myglimpse.app
What is myglimpse.app?
MyGlimpse holds the small secrets that don't belong in a password manager and end up in a note called "stuff" or on a sticky note under the keyboard. The office WiFi password. The alarm code you punch every morning. The Airbnb lockbox. The card PIN that deserts you at the till with a queue forming behind you. Press and hold to read one, let go and it's gone, and after a few seconds it hides itself.
The vault works entirely offline. Everything is encrypted on the device and stays there — no account, no sync, no analytics, no network request to make the app work. The only thing that ever leaves your phone is a secret you choose to share, and even then our relay only ever holds the encrypted blob; the key travels in the link itself and never reaches us. The recipient opens it in MyGlimpse, or views it once in their browser before it burns. Your phone's own Face ID, fingerprint, or pattern is the key to the vault, so there's no master password to lose.
I built it in free time to scratch my own itch. I'd spent years on cryptography in the insurance world — among other things, an identity provider with WebAuthn and U2F — so the encryption was the easy part; the harder question was why it didn't already exist. I meant to sell it. I couldn't justify it: the app is offline and there's no server quietly costing money in the background to pay for. So it's free. It's the kind of thing that should have existed already — and maybe it does, somewhere, who knows. At least now there are two of them.
What it does
Hold to glimpse
Press and hold to reveal a secret. Let go and it's hidden; after a few seconds it blurs back on its own, and it locks itself when you walk away. Nothing left sitting on screen.
Your phone's lock is the key
Face ID, fingerprint, or the pattern you already use. No master password to forget, because there isn't one.
Encryption you can name
XChaCha20-Poly1305 with an Argon2id-derived key, kept in the device's secure keychain. We never see it, can't read your data, and can't recover it. That's the point.
Offline by default
The vault needs no server and makes no network request. Type a secret in, or point the camera at a WiFi QR code and store it without typing at all.
Share without handing it over
Optional, and still zero-knowledge: the relay only ever holds the encrypted blob, the key rides in the link and never reaches us, and the recipient reads it in MyGlimpse or views it once in the browser before it burns.
Moves with you
Export an encrypted, passphrase-protected file and import it on a new phone. The transfer is between you and your device — we never see the file or the passphrase.
How it's built
Flutter with a custom UI — the same app on iOS and Android, not stock widgets. The vault is encrypted on-device with XChaCha20-Poly1305 and an Argon2id-derived key held in the OS secure keychain, unlocked by the phone's own biometric or pattern. There's no backend for the app itself; the only server is an optional relay for shared secrets, and it never receives anything but ciphertext. Built by someone who spent years on cryptography in insurance, including an identity provider with WebAuthn and U2F.
Where we are
MyGlimpse is live and free on the App Store and Google Play — no account, no email, no tier. Unlock it with the lock you already use and hold to read your secrets back.
A family plan is what comes next, and it's the one part that isn't only about convenience. It uses Shamir's secret sharing: a vault can be split so a family holds it together, with each MyGlimpse account keeping a single share and no one person — us included — able to reconstruct it alone. The reason it exists is quieter than the rest of the app. The practical things people keep in a vault — a bank PIN, where the accounts are, what the insurance covers — tend to disappear silently when the person who knew them can't get to their phone, and the people left behind are locked out at the worst possible time. Set it up once, and that doesn't happen. With luck, it's never needed.