Shhh Click

Security

Last updated: 8/23/2025

Zero‑Knowledge Architecture

Shhh Click uses a zero‑knowledge design. Files are encrypted in your browser before any data reaches our servers. We never see your plaintext, passwords, or encryption keys. All decryption happens on the recipient’s device.

Client‑Side Encryption

  • • Files are zipped locally, then encrypted using AES‑GCM (256‑bit).
  • • Each upload uses a cryptographically secure random nonce (12 bytes).
  • • We compute a SHA‑256 hash of the ciphertext to detect corruption/tampering.

When using a passphrase, keys are derived with PBKDF2‑HMAC‑SHA256 with 100,000 iterations and a 16‑byte salt generated per upload. In passwordless mode, a random 256‑bit key is generated on the client and never sent to our servers.

Key & Passphrase Handling

  • We never receive your passphrase. Key derivation happens entirely in the browser using the per‑upload salt.
  • • In passwordless mode, the random 256‑bit key is placed in the URL fragment (after the “#”), which is never sent to our servers.
  • • Recipients can open with either the fragment key or a passphrase; decryption always runs locally.

Link Model & Access Control

  • • Each transfer is identified by an opaque token stored in temporary metadata.
  • • You can choose single‑use links or allow multiple opens (depending on plan).
  • • After a successful open, we increment an opens counter; on reaching the limit, the transfer isdeleted.
  • • All metadata endpoints are rate‑limited per token to reduce abuse.

We store only what is necessary to deliver the file: nonce, salt, ciphertext size, an access token, opens count, and optional delivery emails. Filenames may be stored for display. We never store or see your encryption keys.

Storage & Transport

  • • Encrypted ciphertext is uploaded directly to Cloudflare R2 via presigned URLs.
  • • All communications use HTTPS/TLS.
  • • Temporary metadata (no keys) is stored in Vercel KV (Upstash Redis) with TTLs.

Deletion & Expiry

  • • On expiry or when max opens is reached, we delete the KV record and the R2 object.
  • • A scheduled cleanup job also scans and removes any expired transfers and orphaned revoke tokens.
  • • Senders can revoke a link early using the revoke token sent via email.

Free links default to 24 hours. Paid plans support longer expiries. Regardless, data is automatically purged when consumed or expired.

Abuse Prevention

  • Rate limiting is applied to upload initialization, metadata fetch, blob URL retrieval, and confirm‑open requests.
  • Content‑length constraints are enforced by storage presigned policies.

Limitations & Best Practices

  • • Choose a strong passphrase (minimum 8 characters; longer and varied is better).
  • • Share the passphrase or fragment key over a separate secure channel.
  • • We do not prevent recipients from saving decrypted files once opened.

Cryptography Details

  • • Algorithm: AES‑GCM, 256‑bit key
  • • Nonce (IV): 12 bytes, random per upload
  • • Salt: 16 bytes, random per upload (passphrase mode)
  • • KDF: PBKDF2‑HMAC‑SHA256, 100,000 iterations
  • • Integrity: SHA‑256 over ciphertext prior to decrypt

Contact & Disclosure

For security questions or disclosures, contact security@shhh.click. We practice responsible disclosure and will respond promptly.