KEYLESS · ANONYMOUS · 5 MB
Your browser encrypts before upload. The key lives in the link, never on the relay. When the receiver opens the link, the file is gone.
| cipher | aes-256-gcm |
| key source | browser, 256-bit random |
| key delivery | url fragment (never sent) |
| storage | ram-only |
| ttl | 1 hour |
5 MB limit · no account needed · need verified transfers?
Link ready
Share this link. The file decrypts in the recipient's browser and is deleted from the relay after one download.
The decryption key is embedded in this URL. Share only via a secure channel (Signal, encrypted email). Do not paste in Slack, WhatsApp, or any service that generates link previews.
Web Crypto API produces a 256-bit AES key inside your browser. The relay is never involved in this step.
AES-256-GCM encrypts your file in the browser. The ciphertext is uploaded. Plaintext never leaves your device.
The key is placed in the URL fragment after the # symbol. Browsers strip the fragment before sending the URL to any server. The relay cannot log what it does not receive.
The recipient's browser reads the key from the fragment and decrypts locally. The relay overwrites the ciphertext from RAM. Done.
Your browser generates the encryption key. The key is a 256-bit value produced by Web Crypto, the same primitive used by every HTTPS connection you make.
The key travels in the URL fragment. Browsers never send fragments over the wire to servers, which means Paramant's relay cannot log what it does not receive.
The relay holds the ciphertext in RAM only. When the recipient downloads, the memory is overwritten. No disk write, no backup, no deferred deletion queue.
Anonymous links are the fastest way to send something. For transfers where you need to prove who sent the file, or where the receiver must verify the relay before trusting a key, use ParaShare. For sending between two browsers on the same network with no relay in the middle, use ParaDrop.
The relay zeroes the memory holding the ciphertext and removes the entry from its store. The file is gone from every layer of the stack, including our RAM. There is no deleted files bin, no retention for abuse investigation, no copy retained for any purpose.
Only the person holding the link. The key lives in the URL fragment after the # symbol. Your browser strips the fragment before sending the URL to any server, including ours. As the sender, only you can reproduce the key, because it was generated in your browser and not persisted anywhere.
One hour by default, or until the first successful download, whichever comes first. Paid tiers extend this up to 24 hours or 7 days, and allow multiple reads per link. See pricing for details.
Not via the anonymous flow. The 5 MB limit applies to all tiers at the managed relay. Enterprise customers running a dedicated relay can configure a higher limit within their RAM budget. If you need to send larger files regularly, contact us.