Privacy
What we store
- Encrypted file contents (ciphertext), until deletion.
- Minimal metadata: an unguessable id, file size, an encrypted filename label we cannot read, your chosen expiry and burn setting, a one-way password verifier (if set), and a download counter.
- A salted, hashed form of the uploader's IP for abuse prevention — never the raw IP.
What we never store
- Your decryption key (it lives only in the link fragment).
- Your password in any recoverable form.
- The plaintext contents of end-to-end encrypted files.
- File contents in logs.
Deletion
Files are deleted on download (burn mode) or at expiry, whichever comes first. Metadata rows are removed once the file is purged.
Beam (device-to-device)
When you use Beam, your files never touch our storage. The two devices connect directly whenever possible, and we relay only the brief, automatically-expiring signalling needed to introduce them — short-lived public keys and connection details, deleted within minutes. When no direct path exists, the encrypted stream passes through a relay that cannot read it. We store no file, no filename, and nothing that would let us reconstruct or read the transfer.
No ads, no data sales
We do not show ads and we do not sell data. The service is designed to know as little about your files as technically possible. Our only analytics is cookieless and self-hosted on our own server — it counts visits and funnel steps, and never sees a filename or link id.