diff --git a/index.html b/index.html
new file mode 100644
index 0000000..6c79e54
--- /dev/null
+++ b/index.html
@@ -0,0 +1,233 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Secure Pastebin - End-to-End Encrypted Message Sharing</title>
+    <meta name="description" content="Share sensitive messages securely with AES-256 encryption. Zero-knowledge architecture, password protection, self-destructing messages.">
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg">
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&family=JetBrains+Mono:wght@400;500&family=Vazirmatn:wght@400;500;600&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="/style.css">
+</head>
+<body>
+    <div class="container">
+        <header>
+            <div class="logo">🔐</div>
+            <h1>Secure Pastebin</h1>
+            <p class="subtitle">End-to-End Encrypted • Password Protected • Self-Destructing</p>
+            <div class="security-badges">
+                <span class="badge">🔒 AES-256-GCM</span>
+                <span class="badge">🔑 Password</span>
+                <span class="badge">🛡️ Zero-Knowledge</span>
+                <span class="badge">⚡ Web Crypto API</span>
+            </div>
+        </header>
+
+        <div id="errorDisplay" class="card alert alert-error" style="display: none;">
+            <span>❌</span>
+            <div style="flex: 1;">
+                <strong>Error</strong>
+                <div id="errorMessage"></div>
+            </div>
+        </div>
+
+        <div id="createView" class="card">
+            <div class="alert alert-warning">
+                <span>⚠️</span>
+                <div>
+                    <strong>Important:</strong> The encryption key is stored only in the URL fragment (after #). 
+                    If you lose the URL, the data is permanently lost. We cannot recover it.
+                </div>
+            </div>
+            
+            <textarea id="content" placeholder="Enter your secret message here... (Supports English, Persian, Arabic, Hebrew, and all languages)" dir="auto"></textarea>
+            
+            <div class="password-section">
+                <label class="password-toggle">
+                    <input type="checkbox" id="enablePassword" onchange="togglePassword()">
+                    <span>🔐 Protect with Password (Optional)</span>
+                </label>
+                <div id="passwordWrapper" class="password-input-wrapper">
+                    <label>Enter Password:</label>
+                    <input type="password" id="passwordInput" placeholder="Minimum 4 characters">
+                    <small style="color: var(--text-muted); display: block; margin-top: 8px;">
+                        This password will be required to decrypt the message. Share it separately.
+                    </small>
+                </div>
+            </div>
+            
+            <div class="options-grid">
+                <div class="form-group">
+                    <label>⏱️ Expiration</label>
+                    <select id="expiresIn">
+                        <option value="3600">1 Hour</option>
+                        <option value="86400" selected>1 Day</option>
+                        <option value="604800">1 Week</option>
+                        <option value="2592000">30 Days</option>
+                    </select>
+                </div>
+                
+                <div class="form-group">
+                    <label>🔥 Security Mode</label>
+                    <label class="checkbox-wrapper">
+                        <input type="checkbox" id="burnAfterRead">
+                        <span>Burn after reading</span>
+                    </label>
+                </div>
+            </div>
+            
+            <button id="createBtn" class="btn" onclick="createPaste()">
+                <span id="btnText">🔐 Encrypt & Save</span>
+            </button>
+            
+            <div id="resultBox" class="result-box">
+                <div class="alert alert-success" style="margin-bottom: 12px;">
+                    <span>✅</span>
+                    <strong>Successfully encrypted!</strong>
+                </div>
+                <div id="passwordNotice" class="alert alert-info" style="display: none; margin-bottom: 12px;">
+                    <span>🔑</span>
+                    <div>
+                        <strong>Password Protected!</strong><br>
+                        Remember to share the password separately. It is NOT in the URL.
+                    </div>
+                </div>
+                <div class="url-container">
+                    <input type="text" id="shareUrl" class="url-input" readonly>
+                    <button class="btn btn-copy" onclick="copyUrl()">📋 Copy</button>
+                </div>
+                <div class="meta-info">
+                    ⏰ Expires: <span id="expiryTime"></span> • 🔑 Key never leaves your browser
+                </div>
+            </div>
+        </div>
+
+        <div id="passwordPrompt" class="card password-prompt">
+            <div class="alert alert-info" style="margin-bottom: 20px;">
+                <span>🔐</span>
+                <div>This message is password protected.</div>
+            </div>
+            <h3>Enter Password to Decrypt</h3>
+            <input type="password" id="decryptPassword" placeholder="Password">
+            <button class="btn" onclick="decryptWithPassword()">
+                <span id="decryptBtnText">🔓 Decrypt</span>
+            </button>
+            <p id="passwordError" style="color: var(--error); margin-top: 12px; display: none;">
+                ❌ Wrong password!
