Privacy Policy

Last updated: June 5, 2026

1. Overview

VeilShare is a privacy-focused file sharing service designed to minimize data collection.


Files uploaded to VeilShare are encrypted client-side before being transmitted to our servers. Encryption and decryption occur in your browser using AES-256-GCM. We do not store keys and cannot decrypt uploaded files.


This Privacy Policy explains what information we process, why we process it, and how long it is retained.

2. Information We Process

To operate VeilShare, we process a limited amount of technical and encrypted data.


Encrypted File Blob

Before a file is transmitted to our servers, it is encrypted locally in your browser using AES-256-GCM encryption. We store only an encrypted file blob required to deliver the file to recipients.


We don't have access to:

  • The unencrypted contents of your files
  • Decryption keys

When uploading a file, an encryption key is generated client-side in your browser. This key is used to encrypt the file before upload and is required to decrypt it upon download. This key never reaches our servers and is embedded in the URL fragment. Example: https://veilshare.com/files/UUID#decryption_key.


File Metadata

We store minimal metadata necessary for functionality, both encrypted and unencrypted, including:

  • File name (end-to-end encrypted)
  • File size
  • File expiration date
  • File download limit

Password Protection

We optionally allow files to be protected with a password before download. Password protection is intended to prevent unauthorized downloads by users who possess the file link. It does not provide additional encryption of the uploaded file itself.


Your password never leaves your browser in plaintext. A PBKDF2-hashed version of your password is stored on our servers for verification.


Temporary Technical Data

To protect the service against spam, abuse, and automated attacks, we temporarily process technical information such as IP addresses for rate limiting and security purposes.


This information is not permanently stored, linked to file contents, or used for tracking users across sessions.

3. What we DON'T collect

VeilShare is designed to minimize data collection.


We don't collect:

  • Client-side tracking or analytics
  • Identifiers linking you to your files
  • Content of your files (they are encrypted)
  • Decryption key to file (stored client-side, in link)

4. Retention

The encrypted file blob and file metadata are automatically deleted within an hour of expiry or when download limit is reached. Files become inaccessible immediately and cannot be downloaded.

5. Third Parties

We rely on Hetzner and Cloudflare to host and run our service. You may also read their privacy policy.

6. Contact

If you have any questions, feel free to send us an email.

Email: [email protected]