SecretFile for one-time downloads
Upload one or more files, encrypt them in the browser, and send a self-destructing link that supports secure one-time downloads.
Quick workflow
- Drop files into the secure zone or browse from your device.
- Paste clipboard files when the browser exposes them.
- Send the encrypted link for a one-time file reveal and download.
Maximum upload is 20 files and 50 MB total per share.
Your secret file link is ready
Share this link with your recipient. Files stay encrypted until the link is opened with the browser-side key.
How secure file sharing works
Three simple steps to send files privately with zero server-side access.
Upload file
Drop, paste, or browse to add up to 20 files totalling 50 MB. Any file type is accepted and processed locally in your browser.
Encrypted link generated
AES-256 encryption runs entirely in your browser before upload. The decryption key lives only in the link fragment - the server only ever sees ciphertext.
Downloaded once then deleted
After the recipient opens the link and downloads the decrypted files, the encrypted data is permanently removed from the server and the link becomes inactive.
What you can share
SecretFile accepts any file type. Here are some of the most common use cases.
Documents and PDFs
Share contracts, invoices, reports, or any sensitive document that should be read once and not stored in an email inbox or chat history.
Images and screenshots
Send design assets, medical scans, identity documents, or any image that requires end-to-end encryption and self-destructing delivery.
Code and config files
Transfer environment files, API keys in .env format, deployment configs, or source code snippets without risking exposure in version control or messaging tools.
Archives and backups
Deliver ZIP, TAR, or encrypted database exports to a specific recipient knowing the files will be deleted from the server the moment they are downloaded.
Frequently asked questions
Common questions about encrypted file sharing with SecretFile.
Yes. Files are encrypted with AES-256 directly in your browser before any data is sent to the server. The decryption key is embedded in the link fragment, which is never transmitted to the server. This means the server stores only ciphertext and has no way to read your files.
Any file type is accepted - documents, archives, images, executables, or anything else. You can share up to 20 files at once with a total size of 50 MB per share. Clipboard paste support depends on what file types the browser exposes from the clipboard, which varies by operating system.
Files are stored until the link is opened or until the expiration time you set in Options is reached, whichever comes first. The default expiration is 3 days for unviewed links. Once the recipient opens the link the encrypted files are permanently deleted from the server.
No. SecretFile uses one-time delivery. After the link is opened and the files are decrypted the encrypted data is deleted from the server and the link stops working. If you need to share the same files again you will need to create a new share.
Yes. In the Options panel before creating the link you can set a password. The recipient must enter the correct password before the files are decrypted and made available for download. This adds a second layer of protection on top of the AES-256 encryption, which is useful if you need to send the link over an insecure channel.
If the link is never opened, the encrypted files are automatically deleted when the expiration timer runs out. The default is 3 days. You can set a shorter or longer timer in Options before creating the link. Available options range from 1 hour to 30 days. After expiry the link stops working and the files are permanently deleted.
No. SecretFile is designed around anonymity and zero-knowledge principles. The sender has no dashboard, no notification, and no visibility into whether the link was opened. Once the link is created and shared, the sender has no further connection to the share. This is intentional - the service does not track access events.
Yes. SecretFile is operated by RapidFoundry LTD, a company based in the European Union. Files are stored as encrypted ciphertext only, with no personally identifiable information attached. Because the service uses zero-knowledge architecture, SecretFile processes no personal data contained within the files themselves. Full details are available in the privacy policy.
Yes, SecretFile is completely free. No account, subscription, or payment is required to upload or download files. All features including AES-256 encryption, one-time delivery, password protection, and expiration timers are available at no cost.
More privacy tools
Everything you need to share private data safely - free, no account, runs in your browser.
SecretNote
Write a private note, generate a one-time link, and share it. The note self-destructs the moment it is read - nothing is stored, nothing leaks.
SecretScreen
Upload a screenshot and get a self-destructing share link. The image is encrypted before upload and deleted after the first view - no permanent hosting.
SecretFile
Upload any file and share a one-time download link. The file is encrypted end-to-end and permanently deleted after the recipient downloads it.
Hash Generator
Instantly generate MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 hashes in your browser. Your input is never sent to the server.
Password Generator
Generate strong, random passwords with full control over length and character sets. Everything runs locally - your passwords never touch a server.