ZipPigeon logoZipPigeon

Security

How ZipPigeon protects your files

See how ZipPigeon protects files before upload, what the service still handles, and where the current limits are.

Send a private file See how it works

What ZipPigeon handles

ZipPigeon needs some delivery details to work: account emails, recipient emails, timestamps, file sizes, transfer status, download counts, audit events, IP addresses, user agents, and abuse-prevention signals.

What stays out of reach

File contents are encrypted in the browser before upload. Raw file keys, private account keys, recovery codes, and secure-link URL fragments should not be sent to the server during normal use.

How files are protected

Your browser encrypts the files before upload. ZipPigeon stores encrypted chunks and an encrypted manifest, then prepares access separately for each sender, account recipient, or secure-link flow.

How account sharing works

Account recipients have public keys for encrypted sharing and signatures. Browser-created account shares can tie the recipient, key fingerprint, encrypted key envelope, upload, and expiration into a signed grant.

How secure links work

Secure links are useful for quick guest access. They are also bearer access: anyone with the full active link may be able to open the transfer.

What metadata remains

Encryption protects file contents, not every surrounding detail. Keep secrets out of filenames, notes, email subjects, and recipient labels.

Audit status

ZipPigeon has security smoke tests and documented crypto design notes. It should not be described as SOC 2, HIPAA, ISO 27001, or independently audited until those assessments are completed for the deployed service.

Still on the roadmap

ZipPigeon does not yet include public key transparency, hardware security modules, enterprise SSO enforcement, data residency guarantees, formal compliance attestations, or post-quantum recipient key wrapping.

Vulnerability reports

Send security reports to security@zippigeon.com with affected routes, reproduction steps, impact, and synthetic evidence where possible.

private file deliverysecure file sharingencrypted file sharinghow to send confidential files securely

Send the file. Keep control of the link.

Use ZipPigeon when a file needs to reach the right person without becoming another attachment or shared folder to clean up later.

Send a private file