+            </p>
+        </div>
+
+        <div id="decryptView" class="card decrypt-view">
+            <div id="burnNotice" class="burn-warning" style="display: none;">
+                <span>🔥</span>
+                <span>This message will be permanently deleted after you view it!</span>
+            </div>
+            
+            <h3 style="margin-bottom: 12px;">🔓 Decrypted Content</h3>
+            <div id="decryptedContent" class="content-box" dir="auto"></div>
+            
+            <button class="btn btn-secondary" onclick="window.location.href='/'" style="margin-top: 16px;">
+                📝 Create New Message
+            </button>
+        </div>
+
+        <div class="card how-it-works">
+            <h2>🔍 How It Works</h2>
+            <div class="steps">
+                <div class="step">
+                    <div class="step-number">1</div>
+                    <div class="step-content">
+                        <h3>Client-Side Encryption</h3>
+                        <p>Your message is encrypted in your browser using AES-256-GCM before being sent to the server. The encryption key is generated locally and never transmitted.</p>
+                    </div>
+                </div>
+                <div class="step">
+                    <div class="step-number">2</div>
+                    <div class="step-content">
+                        <h3>Zero-Knowledge Storage</h3>
+                        <p>The server only stores the encrypted ciphertext. It cannot read, decrypt, or access your original message. We have zero knowledge of your content.</p>
+                    </div>
+                </div>
+                <div class="step">
+                    <div class="step-number">3</div>
+                    <div class="step-content">
+                        <h3>Key in URL Fragment</h3>
+                        <p>The decryption key is embedded in the URL fragment (after #) which never reaches the server. Only the recipient with the full URL can decrypt.</p>
+                    </div>
+                </div>
+                <div class="step">
+                    <div class="step-number">4</div>
+                    <div class="step-content">
+                        <h3>Password Protection (Optional)</h3>
+                        <p>You can add an extra password layer. The password is used to derive the encryption key via PBKDF2 with 100,000 iterations. Share it separately.</p>
+                    </div>
+                </div>
+                <div class="step">
+                    <div class="step-number">5</div>
+                    <div class="step-content">
+                        <h3>Self-Destruction</h3>
+                        <p>Choose "Burn after reading" to automatically delete the message after first view, or set an expiration time (1 hour to 30 days).</p>
+                    </div>
+                </div>
+            </div>
+            
+            <div class="tech-specs">
+                <h3>🛡️ Technical Specifications</h3>
+                <div class="specs-grid">
+                    <div class="spec-item">AES-256-GCM Encryption</div>
+                    <div class="spec-item">PBKDF2 Key Derivation (100k iterations)</div>
+                    <div class="spec-item">Random 12-byte IV per message</div>
+                    <div class="spec-item">256-bit Encryption Keys</div>
+                    <div class="spec-item">No Server-Side Logs</div>
+                    <div class="spec-item">MySQL Database Storage</div>
+                    <div class="spec-item">Web Crypto API (Native)</div>
+                    <div class="spec-item">No Registration Required</div>
+                </div>
+            </div>
+        </div>
+
+        <footer>
+            <p>🛡️ Zero-Knowledge Architecture • Server cannot read your data</p>
+            <p style="font-size: 0.8rem; margin-top: 8px; color: var(--text-muted);">
+                Built with privacy in mind. No tracking. No analytics. Open source.
+            </p>
+            
+            <div class="footer-links">
+                <a href="https://github.com/TheGreatAzizi/Secure-Pastebin-Cloudflare-Worker/" target="_blank" rel="noopener">
+                    <svg width="16" height="16" fill="currentColor" viewBox="0 0 24 24"><path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23.957-.266 1.983-.399 3.003-.404 1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576 4.765-1.589 8.199-6.086 8.199-11.386 0-6.627-5.373-12-12-12z"/></svg>
+                    GitHub
+                </a>
+                <a href="https://x.com/the_azzi" target="_blank" rel="noopener">
+                    <svg width="16" height="16" fill="currentColor" viewBox="0 0 24 24"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"/></svg>
+                    @the_azzi
+                </a>
+            </div>
+
+            <div class="internet-for-all">
+                <div class="hashtag">#InternetForAll</div>
+                <div class="rights-text">
+                    <strong>Internet access is a fundamental human right.</strong><br>
+                    Restricting internet access violates human rights and limits freedom of expression, 
+                    access to information, and the ability to communicate securely. 
+                    We believe in <strong>free, open, and secure internet for everyone</strong> — 
+                    regardless of borders, politics, or censorship.
+                </div>
+            </div>
+
+            <div class="tech-stack">
+                <span>PHP</span>
+                <span>•</span>
+                <span>MySQL</span>
+                <span>•</span>
+                <span>Web Crypto API</span>
+                <span>•</span>
+                <span>AES-256-GCM</span>
+            </div>
+        </footer>
+    </div>
+
+    <script src="/script.js"></script>
+</body>
+</html>