Built so the worst day of the internet is an inconvenience, not a disaster.
Most security pages are written for engineers. This one is written for you. No jargon. No hand-waving. Just the plain truth about what we do and what we don't.
Your real machine is air-gapped from the website
Your computer never runs the website's code. Not the JavaScript, not the cookies, not the downloads. The website runs on a Linux machine in our cloud, and what you see is just a video stream of its screen — like watching someone else's computer over a video call.
in plain englishIf a link is a virus, it infects our throwaway machine. Which gets thrown away in a few minutes. Your laptop stays clean.
Every session is destroyed at the end
When you click End (or after 5 minutes of idle, whichever comes first), the entire virtual machine is wiped at the platform level. The hard drive is reclaimed and zeroed. The next session starts from a fresh image — there's nothing left of the previous one.
in plain englishNo history. No cookies. No saved passwords. No lingering session token. Like the computer never existed — because it didn't, really.
The website never sees your real identity
What the website sees is our cloud's IP, a fresh installation of the browser you picked, no extensions, no cookies, no fingerprintable plugins. There is no link from that session back to your real machine, your real browser, or your real network.
in plain englishNothing for them to track. Nothing to remember you by next time.
The data we keep is the bare minimum
We log: which browser you picked, which region, when the session started, when it ended, and how many minutes you used. That's it. We do not log URLs you visit, keystrokes you type, or page contents — and crucially, we couldn't even if we wanted to. The session VM doesn't report any of that back.
in plain englishEven our own engineers can't see what you did inside a session. The architecture wouldn't allow it.
The connection between you and the session is encrypted
Your keystrokes/mouse and the streamed video both flow over a TLS-encrypted WebSocket. Nobody on your wifi, your ISP, or any router in between can see what you're doing in the session — they only see encrypted traffic.
in plain englishAs private as opening your bank's website over HTTPS, but for an entire computer.
Your payment details never touch our servers
Stripe Checkout collects card numbers on Stripe's own domain — we receive a payment intent ID, not your card. First purchases are challenged with 3D Secure. Disputes auto-trigger a kill-switch that bans the offending account and revokes credits.
in plain englishIf a card is stolen and used on Mitryxa, our system shuts it down before the chargeback can land.
The honest yes/no.
The honest limits.
Not a VPN replacement
A VPN protects all the traffic from your real device. Mitryxa only protects whatever happens inside the cloud session. They solve different problems — sometimes you want both.
Not a Tor replacement
If you need the strongest possible anonymity, pick the Tor browser inside Mitryxa. That gives you Tor + the throwaway machine. By itself we're anonymity for the website, not for the network operator.
Not a way to commit fraud
Sessions are tied to a paid account with a Stripe-validated card. We cooperate with law enforcement on criminal investigations. The product is for legitimate privacy and safety — not abuse.
Not a guarantee against you
If you sign into your real Google inside a session, the session will use it. If you download malware and ship it out yourself, the destruction at session end can't undo what you exported. The shield is around the session, not around your decisions.
Found something we should fix?
We treat security reports seriously and fast. Use the Mitryxa report-an-issue form. No ceremony, no NDAs.