Disposable chat rooms. Zero logs. No database. Gone.
BurnChat is a self-hostable, ephemeral chat room service where messages exist only in server RAM. No database, no log files, no user accounts, no analytics. Create a room, share the link, chat, and hit the burn button β every message is wiped from memory in under 10 milliseconds.
Live demo: burnchat.io
Every major chat platform stores your messages permanently β even after you "delete" them:
- Slack keeps compliance exports your employer can download anytime
- Teams stores copies in a hidden Exchange folder called SubstrateHolds
- Discord files persist on their CDN after account deletion
- WhatsApp backups retain "deleted" messages; Meta keeps metadata forever
BurnChat takes the opposite approach: we eliminated storage entirely.
The most secure data is data that doesn't exist.
- π₯ Instant burn β any participant can destroy the room in milliseconds
- π Room passwords β lock and unlock rooms on the fly
- π Custom URLs β
burnchat.io/your-room-name - π· Image sharing β compressed in browser, stored in RAM only
- β‘ Auto-burn β room self-destructs when everyone leaves
- π Day/night mode β auto-detects by time of day
- π Admin panel β aggregate stats only, zero PII
git clone https://github.com/Astro33s/BurnChat.io
cd burnchat
npm install
node server.jsOpen http://localhost:3000 in your browser. That's it.
ADMIN_PASS='your-secret' PORT=3001 node server.jsnpm install -g pm2
ADMIN_PASS='your-secret' PORT=3001 pm2 start server.js --name burnchat
pm2 saveβββββββββββββββββββββββββββββββββββββββββββββββ
β Client β
β Vanilla HTML/CSS/JS β
β Socket.IO (polling) β
ββββββββββββββββββββ¬βββββββββββββββββββββββββββ
β
ββββββββββββββββββββΌβββββββββββββββββββββββββββ
β server.js β
β β
β ββββββββββββββββββββββββββββββββββββββββ β
β β const rooms = new Map() β β
β β β β
β β Room { β β
β β id, messages[], users Map, β β
β β password, autoburn, createdAt β β
β β } β β
β β β β
β β β Lives entirely in RAM β β
β β β No disk writes β β
β β β No database driver installed β β
β ββββββββββββββββββββββββββββββββββββββββ β
β β
β Express + Socket.IO v4.5 β
β Node.js (v12+ compatible) β
ββββββββββββββββββββββββββββββββββββββββββββββββ
- Server sends
room-burnedsignal to all connected users - Every socket connection is forcefully disconnected
- All background timers (cleanup, expiry) are cancelled
- Message array length set to zero β every reference removed
- User map cleared β no record of who was in the room
- Room deleted from the server registry
- Garbage collector reclaims the freed memory
Total time: under 10 milliseconds.
| Variable | Default | Description |
|---|---|---|
PORT |
3000 |
Server port |
ADMIN_PASS |
changeme123 |
Admin panel password |
| Setting | Value |
|---|---|
| Max messages per room | 100 |
| Max message length | 2,000 chars |
| Max image size | 500 KB |
| Max username length | 24 chars |
| Max users per room | 50 |
| Room cleanup delay | 30 seconds |
| Room max age | 24 hours |
burnchat/
βββ server.js # Entire backend (single file)
βββ package.json
βββ public/
β βββ index.html # Full SPA frontend
β βββ admin.html # Admin panel
β βββ favicon.svg
β βββ og-image.svg
β βββ sitemap.xml
β βββ robots.txt
β βββ blog/
β βββ index.html
β βββ *.html # Blog articles
βββ deploy/
βββ nginx-burnchat.conf
βββ burnchat.service
- Node.js 12+ (tested on 18 and 20)
- That's it. No database. No Redis. No build step.
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install --production
COPY . .
ENV PORT=3000
EXPOSE 3000
CMD ["node", "server.js"]docker build -t burnchat .
docker run -p 3000:3000 -e ADMIN_PASS='your-secret' burnchatSee deploy/nginx-burnchat.conf for a ready-to-use Nginx configuration with WebSocket/polling support.
| Endpoint | Method | Description |
|---|---|---|
/api/burn-count |
GET | Total rooms burned |
| Endpoint | Method | Description |
|---|---|---|
/admin-burnchat/api/stats |
GET | Full server statistics |
/admin-burnchat/api/reset |
POST | Reset all statistics |
- No E2E encryption (yet) β messages pass through the server. We're zero-storage, not zero-knowledge.
- Can't prevent screenshots β we guarantee we don't keep data, not that every participant is trustworthy.
- Not a Signal replacement β BurnChat is for one-time conversations that should disappear.
- Server operator trust β self-host to eliminate the trust question entirely.
Found a security issue? See SECURITY.md for responsible disclosure.
Contributions are welcome! See CONTRIBUTING.md.
- Website: burnchat.io
- Blog: burnchat.io/blog
- Twitter/X: @burnchatio
The most secure data is data that doesn't exist.