Share files the way they should be shared
Browser-to-browser when you're both online. Encrypted one-time hosted transfer when you're not. Your files never touch our servers in plaintext.
Two ways to send
Direct or hosted — you choose
Both paths encrypt in your browser before anything leaves your device. We never see your file content, filenames, or keys.
Direct transfer
When both sender and recipient are online, files travel directly browser-to-browser over WebRTC. Nothing is stored — not even temporarily.
- Peer-to-peer — no server relay
- Any file size, no upload wait
- Disappears when the tab closes
Hosted transfer
When the recipient isn't online, your browser encrypts the file and uploads the ciphertext. They download and decrypt later with the link you share.
- Encrypted before upload — we store only ciphertext
- Link contains the decryption key — we never see it
- Configurable expiry from 1 hour to 7 days
How it works
Three steps, fully private
Select your file
Pick any file from your device. Your browser generates a unique encryption key — it never leaves your machine.
Share the link
Dropilo creates a link with the decryption key embedded in the fragment — the part after #. Servers never receive it.
Recipient decrypts
When they open the link, their browser uses the fragment key to decrypt the file locally. Done.
Security
Privacy by construction
The system is designed so we physically cannot read your files — not a policy promise, a cryptographic one.
AES-GCM-256 encryption
Every file and filename is encrypted with AES-GCM-256 in your browser before any bytes leave your device.
Zero plaintext storage
We store only ciphertext. Filenames, file content, and your keys are never visible to our servers.
Key in the fragment
The decryption key lives in the URL fragment (#). Browsers don't send it in HTTP requests — our logs never see it.
Open cryptography
We use Web Crypto API primitives: AES-GCM, ECDH P-256, HKDF-SHA-256. No proprietary black boxes.
Pricing
Simple, honest pricing
Start free. Upgrade when you need more. No hidden fees, no surprise overages.
Free
For occasional, personal transfers.
- Up to 2 GB per transfer
- 3 hosted transfers / month
- 48-hour link expiry
- Anonymous transfers
Plus
For regular senders who need more room.
- Up to 10 GB per transfer
- 30 hosted transfers / month
- 7-day link expiry
- Transfer history
Pro
For teams and power users.
- Up to 50 GB per transfer
- Unlimited hosted transfers
- 30-day link expiry
- Workspace + member transfers
- Priority support
Business
For organisations with specific requirements.
- Unlimited transfer size
- Unlimited everything
- Custom retention policies
- SSO + audit logs
- Dedicated support
FAQ
Common questions
Can Dropilo read my files?
No. Encryption happens in your browser before anything is uploaded. Our servers only ever receive ciphertext — encrypted bytes with no key to decrypt them.
What happens to hosted transfers after they expire?
The encrypted chunks are permanently deleted from storage. Nothing is archived. The link also stops working, so even someone with the URL can no longer download.
Does direct transfer work on mobile?
Yes. WebRTC is supported in all modern mobile browsers. The transfer goes directly between devices without routing through our servers.
What encryption does Dropilo use?
AES-GCM-256 for file content and metadata, ECDH P-256 for key agreement between accounts, HKDF-SHA-256 for key derivation. All via the browser's built-in Web Crypto API — no third-party crypto libraries.
Is there a file size limit on direct transfers?
Direct (WebRTC) transfers are constrained only by your device's available memory since the file never leaves the device. Hosted transfers are capped per plan.
Do I need an account to send a file?
No. Anonymous hosted transfers work without an account. An account gives you transfer history, larger size limits, workspace features, and the ability to send to specific people.