About

Why Choose Us?

Secure File Share is built for those who value privacy without complexity. By handling encryption client-side and enforcing strict deletion policies, we minimize risks and give you peace of mind. If you have questions, feel free to contact us—we're here to help.

Unlike sending files via email, text messages, or apps like WhatsApp, our service ensures your sensitive data stays truly private. Here's why we stand out:

• Zero Visibility for Admins: No email administrators, database admins, or even our team can access your files. Encryption happens entirely in your browser using the Web Crypto API, so unencrypted data never touches our servers. In contrast, email and messaging providers scan or store content for sale, ads, or compliance—exposing your files to potential internal access or breaches.
• No Persistent Storage Risks: Your files never linger on a server vulnerable to hacks. Once downloaded by all recipients or expired (24-72 hours), they're automatically and irreversibly deleted from storage and our database—no backups, no traces. Email and WhatsApp attachments can sit indefinitely in inboxes or cloud backups, making them prime targets for data dumps in breaches. With us, you'll never receive a dreaded "sorry, your information has been hacked" email because we don't retain your data long-term.
• Out-of-Band Passphrase Sharing: We force passphrase sharing via secure, separate channels (e.g., phone call or encrypted chat), preventing interception in transit. Email and texts often bundle files with weak or no encryption, leaving everything exposed if the message is compromised.
• Military-Grade, Client-Side Security: AES-256-GCM encryption with PBKDF2 key derivation ensures brute-force resistance, all processed locally. Messaging apps use end-to-end encryption inconsistently (and not for attachments), while email relies on transport encryption that fails if endpoints are insecure.

Welcome to Secure File Share, a privacy-focused platform designed to let you send files securely without compromising on transparency or ease of use. We believe in empowering users with full knowledge of how their data is handled, so we've outlined the technical details below in simple terms. Our system ensures that your files are protected at every step, with encryption happening directly in your browser—meaning we never see your unencrypted data or your passphrase.

Our Commitment to Security and Transparency

As a company, we prioritize your privacy. We don't store any records of your transactions beyond what's necessary for the transfer process. Once files are downloaded by all recipients or expire, they're automatically deleted from our servers, along with all associated database entries. We never access or log your passphrases, file contents, or personal details for any purpose.

How It Works: Uploading Files

When you upload files, the entire encryption process happens on your device using modern web technologies. Here's a step-by-step breakdown:

• Passphrase Generation: You create your own or generate a strong passphrase (at least 16 characters). This is the key to accessing and unlocking the files. Importantly, you must share this passphrase with recipients through a separate, secure channel—like a phone call, encrypted messaging app, or in person.
• Encryption Details: We use AES-GCM (Advanced Encryption Standard with Galois/Counter Mode), a highly secure encryption algorithm recommended by experts. It provides 256-bit encryption, which is considered military-grade and resistant to brute-force attacks. The key is derived from your passphrase using PBKDF2 (Password-Based Key Derivation Function 2) with SHA-256 hashing and 250,000 iterations—this makes it extremely difficult for anyone to guess or crack the key even if they have advanced computing power.
• Random Elements for Added Security: Each file gets a unique 16-byte salt (random data to strengthen the key derivation) and a 12-byte initialization vector (IV, to ensure the same passphrase encrypts differently each time). These are generated randomly in your browser.
• File Processing: Files are encrypted in chunks to handle large files efficiently without overwhelming your device. The encrypted data is prefixed with the salt and IV.
• Obscuring File Names: On our servers, files are stored with encrypted identifiers instead of their original names. This obscures the original file names, adding an extra layer of privacy.
• Upload and Expiration: Encrypted files and metadata (like the IV, salt, and obscured file ID) are uploaded securely. You choose an expiration time (24, 48, or 72 hours), after which files are irreversibly deleted. Files are always deleted once all recipients have downloaded them.
• Recipient Notification: We send an email to recipients with a unique secure download link, but no passphrase or file details are included in the email.

How It Works: Downloading Files

Recipients access files through a unique secure link, where decryption also happens entirely in their browser:

• Accessing Files: Recipients enter their email and the passphrase you shared separately. If correct, they see a list of available files.
• Decryption Details: Using the same AES-GCM 256-bit encryption standard, the browser derives the key from the passphrase, salt, and IV. Files are downloaded encrypted, then decrypted in chunks for efficiency. The original file name is restored upon successful decryption.
• Download Options: Files can be downloaded individually or all at once. Files will be deleted once all recipients have downloaded them or the time limit has expired.

Key Security Features