ParaMANT · build 2.4.5 · 0B stored · aes-256-gcm / ml-kem-768 · STH:

Encrypted transport
that burns itself.

Client-side encryption. A relay that never writes to disk and destroys the ciphertext after one read. No account needed to start. Post-quantum key exchange available for verified transfers.

Send a file free Two trust modes

Audited  ·  Open source  ·  EU jurisdiction  ·  Free API key

01
Drop to send
Anonymous. No account required.
cipher aes-256-gcm
key url fragment
rate 10/hr
account none
Send a file →
NIS2
IEC 62443
NEN 7510
eIDAS
FIPS 203
FIPS 204
01

Four steps. Nothing stored.

How it works
1
Encrypt client-side

Your file is encrypted in the browser before it leaves your device. The relay never sees plaintext.

2
Transit via Ghost Pipe

The ciphertext moves through the relay, padded to 5 MB and hashed into the CT Merkle log.

3
One-time download

The recipient decrypts locally. On download, the relay erases the blob from RAM. Burn-on-read.

4
Cryptographic proof

The Merkle root is updated. Transfer is proven without storing what was transferred.

01.5

Two modes. Pick your trust model.

Architecture

Anonymous

AES-256-GCM

Browser-generated key lives only in the URL fragment, never sent to the relay. Prove-by-design that we cannot decrypt what we relay.

Ideal for one-off sends that need zero setup. No registration. No key exchange.

Send a file →

Verified end-to-end

ML-KEM-768 Hybrid

ML-KEM-768 + ECDH P-256 hybrid key exchange via Rust/WASM. ML-DSA-65 signed receipts (FIPS 204). Fingerprint verification before send.

For when the audit trail matters. The receiver can prove who sent what.

Try ParaShare →
02

Products

Three tools

ParaSend

Send a file

AES-256-GCM. Key in URL fragment. Drop a file, get a burn link. 5 MB, up to 1 hour.

Try now →

ParaShare

Verified transfer

ML-KEM-768 hybrid with fingerprint verification. Post-quantum key exchange. Proof-of-delivery.

Try free →

ParaDrop

Local transfer

Browser to browser via WebRTC. No relay storage. No Apple. No cloud. Burn-on-read.

Try now →
03

Verifiable

CT log
Certificate Transparency Log — live
View all →
Log entries
Registered relays
STH signature
checking...
Current root
syncing...
SHA3-256 · tamper-evident · public
Recent activity
loading...
Every transfer hashed into a Merkle tree. Content never stored.
View live CT log → Why post-quantum now →
04

Pricing

Three tiers
Free
€0
No account · no card · forever

For one-off anonymous sends. No account, no tracking.

  • AES-256-GCM, browser-generated key
  • 5 MB per file
  • 1 hour link expiry
  • Burn on first read
  • 10 uploads per hour per IP
  • Up to 5 registered devices for ParaShare
Send a file free →
Pro
Coming soon
Join waitlist for launch pricing

For professionals who send regularly. Features, not bigger files.

  • Everything in Free
  • 24 hour link expiry
  • Up to 10 reads per link
  • Up to 50 registered devices
  • Send history and link management
  • Webhooks on upload and download
  • Email notifications via Resend
  • No IP rate limit
Get notified →
Enterprise
Custom
Dedicated relay · SLA · compliance

Dedicated infrastructure, compliance, and support.

  • Everything in Pro
  • 7 day link expiry
  • Up to 100 reads per link
  • Unlimited registered devices
  • Dedicated relay on our infra or yours
  • Configurable file size per tenant (default 5 MB, tested up to 50 MB on dedicated deployments)
  • IEC 62443 / NIS2 / NEN 7510 documentation
  • DPA (GDPR Art. 28), on-premise option
  • SLA 99.9%, priority support
Contact →
Full plan details and comparison →
05

Run your own relay.

Self-host

Source-available under BUSL-1.1. Free for up to 5 users. Works on a Raspberry Pi. If the managed service ever closes, every self-hosted relay keeps running indefinitely.

curl -fsSL https://paramant.app/install.sh | bash or docker compose up -d
Full deploy guide →