Browser-first privacy platform

Everything private happens in the browser first.

The Files Lab brings encrypted file and text sharing, client-side PDF tools, secure whiteboards, and recipient-ready controls into one clean browser-first workspace.

XChaCha20-Poly1305 encryption

Selectable storage regions

Plan-aware expiry controls

Secure share flow

Upload, deliver, decrypt

Zero-knowledge

Encryption

XChaCha20-Poly1305

Region

Selectable before upload

Expiry

Plan-aware auto-delete

Payload

Ciphertext only

Recipient handoff

Share secure links with QR delivery and in-browser unlock flows.

Link ready

Client-side PDFs

Compress, merge, split, protect, unlock, sign

Local-first boards

Private by default, encrypted when shared

Encrypted text

Notes and snippets with QR delivery

Core capabilities

One surface for secure sharing, document work, and local-first collaboration.

The Files Lab is structured around product truths already present in the app: in-browser encryption, client-side processing, region and expiry controls, and clean recipient handoff.

Encrypted file sharing

Files are encrypted in-browser before upload begins, then delivered through recipient-ready links with expiry and region controls.

XChaCha20-Poly1305 chunk encryption

scrypt-derived keys from user passwords

Pause, resume, and cancel uploads in one queue

Encrypted text sharing

Share notes, snippets, and structured text with the same zero-knowledge flow, plus QR handoff and syntax-aware editing.

Plain text stays out of remote storage

Copy-link and QR code delivery

Language-aware editor for code and notes

Client-side PDF workflows

Compress, merge, split, protect, unlock, and sign PDFs directly in your browser with no document upload required for the processing step.

Live workspace flows for PDF operations

Protect and unlock password workflows

Optional PKCS#12 digital signing support

Local-first whiteboards

Boards stay in browser storage by default, while encrypted snapshot sharing gives teams a safe handoff path when needed.

Scene data stored locally by default

Encrypted snapshot link generation

Theme-aware previews and private handoffs

In-browser decryption

Recipients unlock encrypted file, text, and whiteboard flows in the browser so sensitive passwords and decrypted content stay on-device.

Password entry stays in the browser

Tamper-aware decrypt flows in app

Zero-knowledge recipient experience

Controls

Storage regions and expiry are built into the share flow, not bolted on later.

File Share, Text Share, and encrypted whiteboard snapshots all inherit the same settings surface so operational controls stay consistent across the product.

Storage region and expiry selection interface for secure shares

Western North AmericaEastern North AmericaWestern EuropeEastern EuropeAsia-PacificOceania

Workflow

The secure path is straightforward from the first password prompt to the final recipient open.

The product keeps the flow understandable: derive the key locally, upload ciphertext, hand off a secure link, and decrypt in the browser on the receiving side.

Step 1

Derive keys locally

Passwords become encryption keys in-browser using scrypt before any network upload starts.

Step 2

Encrypt and upload ciphertext

Encrypted chunks move through signed upload flows with region and expiry controls already set, while plaintext never leaves the device.

Step 3

Share and decrypt in-browser

Recipients open secure links or QR handoffs and decrypt file, text, or whiteboard payloads in-browser so sensitive inputs stay local.

Encryption hub

Encryption powers every private workflow in the platform.

One browser-first model spans upload, handoff, access, and recovery. The same private-by-default foundation shows up across files, text, whiteboards, recipient decrypt flows, account protection, and operational controls.

The Files Lab

Browser-first encryption control plane

Encrypted file share

In-browser encryption with ciphertext-only upload.

Encrypted text share

Secure notes and snippets with private link delivery.

Local-first whiteboards

Browser-stored boards with encrypted snapshot sharing.

In-browser decryption

Recipients unlock file, text, and board payloads locally.

Region + expiry controls

Selectable storage region and plan-aware auto-delete.

Passkeys + protected sign-in

Passkeys and Turnstile-backed auth harden account access.

Encrypted file share

In-browser encryption with ciphertext-only upload.

Encrypted text share

Secure notes and snippets with private link delivery.

Local-first whiteboards

Browser-stored boards with encrypted snapshot sharing.

The Files Lab

Browser-first encryption control plane

In-browser decryption

Recipients unlock file, text, and board payloads locally.

Region + expiry controls

Selectable storage region and plan-aware auto-delete.

Passkeys + protected sign-in

Passkeys and Turnstile-backed auth harden account access.

Encryption is not a single checkbox here. It acts as the control plane across sharing, access, delivery, and recovery, while account-level trust features keep the surrounding workflow equally disciplined.

Document tools

A browser-side PDF workspace instead of a pile of disconnected utilities.

Document operations follow the same product discipline as encrypted sharing: clear controls, live feedback, and client-side processing for the actual file work.

Compress

Reduce file size with secure client-side processing.

Merge

Combine PDFs and supported images into one export.

Split

Break documents by range, page selection, or size.

Sign

Use drawn, uploaded, typed, or PKCS#12 signatures.

Trust surface

The product experience also covers auth, usage, and billing trust without muddying the privacy story.

This is not a separate security brochure. These are user-facing platform features already present in the app: passkeys, protected sign-in, usage cues, and transparent billing management.

Passkeys and session visibility

Account security extends beyond shares with passkey support and device-aware session visibility in settings.

Passkey add, rename, and delete flows

Desktop and mobile session visibility

Passwordless sign-in support

Protected sign-in flows

Google and GitHub social sign-in

Magic link and OTP email sign-in

Cloudflare Turnstile challenge on auth endpoints

Usage and plan awareness

Daily usage, upload capacity, and expiry ranges are surfaced directly in product flows instead of hidden in docs.

20 daily operations on Free

100 daily operations on Pro

Usage-aware share settings and dashboards

Billing and invoice transparency

Paid subscriptions run through Razorpay, with subscription state and invoice history available in the account area.

Razorpay-backed checkout and subscriptions

Invoice and billing history in settings

Clear plan state and renewal visibility

Browser-first device coverage

The product surface is designed around real browser workflows, including passkeys, mobile sessions, and local board persistence.

Conditional passkey autofill support

Browser-stored whiteboard data by default

Desktop and mobile session context

Recipient-ready handoff

Secure links, QR access, and in-browser unlock flows keep delivery simple without weakening the privacy model.

Secure link and QR sharing

In-browser decrypt experiences

Expiry-driven auto-cleanup on shared payloads

Start secure work with The Files Lab

Encrypt file shares, run PDF workflows in your browser, and keep private whiteboard collaboration under your control from the first upload.

Start Sharing View Pricing