Share the link,
not the destination.
Runnel links expire on schedule, revoke in seconds, and keep where they point end-to-end encrypted — we couldn't read your destinations if we wanted to.
runnel.link/s/K3kiAUzn2fovMy8tBvCoxA#r.eHW87bGAYIvx9tZjvcF67cCGgzhPeO1e
The id — the only part of the link our servers ever see.
The key — it rides in the #fragment, which browsers never send over the network.
How it works
- 1
Encrypted in your browser
The destination is encrypted on your device before anything reaches us, and the key never leaves the link.
- 2
Share one opaque link
Recipients see an id and nothing else. You choose how it opens: redirect, URL masking, or full proxy.
- 3
Stay in control
Set an expiry and a use limit when you mint. Revoke any time — a revoked link is a dead 404 within seconds.
Blind by design
What we store
- Ciphertext of each destination
- Timestamps, use counts, bytes served
- Your account email
What we can't read
- Where your links point — stored only encrypted
- The keys — they live in fragments and never reach us
- Your unlock password — all decryption happens on your device
One honest exception: the destination you type is checked once, at creation, against malware and phishing blocklists — then discarded, never stored. Details in the Terms.
Three ways to deliver
Redirect
Works with every destination — SPAs, logins, downloads. The destination is revealed on open; revoking stops new clicks.
URL masking
Hides the destination from the URL bar. Won't work if the destination disallows framing.
Proxy
The destination is never exposed and revoking fully cuts access. Downloads are size-capped.
Free while in beta
20 links a month, instant revocation, passkeys, and the API — no card required.