last updated: april 8, 2026
Your files are stored temporarily on Cloudflare R2. We never read them. No account is required for basic use. We collect only what's needed to move your file from you to a link. We track download counts and countries for your analytics — nothing else.
When you drop a file, it's split into chunks and uploaded directly to Cloudflare R2 object storage via presigned URLs. Each upload gets a unique session ID and a download token. The file is accessible only through that token — there's no browsing or listing of files.
For each upload we store: filename, file size, MIME type, chunk progress, upload session ID, download token, and expiry timestamp. If you pay for an upload or subscribe to Pro, we store the payment reference. If you sign in with Google, we store your email, name, and profile picture to manage your account and Dashboard.
For portals, we store the portal name, optional message, owner email, and an optional password hash. Portal passwords are hashed with SHA-256 and a random salt — we never store them in plain text.
This metadata is stored in a SQLite database on our server. It exists to manage uploads, generate download links, and run your Dashboard. Nothing more.
When someone views or downloads your file, we log the event type (view or download), the country derived from Cloudflare's CF-IPCountry header, and a timestamp. This data powers the per-file analytics in your Dashboard. We do not store IP addresses, browser fingerprints, or any other identifying information about the downloader.
We don't read, scan, or analyze your file contents. We don't use third-party analytics or tracking scripts. We don't store IP addresses. We don't use cookies for tracking — only for session management, password-protected file access, and portal password access. Theme preference is stored in your browser's localStorage.
We use the following cookies, all httpOnly and secure: a session cookie for signed-in users (30-day expiry), a download access cookie for password-protected files (1-hour expiry), a portal access cookie for password-protected portals (1-hour expiry), and a temporary OAuth state cookie during sign-in (10-minute expiry). No tracking cookies.
Free uploads (under 2 GB) expire after 24 hours. Paid per-transfer uploads and Pro uploads expire after 30 days. After expiry, files are permanently deleted from Cloudflare R2. Metadata is cleaned up during routine maintenance. Pro users can also delete files early from the Dashboard.
Portals are receive links — you create one and share it so others can upload files to you. Files uploaded through a portal are stored under your account and appear in your Dashboard. The uploader does not need an account. Portal links are accessible only to people you share them with — there is no public directory of portals.
No account is required to upload or download files. Signing in with Google is optional and gives you access to the Dashboard (to manage your active links and portals) and the ability to subscribe to Pro. When you sign in, we store your Google ID, email, name, and profile picture. We don't access your Google contacts, drive, or any other Google data.
Payments — both per-transfer fees for files over 2 GB and the Pro subscription ($2/month) — are processed through Dodo Payments, which acts as the Merchant of Record. When you pay, your email and name are shared with Dodo Payments to create the checkout. Dodo handles all payment processing, billing, and tax compliance. We do not see or store credit card numbers or payment method details.
For Pro subscriptions, we store your Dodo customer ID, subscription ID, plan status, and plan expiry date. You can cancel your subscription anytime from the Dashboard.
Files sent through P2P rooms are transferred directly between devices using WebRTC. These files never touch our servers. Chat messages in rooms are also peer-to-peer. Room codes are temporary and expire when both parties disconnect.
Railway — application hosting and database.
Cloudflare — R2 file storage, DNS, email routing, TURN relay for P2P.
Dodo Payments — payment processing and subscription billing.
Files are automatically deleted after their expiry period. There is no way to recover a file after it expires. Pro users can delete individual files or entire folders early from the Dashboard. If you need your account or upload metadata removed, contact us.
We'll update this page when the product changes. The date at the top reflects the most recent revision.
Questions about privacy? [email protected]