Delivered. Downloaded. Gone.
Encrypted in transit and at rest, alive exactly as long as you decide, and deleted for real when time's up. No AI training. No data selling. No fine print.
Deliver with confidence
Share a link, set the expiry, add a password if it's sensitive. ZappFiles handles the guardrails so you can hand off the work and move on.
Everything guarding your files
TLS in transit
Every byte between you, us, and your client travels encrypted. Nothing leaves your device until you hit send, and nothing travels in the open.
AES-256 at rest
Stored files are encrypted on Cloudflare R2 with the same standard banks rely on. Your work never sits in storage unprotected.
Signed URLs
Transfer links are unguessable and every download runs through a signed URL that expires within minutes. A leaked link goes stale before it can travel.
Password protection
Lock any transfer on Pro or Max. Recipients see a lock screen and nothing else until they enter the password. The password is hashed, so even we can't read it.
Delete after download
Flip one switch on Pro or Max and the files remove themselves the instant the first download starts. Made for sensitive client handoffs.
Download tracking
See who downloaded what, and when. If a link ends up somewhere it shouldn't, you'll know, and you can delete the transfer on the spot.
Encrypted, always
TLS on every transfer, AES-256 on every stored file. Encryption isn't a plan feature. It's on for every plan, every upload, by default.
Expires on your schedule
Every link has a shelf life, from 10 days to a full year. Want it tighter? Flip on delete after download and the files vanish the instant your client pulls them.
Lock it with a password
Add a password on Pro or Max and recipients see nothing. No file names, no previews, no sizes. The lock screen stays until they type it in.
Boring infrastructure. By design.
Files live on Cloudflare R2 and travel over Cloudflare's global edge. Downloads use signed URLs that expire within minutes, so a screenshot of a link can't be passed around days later and still work. The actual download happens directly between your recipient and the storage layer, not through us.
Nothing uploads until you hit send
Some tools start streaming your files in the background the moment you drop them in, just in case. We don't. Your files leave your device the moment you tell them to and not a second sooner.
What's always on. What never happens.
No security tiers, no toggles buried in settings. One list runs on every transfer by default. The other stays empty forever.
Always on
Every plan. Every transfer. Nothing to configure.
- TLS in transit
Every transfer is encrypted the moment it leaves your device.
- AES-256 at rest
Files sit encrypted on Cloudflare R2 until they expire.
- Signed download URLs
Every download link goes stale within minutes.
- Real deletion
Expired files are wiped from storage, caches and edge nodes.
Never happening
Not in the fine print. Not anywhere.
- AI training
Your files never train a model. Ours or anyone else's.
- Data selling
We don't sell, share or mine your data. Full stop.
- Shadow copies
No backups of expired files, no leftover thumbnails.
- Snooping
We don't open, scan or look at what you send.
Your files, your region
We route to the closest region by default for speed. On Pro and Max you pin each transfer to Eastern USA, Western USA, Europe, or Asia and it stays there. Useful when a client contract says data has to stay on a particular continent.
The life of a transfer
1. Upload over TLS
Nothing leaves your device until you hit send. Then your files travel over TLS and land on Cloudflare R2, encrypted at rest with AES-256.
2. Set the guardrails
Pick an expiry, add a password, pin a storage region. Thirty seconds of settings. Or skip them entirely, because the safe defaults are already on.
3. Share one link
Your client clicks, previews, downloads. No account, no app, no signup wall. Each download runs through a signed URL that expires within minutes.
4. Gone for real
When the link expires, the files are deleted from storage. No shadow copies, no backups of expired files, no leftover thumbnails. Gone means gone.
The usual ways don't hold up
Email attachments and shared drive folders were never built for client deliveries. Here's how they stack up against a transfer that protects itself.
| Email attachment | Cloud drive folder | ZappFiles | |
|---|---|---|---|
| Size limit | Caps out around 25MB | Whatever storage is left | Up to 250GB on Max |
| Link expiry | Sits in inboxes forever | Until someone remembers | 10 days to a year, automatic |
| Encrypted at rest | Depends on the inbox | Usually | AES-256, every file |
| Password protection | Account walls for clients | One password, no account needed | |
| Delete after download | One switch | ||
| Download tracking | Limited | Who downloaded what, and when | |
| AI training on your files | Check the fine print | Check the fine print | Never |
No AI training. Not now, not ever.
We don't train models on your files, sell your data, or mine your transfers for insights. The only thing we do with the bytes you upload is move them to your recipient, then delete them on schedule.
FAQs
Can’t find the answer you’re looking for?
Reach out to our customer support team.