How DocuChan works

Plain language, no marketing. Here's exactly what happens to your file.

1. Encryption happens in your browser

When you upload, your browser generates a random AES-256-GCM key and encrypts the file before any bytes leave your device. We only ever receive ciphertext. Pick several files at once and they're zipped into a single bundle in your browser first, so everything below works exactly the same.

2. The key never reaches our servers

The decryption key is placed in the part of the share link after the # symbol (the “fragment”). Browsers never send the fragment to servers — so even if we wanted to, or were compelled to, we cannot read your file. No backdoors.

3. Optional password

If you add a password, we store only a one-way verifier derived from it (PBKDF2) — never the password itself. It acts as an extra gate on top of the encryption.

4. It deletes itself

Choose burn-after-download and the file is hard-deleted from storage the moment the download completes. Otherwise it expires after the window you pick (up to 7 days, or 30 days with a free account) and a background janitor purges it. We verify the bytes are actually gone — not just flagged.

What we can't do (on purpose)

Because end-to-end encrypted files are opaque to us, we can't scan their contents or preview them. To keep the service from being abused we rely on behavioural signals (rate limits, abuse reports) rather than reading anyone's files. Every download page has a Report this file link.

Beaming straight to another device

Beam skips our storage entirely. When you send a file with Beam, it travels directly between the two devices over an encrypted peer-to-peer channel — we never receive a single byte, not even the filename. The two devices derive an encryption key we never see, and you confirm a short code shown on both screens so no one can secretly relay the connection in the middle. Our only job is helping the devices find each other; once they're connected we keep nothing.