Share up to 5 GB with anyone. Your files are encrypted before they leave your browser. We can't see them. Nobody can.
Drop files here or browse
Up to 5 GB · Encrypted · Auto-deletes in 24 hours
Drop your files. They're encrypted in your browser with AES-256 before upload begins.
Get a unique download link. The decryption key is in the URL fragment — never sent to our servers.
Files are permanently destroyed after 24 hours or 10 downloads, whichever comes first.
AES-256-GCM encryption happens in your browser. Your files are ciphertext before they touch our infrastructure.
Start sending immediately. No sign-up, no email, no tracking. Just upload and share.
Send files up to 5 GB at no cost. No speed limits, no compression, no quality loss.
Every file is permanently deleted after 24 hours. Pro users can set custom expiration up to 30 days.
Integrate encrypted file transfers into your app. RESTful API with SDKs for Python, Node.js, and Go.
We never see your files, filenames, or metadata. The encryption key exists only in your shared URL.
Maelle uses client-side AES-256-GCM encryption with a randomly generated key for each transfer. The key is embedded in the URL fragment (after #), which is never sent to our servers by design — it's a browser standard.
Our infrastructure stores only encrypted blobs. Even with full server access, your files remain unreadable without the key.
// Client-side encryption flow
const key = await crypto.subtle
.generateKey(
{ name: 'AES-GCM', length: 256 },
true, ['encrypt']
);
const iv = crypto
.getRandomValues(new Uint8Array(12));
const encrypted = await crypto.subtle
.encrypt(
{ name: 'AES-GCM', iv },
key, fileBuffer
);
// Key stays in URL fragment
// Never sent to server
const shareUrl =
`https://maelle.run/d/${id}#${exportedKey}`;Free plan available now. Pro & Team — coming soon.