TeleportLink Early Access Preview — Free to use with limits. We're collecting feedback before official launch.
Learn moreGive Feedback

Security & Privacy

Zero-knowledge architecture means we can't decrypt, read, or recover your files—even if we wanted to.

Privacy Promise

  • 🔒
    Never stored in plaintext

    Your files are encrypted before leaving your browser. We only store encrypted fragments we cannot decrypt.

  • 🔑
    Key stays with you

    The decryption key is only in the link (the part after #). It never reaches our servers—browsers don't send URL fragments in HTTP requests.

  • 👁️
    Server-side blindness

    We cannot read, reconstruct, preview, or scan your files. Our servers see only encrypted chunks with no context.

  • 💣
    Self-destruct by design

    Files auto-delete when links expire or hit open limits. Once gone, they're unrecoverable—we can't restore them.

  • 🚫
    No key recovery

    If you lose the link, the file is gone forever. We can't help because we never had the key. This is a feature, not a bug.

  • Not cloud storage

    We don't host your files long-term. This is ephemeral delivery: send once, expire automatically, delete permanently.

Zero-Knowledge Architecture

Client-Side Encryption

  • AES-GCM 256-bit encryption in browser
  • Web Crypto API (native, audited)
  • Random IV per file chunk
  • Key generation never touches server

URL Fragment Security

  • Key embedded in URL hash (#key)
  • Never sent in HTTP headers or logs
  • Not visible in server access logs
  • Not included in Referer headers

Fragment Storage

  • Files split into encrypted chunks
  • Each chunk encrypted independently
  • Stored on Cloudflare R2 (encrypted)
  • Auto-deleted on expiry/consumption

Metadata Minimization

  • File name encrypted (optional)
  • No content analysis or indexing
  • Minimal transfer metadata stored
  • IP addresses not logged long-term

What We Cannot Do

By design, our zero-knowledge architecture prevents us from:

Decrypt your files (we don't have keys)

Scan file contents (encrypted end-to-end)

Recover lost links (keys are not stored)

Share files on your behalf (only link holders can access)

Restore deleted transfers (auto-deletion is permanent)

Comply with decryption requests (technically impossible)

Threat Model

✓ Protected Against

  • Server-side data breaches (encrypted at rest)
  • Man-in-the-middle attacks (HTTPS + E2E encryption)
  • Insider threats (zero-knowledge design)
  • Government data requests (no plaintext access)
  • Cloud provider snooping (encrypted blobs only)

⚠ User Responsibility

  • Link security (anyone with link can access)
  • Recipient trust (verify before sharing)
  • Device security (malware can steal keys)
  • Phishing (verify domain before upload)
  • Key management (lost links = lost files)

Transparency & Audits

TeleportLink is built on open cryptographic standards (Web Crypto API, AES-GCM). We don't implement custom crypto—we use browser-native, audited APIs.

Future: We plan to publish security audits and warrant canaries as we scale. For now, the best audit is our architecture: we literally cannot decrypt your files.

Questions about security?

Read our detailed privacy policy or get in touch.

Privacy PolicyContact Us