Site menu:


Free Encrypted File Transfer

Send a File to Anyone. No Account Required.

A download link will be provided as soon as the upload completes

The file and the message (if any) will be fully encrypted at rest. You can then share a secure URL with your recipient for a one-time download.

The difference is: this site cannot read your files, only pass them to your recipient in an encrypted form. Compare this to Google Drive, Microsoft OneDrive, Apple's iCloud, Dropbox and others to appreciate the difference.

A long password (also known as a secret or a key) is generated by the browser and used to encrypt your data. This password is never sent anywhere, our servers included. Only the sender can decrypt the file, OR someone with a full link containing the password.

The secret necessary for decryption never leaves the sender. The sender retains full control by sharing the full link solely with the intended recipient. The full link contains two parts: the part sent to the server and the part that always stays in the user's browser.

The link expires after 72 hours OR after the first successful download. This is by design so that a malicious actor who hypothetically gains access to a secure link from the recipient's E-mail (or other means) will not be able to download the file. Once your recipient confirms the receipt of the file, you can test the file's unavailability for yourself, by accessing the link again. You will observe that the file is no longer available.

Every link is a one-time secure link that can be used for a single download. This is so that your data stays protected in transfer.

Or Drop a File Here

    Question: What if the data center is compromised or the site administrator gains access to my file?

    Answer: The file is fully encrypted prior to being sent so it would be of no use to anyone without the decryption key, which stays with the sender. Not the file name, nor file's contents, nor the optional note to recipient can be obtained without the full URL containing the secret key. This would include any administrator at the data center and the site's technical team since the server receives only a partial URL, without the secret URL fragment, by design.

    Question: What if your servers are hacked?
    Answer: An attacker who gains control of our servers would have not ability to read any of the files or files' metadata - none. This is by design and ensures the safety of your files. The files are indistinguishable from random bytes by the time they start being uploaded.

    Your browser generates a key and encrypts the file before sending. The recipient's browser performs the decryption, which is only possible if the recipient is in possession of the full URL from the sender. The encrypted file is deleted from our servers immediately upon the first download. This provides extra security and ensures that once the recipient receives the file, no additional downloads are possible, including someone gaining access to the download link later.

    Decryption is only possible with the URL fragment, which stays locally with the sender and may be shared by the sender with the recipient in the form of a link. The URL fragment contains the secret key generated by sender's browser and is never sent to our servers, even when the link is clicked. This behavior is by design in all modern browsers.

    The file transfer service is provided free of charge for personal use, courtesy of FileSender.io.