Cloak | Securely send sensitive text

The message is encrypted in client side using XSalsa20Poly1305 authenticated encryption cipher.
A unique key is generated to encrypt the message. This key is never sent to the backend server.
The encrypted message packet is stored in the backend with a unique UUID.
A shareable link (/share/{uuid}#{key}) is generated which contains the UUID for the encrypted message. The secret key is part of this URL as a hash parameter, ensuring that the backend server never receives it.
An additional passphrase is set for creating and opening links, which ensures that only designated recipients can open the link.
The encrypted message is only valid until the user-defined TTL expires or it has been accessed until the access count has reached the maximum limit.

TL; DR: The key used to encrypt the secret text is never stored in the backend. Only the recipient with the link can decrypt the message.