filez.zone
filez.zone

Privacy Policy

Last updated: May 13, 2026

1. Overview

filez.zone ("we", "us", or "our") operates the file-sharing service available at filez.zone. This Privacy Policy explains how we collect, use, and protect information when you use our Service.

Core principle: We designed filez.zone so that we never have access to the content of your files. All encryption and decryption happens in your browser. The encryption key is never transmitted to our servers.

2. Information We Collect

Information you provide (optional user accounts)

filez.zone offers optional user accounts that enable the ability to save and manage shared capability URLs. Creating an account is entirely voluntary — the core file-sharing functionality works without one.

When you create an account, you provide:

  • Email address: Used to identify your account and for authentication. Your email is stored in our database and included as the sub claim in your JWT token.
  • Display name: Used to personalize your experience in the user interface.
  • Password: Hashed using bcrypt with a unique per-password salt. The plaintext password is never stored — only the cryptographic hash is persisted in our database.

Information you provide (file data)

  • File data (encrypted only): When you upload a file, only the encrypted ciphertext is stored on our servers. We cannot read, view, or decrypt your files.
  • Content type: You may optionally provide a MIME type (e.g., "image/png") which is stored as metadata alongside the encrypted file to help recipients identify the file type.

Saved URLs

When you are authenticated and upload a file, the resulting capability URL is automatically saved to your account. The following information is stored:

  • Capability URL: The full shareable link (including the encrypted key in the hash fragment).
  • Title: The original filename from the upload, used as a human-readable label for the saved link. You may also provide a custom title.
  • Record metadata: A unique ID (UUID), your account email (as the user_email field), and the timestamp when the URL was saved.

Saved URL records are stored in our MongoDB database and are only accessible to you through authenticated API requests using a valid JWT token in the Authorization: Bearer <token> header. They are permanently deleted when you delete your account.

Information collected automatically

  • Server logs: We may log HTTP request metadata (IP address, timestamp, user agent) for operational purposes such as debugging, rate limiting, and abuse prevention. These logs are retained temporarily and are not used to build user profiles.
  • Anonymous analytics: We use OpenPanel, a cookieless, privacy-first analytics tool, to collect anonymous page view data. This includes page URLs, referrer information, browser and device type, and country-level location derived from anonymized IP addresses. No cookies are used, no personal identifiers are collected, and users cannot be tracked across sessions or websites.

Information we do NOT collect

  • Encryption keys — these remain in the URL hash fragment and are never sent to our servers.
  • Plaintext file content — all file data is encrypted client-side before it ever reaches our infrastructure.
  • File names from anonymous uploads — when uploading without an account, the original file name is not stored or transmitted to the backend.

3. Authentication & Session Management

We use JSON Web Tokens (JWT) for authenticating protected API requests. When you log in, the backend issues a signed JWT containing your email (as the sub claim), an issuance timestamp, and an expiration timestamp. The token is signed with a server-side secret (JWT_SECRET) known only to our backend.

The JWT is stored in your browser's localStorage and sent to the backend via the Authorization: Bearer <token> HTTP header for all protected endpoints (e.g., saving and listing URLs). The token is never embedded in URLs or logged by the server. It is automatically invalidated upon expiry (configurable via JWT_EXPIRY_MINS, default 5 minutes).

You can log out at any time via the user menu, which clears the JWT and user information from localStorage. Deleting your account removes all associated data from our database, including saved URLs and your user record.

4. How Files Are Protected

Your files are protected by end-to-end encryption using AES-256-GCM, implemented through the browser's native Web Crypto API. The encryption process works as follows:

  1. A unique 256-bit AES key is generated in your browser for each file.
  2. The file is split into chunks and each chunk is encrypted with a random 12-byte initialization vector (IV).
  3. The encrypted ciphertext is uploaded directly to Cloudflare R2 storage via presigned URLs — it never passes through our backend servers in plaintext.
  4. The encryption key is encoded into the shareable link's hash fragment (#key), which browsers never transmit in HTTP requests.

This means that even if our servers or storage were compromised, an attacker would not be able to decrypt your files without the key from the URL fragment.

5. Data Retention & Deletion

  • Burn after reading: Files are automatically and permanently deleted from our storage immediately after the first successful download. We do not retain any copies.
  • Orphaned uploads: If a file is uploaded but never downloaded, it may remain on our servers until purged by routine maintenance. We do not guarantee a specific retention period for undownloaded files.
  • User accounts: Your account information (email, display name, hashed password) and saved URL records are retained until you choose to delete your account. Account deletion is available from the user menu and removes all associated data permanently.
  • Server logs: Operational logs are retained for a limited period and then automatically deleted. We do not use these logs for advertising or tracking purposes.

6. Third-Party Services

We use Cloudflare R2 for object storage. Encrypted file data is stored on Cloudflare's infrastructure. Cloudflare operates independently under its own privacy policy (cloudflare.com/privacypolicy). Cloudflare does not have access to your encryption keys or the ability to decrypt your files.

We use MongoDB for persistent storage of user accounts and saved URL records. MongoDB is hosted and operated by us. Your account data (email, hashed password, saved URLs) is stored exclusively in this database and is never shared with third parties.

We use OpenPanel, a self-hosted, cookieless analytics tool, to understand how our Service is used. OpenPanel collects anonymous page view data without cookies or personal identifiers. It is deployed on our own infrastructure and data is not shared with any external analytics provider. For more details, see the OpenPanel documentation.

7. Cookies & Tracking

filez.zone does not use cookies for tracking, advertising, or analytics. Our analytics tool (OpenPanel) operates entirely without cookies — it does not set, read, or require any cookies in your browser. It uses server-side request analysis to count page views anonymously, without storing any identifiers on your device.

For authenticated users, we use localStorage (not cookies) to persist your JWT token and basic user information (email, display name) across browser sessions. This enables you to remain logged in without re-authenticating on every page load. You can clear this data at any time by logging out. For details about the minimal browser storage we use for the Service itself, see our Cookie Policy.

8. Security

We take reasonable measures to protect the security of our infrastructure and the data transmitted through our Service, including:

  • Enforcing HTTPS for all connections.
  • Using presigned URLs with short lifetimes for direct uploads, so file data does not pass through our backend.
  • Employing end-to-end encryption so that even a server compromise cannot reveal file contents.
  • Using bcrypt with unique per-password salts to hash account passwords — plaintext passwords are never stored.
  • Validating JWT tokens in middleware before protected endpoint handlers execute, rejecting unauthorized requests with 401 Unauthorized.

No system is completely secure. We encourage you to share capability links only through trusted channels and to be aware that anyone with the link can download the file exactly once.

9. International Users

Our Service is operated from and data is processed in the European Union. If you access the Service from outside the EU, you acknowledge that your data will be processed in the EU and that you are providing consent for such processing.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request deletion of your data.
  • Object to or restrict processing of your data.
  • Lodge a complaint with a supervisory authority.

Because our Service is designed to minimize data collection and automatically deletes files after download, most of these rights are fulfilled by design. If you have created an account, you can delete it at any time via the user menu, which permanently removes all associated data (email, display name, hashed password, saved URL records). For any inquiries, contact us at privacy@filez.zone.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

12. Contact

For privacy-related questions or concerns, please contact us at privacy@filez.zone.

← Back to filez.zone