Your files, your keys, your privacy
SG/Send encrypts files in your browser before upload. The server stores only encrypted data. Your decryption key never leaves your device.
Start Sending →How it works
Three steps. Zero knowledge. Complete privacy.
Encrypt
Your browser generates a unique encryption key and encrypts your file using AES-256-GCM via the Web Crypto API. This happens entirely on your device.
Upload
Only the encrypted ciphertext is uploaded. The server never sees your file’s contents, name, or decryption key.
Share
Share the download link. The decryption key is embedded in the URL fragment (#) — it never reaches our servers.
What makes SG/Send different
A side-by-side comparison with traditional file sharing services.
| Feature | Traditional Sharing | SG/Send |
|---|---|---|
| Encryption | Server-side (they hold the key) | Browser-side (you hold the key) |
| Who can read your files | The service provider | Only the recipient |
| File names visible to server | Yes | No |
| IP addresses stored | Yes, in plain text | Hashed with daily salt |
| Server-side decryption | Possible | Impossible by design |
| Pricing | Monthly subscription | Zero when idle |
Built for real-world use
From one-off transfers to enterprise data rooms.
Secure Document Transfer
Send contracts, financials, and legal documents. Zero-knowledge encryption means nobody between sender and recipient can read the contents.
Data Rooms
Create encrypted data rooms for due diligence, M&A, or board materials. Enterprise security without enterprise pricing.
Password Sharing
Share credentials, API keys, and secrets through an encrypted channel instead of plain-text email or chat.
AI Agent Coordination
AI agents use SG/Send to exchange encrypted files and keys, with full audit trails and PKI-verified identity.
Enterprise-grade features
Everything you need for secure file operations at scale.
AES-256-GCM Encryption
Military-grade authenticated encryption. Every file gets a unique key generated in your browser.
Zero-Knowledge Architecture
The server stores only ciphertext. No file names, no plaintext, no decryption keys ever touch the backend.
Self-Host Option
Run SG/Send on your own AWS account. Your infrastructure, your data, your control.
Immutable Audit Trail
Git-based audit logging. Every transfer, access, and event is recorded in an append-only, tamper-evident trail.
Token-Based Access Control
Fine-grained permissions with scoped access tokens. Control who can upload, download, and manage transfers.
Personal Encrypted Vaults
Persistent encrypted storage for each user. Files stay encrypted at rest with keys only you control.
Data Rooms with RBAC
Role-based access control for collaborative spaces. Set viewer, editor, and admin permissions per room.
API + MCP Integration
Full REST API plus Model Context Protocol support. Integrate SG/Send into any workflow or AI agent pipeline.
7 Deployment Targets
Lambda, Docker, Fargate, GCP Cloud Run, EC2, AMI, or CLI. One codebase, deploy anywhere.
Pay for what you use. Nothing when you don’t.
Traditional secure file sharing charges $10,000–35,000 per project. Modern alternatives cost $180–600/month whether you use them or not.
SG/Send runs on serverless infrastructure. When nobody is using it, it costs nothing. You pay only for what you use.
Try SG/Send →Open source. Verify everything.
SG/Send is open source. Verify our encryption. Audit our code. Run it on your own infrastructure.
View on GitHub →