Privacy Policy

Short version: your files and filenames are encrypted on your device with a passphrase only you and your recipient know. I cannot decrypt them. I collect almost nothing else, keep it only as long as needed, and share none of it.

End-to-End Encryption

Every send is end-to-end encrypted in your browser or desktop client before any data is uploaded. The encryption key is derived locally from a passphrase you choose, using Argon2id, and the files and filenames are encrypted with AES-GCM. The passphrase never leaves your device. The server only ever sees ciphertext and a verifier hash that gates downloads but cannot decrypt anything. I am cryptographically unable to read your files, see their original filenames, or recover a forgotten passphrase. You distribute the send link and passphrase to your recipient yourself, by whatever means you choose.

Tracking & Analytics

No cookies. No end-user accounts. No analytics. This site does not track you. IP addresses may appear briefly in operational logs, rate-limit state, and abuse-prevention records held by my hosting provider, and are not retained beyond what is necessary to keep the service running and to block abuse.

Your Files

Your files are stored either in your own S3-compatible storage bucket or, if you opt in, in the shared Community Bucket. In both cases the bytes are encrypted on your device first. The server is not in the download path — files go directly from the storage bucket to your recipient's browser, where they are decrypted locally. I have no interest in your files, and even if I did I could not read them.

Community Bucket

The Community Bucket is a shared storage resource funded by voluntary donations. Each send is granted a unique credential scoped to a dedicated subfolder for that send only — no send can read another send's files. Use of the Community Bucket is a privilege, not a right, and access can be revoked. Because everything you upload is end-to-end encrypted, the Community Bucket operator (me) cannot read your files either.

S3 Credentials (Bring Your Own Bucket)

If you bring your own S3 bucket, the server stores your S3 API credentials in encrypted form so it can mint short-lived presigned download URLs and delete expired sends on your behalf. They are used for no other purpose. When a send expires, the credentials associated with it are deleted after the files are deleted. I recommend using a dedicated API key with the minimum required permissions — see the Getting Started guide for how to set one up.

Send Metadata

The server stores: an encrypted metadata blob (containing the original filenames and any free-text message — encrypted with your passphrase, unreadable to me), the send's expiry date, a passphrase verifier hash, and minimal bookkeeping needed to service active transfers. The server does not store recipient email addresses; you deliver the link to your recipient yourself. All send data is deleted as soon as the send expires or is manually revoked.

Donations

Donations are processed by Stripe, which independently handles all payment information under its own privacy policy. The only information I collect from Stripe is the amount of the transaction, which is used solely to maintain the Community Bucket balance. I do not collect your name, card details, or any other personal information.

Children

The Software is not directed to children under the age of 13, and I do not knowingly collect personal information from children under 13. See Section 3 of the EULA for the full age policy.

Contact

Questions about this policy? Email [email protected].