Get the App
Download on the App Store Get it on Google Play Get it from Microsoft
or
Use the Web App
Secure Drop
Anonymous · Encrypted · No login required
Your message is sealed and anonymous. We cannot identify you. No account or login is needed.
Your message
Max 3 files, 10 MB each
Powered by City of Hats · Get your own Secure Drop
Secure Channel
Anonymous · Bidirectional · Encrypted
Start an anonymous conversation. You'll receive a thread code to check for replies later.
Your message
Max 3 files, 10 MB each
Thread Code
Enter your thread code above to check for replies.
Powered by City of Hats · Get your own Secure Channel
🔒 Sealed Tip

Anonymous Tips.
Sealed & Encrypted.PREMIUM

Submit sensitive information to verified organizations without revealing your identity. End-to-end encrypted, zero-knowledge architecture. No account required for tipsters.

City of Hats Sealed Tip
Anonymous by Design

Report Without Risk

Sealed Tip lets anyone send encrypted information to an organization — without accounts, phone numbers, or any identifying data. The tip is sealed on your device before it ever leaves.

  • No account, phone number, or email required to submit a tip
  • End-to-end encrypted — only the recipient organization can decrypt
  • Zero-knowledge servers — City of Hats cannot read tip content
  • Tamper-proof delivery with cryptographic integrity verification
  • Configurable auto-destroy timers and burn-after-read
Core Capabilities

Built for Source Protection

Every layer of Sealed Tip is designed to protect the identity of the person submitting information — from encryption to delivery to destruction.

🕵️

True Anonymity

No account creation, no phone number, no email. Tipsters submit through a one-time encrypted channel. No metadata is stored that could link a tip to any identity.

ANONYMOUS
🔐

End-to-End Encryption

Tips are encrypted on the sender's device using AES-256-GCM before transmission. The server only stores ciphertext — decryption happens exclusively on the recipient organization's device.

AES-256-GCM
🔥

Auto-Destroy Lifecycle

Tips can be configured with burn-after-read, limited retrieval counts, and auto-destroy timers. Once destroyed, the encrypted payload is permanently erased from all servers.

BURN

Organization Verification

Recipient organizations are verified to ensure tips reach the intended party. Cryptographic key verification prevents impersonation and man-in-the-middle attacks.

VERIFIED
Process

How Sealed Tip Works

Four steps from submission to secure delivery. The tipster's identity is never recorded, linked, or stored at any point in the process.

1

Open Tip Channel

Access the organization's Sealed Tip page — no login or account required. A one-time encrypted channel is established.

2

Compose & Seal

Write your tip and attach evidence. Everything is encrypted locally on your device before it ever touches a server.

3

Anonymous Delivery

The sealed tip is transmitted through encrypted relay. No IP logs, no session cookies, no identifying metadata retained.

4

Secure Retrieval

The verified organization decrypts and reads the tip on their device. Burn-after-read or auto-destroy kicks in per the configured rules.

🕵️ Anonymous Tipster

No account, no identity, no metadata stored

Seals

🔐 Encrypted Payload

AES-256-GCM ciphertext only on server

Delivers

🏢 Verified Organization

Decrypts on-device, source unknown

✍️
Compose
Write tip & attach files
🔒
Seal
Encrypt locally on device
📤
Deliver
Anonymous relay to org
📖
Read
Org decrypts on-device
🔥
Destroy
Permanently erased
Applications

Who Uses Sealed Tip?

From newsrooms to compliance departments — Sealed Tip provides a secure channel for anyone who needs to report sensitive information anonymously.

📰

Investigative Journalism

Sources send tips to newsrooms without risking exposure. Journalists receive encrypted information with no way to trace the sender.

🏢

Corporate Whistleblowing

Employees report misconduct, fraud, or safety violations to compliance teams through a channel that protects their identity.

⚖️

Legal Reporting

Witnesses and informants submit information to legal teams with cryptographic guarantees of anonymity and data integrity.

🏥

Healthcare Compliance

Report patient safety concerns, regulatory violations, or unethical practices without fear of professional retaliation.

🏦

Financial Oversight

Submit tips about market manipulation, insider trading, or regulatory breaches to oversight bodies with full source protection.

🌍

Human Rights Organizations

Activists and witnesses report abuses to NGOs from hostile environments where identity exposure could be life-threatening.

Security Architecture

What We Enforce

Sealed Tip is built on strict cryptographic principles. Here's what the architecture guarantees — and what it never allows.

Enforced by Architecture

  • Client-side encryption before transmission
  • Zero-knowledge server architecture
  • No tipster identity collection or storage
  • Cryptographic organization verification
  • Automatic payload destruction after lifecycle
  • No IP logging or session tracking for tipsters
  • Tamper-proof delivery verification

Never Allowed

  • No plaintext storage on any server
  • No tipster metadata retention
  • No server-side decryption capability
  • No third-party access to encrypted tips
  • No linking tips to device fingerprints
  • No recovery after auto-destroy
  • No government backdoor compliance