Security at ZapTransfer

End-to-End Encryption

When you enable encryption (which is on by default), your files are encrypted directly in your browser before they ever leave your device. We use industry-standard AES-GCM 256-bit encryption, the same encryption standard used by governments and security experts worldwide.

  • Files are encrypted in your browser using the Web Crypto API
  • Each transfer gets a unique encryption key
  • Encryption keys are never sent to our servers
  • Recipients decrypt files directly in their browser

Zero-Knowledge Architecture

ZapTransfer operates on a zero-knowledge principle. This means we have zero knowledge of your file contents when encryption is enabled. Even if someone gained access to our servers, they would only find encrypted data without the keys to decrypt it.

How it works: The encryption key is stored in the URL fragment (the part after #). Browsers never send fragments to servers, so your key stays private between you and your recipients.

Automatic Expiration

All transfers automatically expire and are permanently deleted after their set expiration period (1-30 days). This ensures your data doesn't persist indefinitely on our servers.

  • Files are automatically deleted from our servers after expiry
  • Database records are scrubbed of sensitive information
  • No way to recover files after deletion

Additional Security Features

Password Protection

Add an extra layer of security with password protection. Passwords are hashed using SHA-256 before storage, and we never store plaintext passwords.

Download Limits

Set maximum download limits for your transfers. Once the limit is reached, files are automatically deleted.

TLS/HTTPS

All connections to ZapTransfer are secured with TLS/HTTPS, ensuring your data is protected during transmission.

Transparency

We believe in transparency about our security practices. Our encryption implementation is based on open standards and uses the browser's native Web Crypto API. The encryption happens entirely in your browser, which you can verify by checking the network requests - you'll see that only encrypted data is sent to our servers when encryption is enabled.

Questions?

If you have any questions about our security practices or would like to report a security issue, please contact us at security@zaptransfer.xyz

Your Security, Our Priority

We're committed to keeping your files secure and private. With end-to-end encryption, zero-knowledge architecture, and automatic deletion, you can trust ZapTransfer with your sensitive documents.