Zero-knowledge encryption
AES-256-GCM in the browser, PBKDF2-SHA-256 (300k) key derivation. The decryption key lives in the URL fragment (#…) and never touches our servers.
Secure Send
thesend Secure is a separate paid add-on for medical, legal and other high-trust workflows. Your browser encrypts files with AES-256-GCM before upload. Our servers never see the plaintext, the PIN, or the original filename.
AES-256-GCM in the browser, PBKDF2-SHA-256 (300k) key derivation. The decryption key lives in the URL fragment (#…) and never touches our servers.
A 6+ digit PIN is baked into the key derivation. The link alone is never enough. 5 wrong PINs → 15-minute lock.
Each invited email must confirm ownership with a 6-digit one-time code (10-min validity, 5 attempts) before decryption metadata is released.
Every open, OTP request, PIN attempt and download is logged with hashed IP/UA. Export to CSV from /account/secure.
1–10 recipients per transfer, per-recipient download quota (default 3, max 10), expiry up to 30 days, 5 GB payload cap.