing readable.
Lifecycle of a code
A code doesn't linger. From the moment it arrives, it's on a clock:
| Stage | What happens |
|---|---|
| Arrives | Encrypted before it's committed to storage. |
| Visible | Readable for 15 minutes — in the web view and over the API. |
| Hidden | After 15 minutes it drops out of every view and the API. |
| Wiped | The row is physically deleted within 1 hour of arrival. No backup keeps it past that. |
So a code you can see now is gone within the hour, with nothing to recover later.
Burn after reading
You can turn on burn-after-reading. When you do, copying a code drops it roughly 30 seconds later, instead of waiting out the 15-minute window. Use it when you want a code to exist only as long as it takes to paste it.
The optional view password (client-side E2EE)
By default, codes are encrypted at rest and decrypted on our server to show them to you. That's strong, but it means we technically could read them.
Set a view password and that changes. It turns on client-side end-to-end encryption: your codes are decrypted only in your browser, with a key derived from your view password. We store and serve them, but we can't read them — they're unreadable even to us.
The tradeoff is real and worth stating plainly: because the key never reaches us, if you forget your view password, we cannot recover those codes. There's no reset and no backdoor; that's the whole point. Choose this if you want maximum privacy and can manage the password yourself.
| Default (server-side) | View password (E2EE) | |
|---|---|---|
| Encrypted at rest | Yes | Yes |
| Decrypted on server | Yes | No — only in your browser |
| Readable by us | Technically possible | No |
| Recoverable if you forget | N/A | No — codes are lost |
No telemetry
There's no analytics, no tracking, and no behavioural telemetry. We don't measure what you open or build a profile of your usage. The less we collect, the less there is to leak.
Where to toggle this
Burn-after-reading and the view password both live under Settings → Privacy (/settings/privacy). Turn them on when you want them; the defaults already encrypt everything at rest and wipe it within the hour.