How your files stay private, in plain terms.
Every file is encrypted in your browser with AES-256-GCM before a single byte leaves your machine. A fresh random 256-bit key is generated per transfer using the Web Crypto API. The server only ever handles ciphertext.
Your link looks like this:
https://this-host/t/<transferId>#<encryptionKey>
The part after the # is the URL fragment. Browsers never send the
fragment to the server in any HTTP request, so the key reaches the recipient's browser
directly and is never transmitted to us. Anyone with the full link can decrypt the file;
anyone with only the transferId (which is all the server sees) cannot.
The file is split into 64 KB chunks. Each chunk gets its own random 12-byte initialization vector (IV), which is prepended to that chunk's ciphertext. IVs are never reused, which is exactly what AES-GCM needs to stay secure. The filename and MIME type are encrypted too, so the server stores only opaque metadata.
| Can see | Cannot see |
|---|---|
| Encrypted bytes, transfer id, file size, chunk count, your IP for the connection | The decryption key, file contents, the real filename, anything in plaintext |
So the recipient can start downloading the instant they open the link, the sender uploads the first 256 MB (still encrypted) to the server, held in memory, never written to disk. The recipient streams and decrypts it immediately. Everything beyond 256 MB is sent directly peer-to-peer over WebRTC, so it never touches the server at all.
The buffer is deleted the moment the recipient confirms they have it and the peer-to-peer handoff begins. Any transfer that goes untouched is purged automatically after its TTL (one hour by default). There is no database, no account, and nothing persisted: when a transfer ends, it is simply gone.