The browser generates a random symmetric key, encrypts the full payload with AES-GCM, and stores the key only in the URL fragment. The server stores ciphertext and metadata, then performs an atomic first-wins reveal when a recipient presses Reveal secret.

To verify this yourself, open browser DevTools, go to Network, create a secret, and inspect the `POST /api/secrets` request. You will see ciphertext in the JSON body and the request URL without the fragment key, because everything after `#` stays in the browser.