🔒 Privacy First

Your Files are Secure

Every transfer on Tranzo is encrypted end-to-end by default, and files never touch our servers. Here's exactly how we protect your data.

Encryption

DTLS 1.2 / 1.3 — Transport Layer Security

WebRTC mandates DTLS (Datagram TLS) for all peer connections. This is the same family of protocols as HTTPS. Every byte of your file is encrypted before it leaves your device and decrypted only by the recipient's browser.

SRTP — Secure Real-Time Transport

The WebRTC DataChannel layer uses SRTP which provides message authentication and replay protection on top of DTLS. Tampering with data in transit is cryptographically detectable.

Zero Server Storage

Tranzo's signaling server exchanges only two things between peers:

  • SDP (Session Description Protocol) — describes codec and connection capabilities. Contains zero file data.
  • ICE Candidates — lists of IP addresses and ports for NAT traversal. Contains zero file data.

Once the peer connection is established the signaling server receives nothing further. Your files travel directly peer-to-peer.

TURN Server (Relay Fallback)

When two devices are behind strict NATs (common on mobile networks), a direct connection can't be established. In this case, a TURN relay is used as a fallback. The TURN server relays encrypted packets but cannot decrypt them — it only sees ciphertext, never plaintext file content.

Room Security

🔑 Room IDs

Room IDs are ephemeral — they exist only for the duration of a session. There is no permanent storage of rooms or their contents.

⏱ Short-Lived Links

Share links expire the moment you leave the room. Old links cannot be rejoined — a new room must be created.

👓 Rate Limiting

File offers are rate-limited server-side (max 5 per minute per socket) to prevent abuse from malicious clients.

👀 Accept / Reject Modal

Receivers always see an Accept/Reject modal before a file transfer begins. Nothing is downloaded without explicit consent.

What We Don't Do

  • We do not log file names, file sizes, or file types
  • We do not store any file content anywhere
  • We do not sell or share any user data
  • We do not require account creation or email addresses
Send Files Securely ⚡ Privacy Policy