When you create a link for your secret, it gets encrypted in the browser with AES, and then the encrypted data and the IV gets saved to the database, and the key and the link will be displayed. We never have access to the key to decrypt your secret.
You shouldn't and guess what? I don't trust you, either. To verify that I don't access any of your sensitive data, you can look at the source code of the application; it is open-source. You can also monitor what happens in the browser to verify that we are not sending the encryption key to the server.