Encryption Standard

Safe-R-Exchange uses industry-standard AES-256 encryption — the same standard mandated by governments and financial institutions worldwide for protecting classified and sensitive data. Your password is encrypted before it ever leaves the server, and the resulting code is the only thing that exists.

Each encryption operation uses unique, cryptographically random parameters to ensure that even identical passwords produce completely different codes every time.

Dual Code Formats

Secure codes provide maximum protection with a full-length authenticated encryption scheme. These are ideal for sharing via email, messaging apps, or any channel where code length is not a concern.

Ultra Compact codes are optimised for SMS and character-limited channels while maintaining strong encryption. Both formats are fully encrypted and tamper-resistant.

Sharing Modes

• One-Time Use: The code permanently self-destructs after a single reveal. Once decrypted, it can never be used again.
• Limited Uses: Set a specific number of times the code can be decrypted before it locks permanently.
• 30 Days: Standard expiry window with unlimited reveals.
• Custom Expiry: Choose your own expiration period in days, weeks, or years.
• Never Expires: The code remains valid indefinitely.

Anti-Abuse Protection

Safe-R-Exchange employs multiple layers of protection to prevent automated abuse:

• Human Verification: Every encrypt and decrypt request requires solving a verification challenge to prove human interaction.
• Rate Limiting: All endpoints enforce per-client request limits to prevent brute-force and scraping attempts.
• Tamper Detection: Codes include cryptographic integrity checks. Any modification — even a single character — renders the code permanently invalid.

Zero-Knowledge Design

Safe-R-Exchange is built on a zero-knowledge principle. Your passwords are never stored on our servers in any form — not in databases, not in logs, not in temporary files. The encrypted code itself is the only representation of your password, and only someone with the complete, unmodified code can decrypt it.

For one-time and limited-use codes, we track only an irreversible fingerprint of the code's identifier to enforce usage limits. This fingerprint cannot be used to recover the password or the code.

Infrastructure Security

• All internal files and data directories are access-restricted and not publicly reachable
• Industry-standard security headers are enforced on all responses
• Server configuration prevents directory listing and direct file access
• All cryptographic operations use secure, timing-safe comparison functions to prevent side-channel attacks