Frequently asked.

Yes. The AES-GCM 256-bit key is generated in your browser, the video is encrypted in your browser before it leaves your device, and we store only ciphertext — the plaintext never reaches our backend. The decryption key rides in the `#k=...` URL fragment; when the recipient watches, browsers don't transmit fragments on requests, so the key isn't sent to us at viewer time. Honest caveat: at send time the key DOES pass through our backend once — used only to compose the recipient's email link, never logged or persisted. See /security for the line-by-line breakdown and how to avoid even that transient step if you want.

A plain-English consent screen first — no browser permission prompts, no auto-play. They choose 'View & Reply' or 'View only.' If they pick reply, the browser asks for mic permission before any video plays so they're not surprised. The clip plays once, then the recipient gets a confirmation that the wisp has lifted. They can leave a voice reply up to 60 seconds.

Whichever comes first: the moment the recipient finishes watching (the blob is erased server-side when the view completes), or 24 hours from when you sent it. We never keep an unviewed clip past 24h, period.

After 24 hours the encrypted blob is wiped from storage and the link returns a 'mirage has lifted' page. You can re-send by composing again; each send costs one token.

Honestly — yes. We can't stop someone from pointing a second phone at their screen. The product is designed for trust contexts (friends, family, partners) where the social agreement is 'this is meant to be glimpsed once,' not for adversarial DRM. The encryption protects you from the cloud middlemen who would otherwise keep the clip forever; it doesn't protect you from a determined recipient. The viewer does apply three honest deterrents while a wisp is open — the recipient's email + a live timestamp is watermarked across the surface (so any screenshot or screen-recording carries identity in the pixels), the surface blacks out on tab-blur or focus loss, and right-click / drag-save is disabled. These add friction and traceability; they are not prevention, and we deliberately don't call them 'screenshot-proof.'

Yes. The composer has a Video / Note tab; choose Note to type up to 2,000 characters. The note is encrypted in your browser with the same AES-GCM 256-bit primitive used for video, stored as ciphertext only, and the recipient reads it once before the encrypted blob is wiped server-side. A note costs the same one token as the shortest video — flat per-send pricing.

Each wisp you send costs one token. Tokens never expire and are tied to your email — no signup, no password. Packs run from 10 sends ($5) to 200 sends ($60). We did pay-per-send instead of a subscription because the product is bursty by nature; nobody wants to pay $9/mo to send four wisps a year.

Yes — the email shows up in the 'X sent you a wisp' line on the consent screen, and it's the address the voice reply (if there is one) goes to. That's the whole consent model. If you don't want your email visible to a recipient, don't send them a wisp.

If they've already viewed it, it's already wiped — there's nothing to recall. If they haven't, open /sent and verify your email with the one-time code we send (no password, no signup — that one code is the whole auth). Tap the wisp and hit Recall: the blob is wiped server-side and the link stops resolving immediately.

Camera + mic capture rely on getUserMedia and MediaRecorder. iOS Safari 14.1+ and any modern Chromium / Firefox build works fine. We feature-detect and fall back from WebM to MP4 where MediaRecorder reports the WebM mime as unsupported. If a recipient's browser can't decrypt or play, the consent screen tells them in plain English instead of failing silently.

A small studio shipping from Scottsdale, Arizona. Wisp is one of a small set of tools from the same place — alongside the contractor SaaS at projobcalc.com. If something's broken, email hello@wisp.video.