ZipPigeon logoZipPigeon

Security model

ZipPigeon security model

A plain-English security model for teams evaluating how ZipPigeon protects private file delivery and what metadata still exists.

Send a private file See how it works

What ZipPigeon protects

ZipPigeon is designed to protect file contents before upload, store encrypted chunks and manifests, and grant access through account-bound shares or secure-link flows.

Browser encryption before upload

The sender browser prepares the encrypted package before storage. This is different from relying only on HTTPS or storage-provider encryption after the application has already handled readable file contents.

Recipient access paths

Known recipients can use account-bound sharing tied to recipient key material. Secure links reduce friction for external handoffs, but anyone with the full active link should be treated as having bearer access.

Expiration and archive behavior

Expiration, cancellation, revocation, and archive flows stop future service-mediated access. They cannot claw back a file that a recipient already downloaded and decrypted.

Metadata boundaries

Operational metadata such as account emails, recipient routing, timestamps, file sizes, transfer state, IP addresses, user agents, and audit events may still be processed so delivery and abuse prevention can work.

Security contact

Security reports should go to security@zippigeon.com with affected routes, reproduction steps, expected impact, and synthetic evidence where possible.

Frequently asked questions

What makes ZipPigeon useful for ZipPigeon security model?

ZipPigeon is useful when a sensitive file needs to reach a specific person without becoming an email attachment or a standing shared-folder permission.

Can ZipPigeon read my file contents?

The normal delivery model is designed so stored file data is encrypted and raw file keys are not sent to the server. Operational metadata is still processed.

What metadata is still processed?

Operational metadata such as account information, recipient information, timestamps, file size, delivery state, and audit events may be processed.

full security pageprivacy detailsbrowser-encrypted file sharingfile sharing security checklist

Send the file. Keep control of the link.

Use ZipPigeon when a file needs to reach the right person without becoming another attachment or shared folder to clean up later.

Send a private file