Zero-knowledge · ephemeral · in your browser

Encrypted before it leaves.Forgotten by design.

GhostDrop encrypts every file in your browser before it's sent, and deletes it on a schedule you set. The server never sees your data — and neither does anyone once the link expires.

Send a file →Get early access to Intake

●Send · live●Intake · in BetaAES-256-GCMNo account required

The conceptual spine

Two ways to move a file. Both encrypted. Both temporary.

Available now

→

Send

Give a file

You have something to share. Upload it, get a self-destructing link, and control exactly who sees it and for how long.

Send a file →see how it works

Coming soon

→

Intake

Request a file

You need something from someone. Send a request link; they upload straight into your encrypted inbox; it purges once you've retrieved it.

Join the waitlist →flow, reversed

Send, in three beats

How a drop works

Step 01 · Drop

Drop

Add your file. It's encrypted in your browser with AES-256 before a single byte leaves your device.

Step 02 · Share

You get a link. The decryption key lives inside the link — in the part of the URL the server never receives.

Step 03 · Vanish

Vanish

Set a view limit, a timer, or both. When the limit is reached, the encrypted file is purged for good.

Try it · interactive

Drop a file. Get a link. Watch what we keep.

Set a view limit and an expiry. Nothing is uploaded — this is just the flow.

Drop a file or click to begin

encrypted in your browser · AES-256-GCM

View limit

Expires in

ghostdrop.to/send

client_passport.pdf

2.4 MB · encrypted client-side

views: 3 · expiry: 24h · no plaintext leaves device

Coming soon · The centrepiece

Stop telling clients “just email it to me.”

Every accountant, recruiter, and advisor collects sensitive documents — tax forms, IDs, signed contracts, financial records — over and over. Today most of it arrives by email: unencrypted, sitting in an inbox forever, a breach waiting to happen. GhostDrop Intake flips the flow. You ask for the file; it comes to you encrypted; it disappears once you've filed it.

Create a request.

Choose what you're collecting and generate a secure upload link — optionally branded as yours.

Your client uploads.

They open the link and add their file. It's encrypted in their browser before it leaves their device. No account, no app, no friction.

It lands in your inbox.

You're notified the moment it arrives. Preview it, then download it into your own system.

It purges itself.

Once you've downloaded the file, GhostDrop deletes its copy. A short grace window lets you re-grab if you need to — then it's gone. Or one click destroys it instantly.

Intake is in Beta

Join the waitlist.

We'll bring you in early — and your feedback will shape what it becomes.

One email. No spam. We'll only write when there's something real to try.

Retention timeline

drag → to scrub

Open

Uploaded

Awaiting

Grace

Purged

~ dayslink-open window

untimedawaiting retrieval

~ 60sgrace after download

1 clickdestroy on demand

Awaiting retrieval. Not a countdown — the file waits until you actually retrieve it. (A backstop timer covers files left forever.)

Zero-knowledge, both ways.

The file is encrypted before it ever reaches us. We can't read it — and neither can anyone who breaches our servers, because there's nothing readable to take.

It doesn't linger.

The file exists only in the window between your client uploading it and you filing it. That window is the whole product.

You can prove it's gone.

Every request shows exactly when a file was received, retrieved, and destroyed — a clean record for you and your compliance.

Trust

We built GhostDrop so we can't betray you.

Most “secure” file tools encrypt your data — but hold the keys themselves. That means their staff can read your files, a breach can expose them, and a court order can compel them.

GhostDrop works differently. Encryption happens in your browser. The key is generated on your device and travels only inside the share link's fragment — the part of a URL that browsers never transmit to any server. We store encrypted blobs and nothing else.

We can't read your files. The keys never reach our servers.

We can't leak what we can't see. A breach finds only scrambled bytes.

We can't hand over what we never had. Subpoena us; we have nothing readable to give.

client_email.txtplain · readable

From: Mira Olsen <mira@brightwell.co> Subject: Q3 financials + signed NDA Date: 21 May 2026 09:14 Hi Sam — attached are the quarterly numbers and the countersigned NDA. The wire receipt is in the second PDF; let me know if you need the W-9 again. Account ending 4421. — M

drag to encrypt0% scrambled

Audiences

Built for people who handle things that matter.

— 01

Accountants & bookkeepers

Collect tax documents without an inbox full of SSNs.

— 02

Recruiters & HR

Gather IDs and signed offers without insecure email threads.

— 03

Property managers

Receive pay stubs and financial proof, then let them disappear.

— 04

Clinics & private practices

Take in records and intake forms that don't linger.

— 05

Advisors & consultants

Request sensitive paperwork from clients, securely, every time.

— 06

Anyone sending once

A contract, a passport scan, a private video — that shouldn't live forever.

The details, for the people who ask

The kind of security you can audit, not just trust.

01 · Cipher

AES-256-GCM

The cipher standard trusted for classified data.

02 · Engine

Web Crypto API

Encryption runs in the browser's native API — hardware-accelerated, no plugins.

03 · Keys

Never transmitted

They live in the URL fragment, which stays on the client. We literally cannot see them.

04 · Chunks

Per-chunk nonces

Large files are encrypted in chunks, each with its own derived nonce — protected end to end.

05 · Media

Streamed decryption

Audio and video stream and play without ever assembling a full plaintext copy.

06 · Purge

Continuous deletion

A background process continuously purges expired data — expiry isn't a flag, it's a deletion.

Last objections

Questions, answered.

No. Files are encrypted on your device before upload. We only ever store scrambled data.

The encrypted data is permanently deleted. Expiry is a real deletion, not a hidden flag.

No. They open a link in any browser. For Intake, the person uploading needs no account either.

The link carries the only key. If it's lost, the file can't be decrypted by anyone — including us. That's the tradeoff of true zero-knowledge.

Send is for giving a file to someone. Intake is for requesting one from someone — it arrives in your encrypted inbox and purges once you've retrieved it.

It's in active development. Join the waitlist and we'll bring you in early.

One more thing

Send your first file in under a minute.

Or join the Intake waitlist and help shape what comes next.

Send a file →Join the waitlist