End-to-end encrypted · No account needed · Native MCP server for AI agents

Sensitive information.
Gone after one read.

Send passwords, credentials, and private messages that self-destruct the moment they're opened. No logs. No traces. No server ever sees your plaintext.

Send a note free How it works

No account required · Notes expire unread after 7 days

AES-256-GCM encrypted
Deleted on read
Key never reaches server
No plaintext stored
Always available

Simple by design

Three steps. Zero exposure.

Your encryption key never leaves your browser. Not even Volta Notes can read your message.

1

Write your message

Type anything: a password, API key, private message. Up to 2,000 characters. Your browser encrypts it locally with a key that only exists in the link.

2

Share the link

You get a one-time URL. The decryption key is embedded in the URL fragment (browsers never send that part to any server). Share it however you like.

3

Read once, gone forever

The recipient opens the link, confirms, and reads the note. The moment it's retrieved, the server deletes it. No second read is possible.

For AI agents

Your agent's secure credential pipeline.

AI agents need secrets at runtime: API keys, passwords, tokens. With the Volta MCP server, those secrets never touch chat history.

1

User creates a note at app.voltanotes.com and sends the one-time URL

2

Agent calls read_volta_note: secret returned, note permanently destroyed

3

Nothing sensitive ever appears in conversation history

Install the MCP server:

# Step 1 — install globally npm install -g @voltanotes/mcp # Step 2 — register with Claude Code claude mcp add -s user volta -- node $(npm root -g)/@voltanotes/mcp/dist/index.js

Restart Claude Code after running step 2. Run claude mcp list to confirm it's connected.

// claude_desktop_config.json { "mcpServers": { "volta": { "command": "npx", "args": ["-y", "@voltanotes/mcp"] } } }

Find this file at ~/Library/Application Support/Claude/ on Mac, or %APPDATA%\Claude\ on Windows.

View on npm → GitHub → Full setup guide →
create_volta_note

Encrypt content locally with AES-256-GCM and store it on the server. Returns a one-time URL. The recipient opens it once, reads it, and it's gone forever.

Input: content Output: one-time URL
read_volta_note

Retrieve and permanently destroy a note. Decrypts locally using the key from the URL fragment. The note cannot be recovered after this call.

Input: url Output: decrypted content

Why it's genuinely private

We can't read your notes.
That's not a promise. It's architecture.

Client-side encryption

Your message is encrypted in your browser before it ever leaves your device. We store only ciphertext. There is no key-escrow, no master key, no way for us, or anyone else, to decrypt it.

The key is in the link

The decryption key lives only in the URL fragment (the part after the #). Browsers never include this in HTTP requests. The server never receives it. Physics, not policy.

Hard deletion on read

When your recipient retrieves the note, the server deletes it immediately as part of the same operation. It cannot be read twice: not by the recipient, not by us, not by a subpoena.

Who uses it

Anything you'd regret forwarding.

If it's sensitive enough to hesitate before sending, Volta Notes is the right tool.

🔑

Passwords & credentials

Share login details with a colleague without leaving them in Slack or email history forever. The note disappears the moment they log in.

💳

Payment details

Send card numbers, sort codes, or account details to someone you trust, without those numbers living in a message thread.

🔐

API keys & tokens

Onboard a new developer or contractor with temporary credentials that expire on first use. No key ever touches your chat history.

📝

Confidential notes

Share legal feedback, medical information, or anything sensitive that doesn't need to be discoverable six months later in a corporate inbox.

For developers

Built open. Designed to trust.

The encryption architecture is simple enough to audit in an afternoon. No magic, no hidden handshakes.

// The note flow in plain terms // 1. Browser generates a random AES-256-GCM key const key = await crypto.subtle.generateKey({ name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']); // 2. Encrypt your plaintext — server receives only ciphertext const ciphertext = await encrypt(plaintext, key); const noteId = await createNote(ciphertext); // server has no key // 3. Key travels only in the URL fragment — never sent to server const shareUrl = `https://app.voltanotes.com/n/${noteId}#${exportKey(key)}`; // 4. Recipient decrypts locally. Server burns the note on retrieval.
AES-256
Encryption standard
GCM
Authenticated encryption
0 logs
Plaintext ever stored
1 read
Then deleted permanently
Coming soon

Volta Notes Premium

Everything in free, plus features for people who send a lot of sensitive notes.

  • Read receipts
  • Custom expiry windows
  • Larger notes (up to 50KB)
  • REST API access
  • Secure account
  • Priority support
You're on the list. We'll be in touch.

No spam. No sharing your email. Unsubscribe any time.

Common questions

Good questions. Honest answers.

Can you read my notes?

No. Your browser generates the encryption key and it never leaves your device. We store only ciphertext. Even if compelled to, we cannot produce your message. We don't have the key.

What happens if nobody opens the link?

Unread notes are automatically deleted after 7 days. The encrypted data is purged from the server with no copy retained anywhere.

Is this safe to use for passwords?

Yes. That's exactly what it's designed for. AES-256-GCM is the same encryption standard used by financial institutions. The architecture means no interception is possible in transit.

What if the link leaks before it's read?

Once someone reads the note, it's gone. If you suspect a link was intercepted before your intended recipient opened it, treat those credentials as compromised and rotate them.

Do I need an account?

No. The free tier is entirely anonymous: type, encrypt, share. No signup, no tracking, no stored session. Premium adds an optional account for features like read receipts.

Is Volta Notes open source?

The encryption design is fully auditable from your browser's developer tools. No hidden scripts. We're working on publishing the source code publicly in the near future.

Ready to send something private?

Free. No account. Takes ten seconds.

Send a Volta Note