End-to-end encrypted file sharing

Files encrypted in your browser. Decryption keys never touch our servers.

How It Works

When you enable encryption on a link, FileGrab generates an encryption key in your browser. Your files are encrypted locally before they leave your device using AES-256-GCM, a standard used by governments and financial institutions worldwide.

The decryption key is embedded in the URL fragment (the part after the #). URL fragments are never sent to servers, so FileGrab literally cannot access your encrypted files. This is called zero-knowledge encryption.

What Zero-Knowledge Means

Most file sharing services encrypt files "at rest" on their servers, but they hold the keys. If their servers are compromised, so are your files. With FileGrab's end-to-end encryption, the key exists only in the URL you share. We cannot decrypt your files, even if compelled by a court order, because we never have the key.

Standard encryption (most services)

  • Service holds encryption keys
  • Files readable by the service
  • Vulnerable to server breaches
  • Can be compelled to hand over data

FileGrab E2E encryption

  • Key stays in the URL fragment
  • Files unreadable by FileGrab
  • Server breach reveals nothing
  • Cannot hand over what we don't have

Who Should Use It

End-to-end encryption is ideal for sharing sensitive documents: contracts, financial records, medical files, legal documents, or anything you wouldn't want exposed if a server was breached.

It's a Pro feature because encryption adds processing overhead. Every file is encrypted and decrypted in your browser, which uses more memory and CPU than a standard upload.

What's Different About Encrypted Links

  • URLs are longer (they include the encryption key in the fragment)
  • Thumbnails and previews are not generated (we can't process what we can't read)
  • Video streaming is not available (files must be fully downloaded and decrypted first)
  • AI transcription is not available on encrypted files

These tradeoffs exist because true end-to-end encryption means our servers cannot process your files in any way. That's the point.

Technical Details

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key derivation: Web Crypto API in your browser
  • Key storage: URL fragment only (never sent to server)
  • Compatibility: All modern browsers (Chrome, Firefox, Safari, Edge)

Learn More

Share files with zero-knowledge encryption

Upgrade to Pro to enable end-to-end encryption on any link.

Get Started