Security isn't a single feature — it's layered into every part of how FileLink works.
Every file is encrypted with AES-256-GCM before being written to storage. Encryption keys are never stored alongside file data.
All data in transit is protected by TLS 1.3. No file content is ever transmitted over unencrypted channels.
Recipients enter their name and email, then verify with a 6-digit OTP delivered to their inbox. Files are never accessible without verification.
Files open in a restricted browser-based viewer. Right-click, keyboard shortcuts, print, copy, and drag are all blocked at the browser level.
Recipient's email, full name, IP address, and access timestamp are baked into every page they view. Leaks are traceable to the specific viewer.
Deactivate a link instantly. All active sessions are polled every 15 seconds and immediately terminated when access is revoked.
Database access is governed by strict Row-Level Security policies. File data is only accessible through verified, authorized queries.
Files are stored in isolated, private buckets. No file is ever publicly accessible — every request requires a valid authenticated session.
The link contains only a short code — no file data, no metadata. Nothing is exposed in the URL itself.
Recipient submits their name and email. A 6-digit OTP is sent to that email address via a separate channel.
The OTP is validated against a time-limited hash. It expires in 10 minutes and is single-use. Brute-force is blocked after 5 attempts.
A unique session token is created server-side. The file blob is streamed directly to the viewer — never to the browser's file system.
The file renders in a sandboxed viewer with all download, copy, and print vectors blocked. Session is monitored and logged throughout.
On close, duration, device, IP, and interaction summary are committed to the audit log. Access is terminated server-side.