How We Handle Metadata

Metadata is data about data. Even when content is encrypted, metadata can reveal a lot about behavior. Quickburn aims to minimize what we keep. This article explains exactly what is stored, for how long, and why.

Necessary bits

When you create a secret, the server stores:

• A random identifier for the encrypted blob
• The ciphertext and its nonce
• The expiration timestamp
• A counter for how many times the link has been fetched

We need this information to deliver and burn the secret. Without an expiration timestamp, secrets would linger indefinitely. The read counter lets us enforce single‑view links.

What we skip

We do not log IP addresses, user agents, referrers, or account identifiers. Server logs are rotated quickly and contain only aggregate information for monitoring health. We do not embed analytics scripts or third‑party trackers.

Retention policy

Expired or consumed secrets are deleted immediately. A scheduled task sweeps the database to remove any stragglers. Metadata in server logs is purged within 30 days. We maintain no backups of secrets; if something is deleted by mistake, it’s gone.

Future considerations

If we ever enable optional accounts or paid plans, we will revisit what metadata is necessary. Any change will be documented in the privacy policy and will default to the most private option. We believe transparency builds trust, so our code remains open for public review.

Understanding metadata helps you gauge the true privacy of a service. Quickburn keeps only the bits required to make self‑destructing links work and nothing more.