Secrets are encrypted and stored in the database using AES-256-CBC. The 32-character APP_KEY inside the .env file is generated at install and used to encrypt the secrets.

Links are constructed with UUIDs (v4) and are salted (with the APP_SALT value inside the .env file) then hashed (SHA-512) before storage.

An individual link is checked for expiration or a surpassed view limit at each retrieval attempt. If the link should not be shown, its data is deleted. Future versions may include a scheduled job to regularly check link status.