Questions we hear a lot. Briefly answered.

No. Drop a file, share the link. An account unlocks more — larger transfers, retention, branding, gallery delivery.

Shotdrive isn't only sending. With an account, transfers become branded galleries, music portfolios, and press kits — a full client workspace, end-to-end encrypted by default.

Free: 1 GB per file, 5 GB total. Creator: 25 GB per file, 500 GB total. Studio: unlimited.

Standard 30 days. With an account: extend, lock, password-protect, and set custom expiry — up to permanent on Studio.

Yes — AES-256-GCM, encrypted in your browser before they leave your device. The decryption key lives in the share-link fragment after #key= and never reaches our servers. File names, gallery titles, comments, and captions are encrypted the same way.

That a gallery exists, when it was shared, with whom, how many files are in it, and the total size — workflow metadata we need to power the inbox, dashboard, expiry sweeps, and plan limits. We cannot see the contents, file names, gallery titles, or comment text. The full list of what's encrypted vs server-readable is in our privacy page.

Because it would be misleading. Strict zero-knowledge would mean every byte we store is encrypted — but we store some workflow metadata in plaintext (bundle existence, file count, recipient list) so the product can power the inbox and the expiry sweeper. We call this Pragmatic E2EE: content is end-to-end encrypted; metadata is transparent. Three named carve-outs are documented in our privacy page.

An opt-in per gallery that makes the gallery title and cover image plaintext server-side so Twitter, LinkedIn, and iMessage can render a branded share preview. Off by default — when on, the editor shows a clear "🔓 Public" badge so you always see the trade-off. The full content of files remains end-to-end encrypted.

In the EU. GDPR-compliant. Storage is Cloudflare R2 (EU jurisdiction); authentication is Supabase (Frankfurt). Transparent about what sits where — see our DPA for the full sub-processor list.

If you own the gallery and you're signed in on the same browser, the key is in your local storage and your vault — you can re-share from the dashboard. If you're a recipient who lost the link, ask the sender for a new one. We cannot recover your key for you — that's the entire point of the model.

€13 per month. 25 GB per file, 500 GB total storage, branded galleries, password-protected links, custom expiry, read receipts, analytics. Cancel anytime, billed via Polar (EU merchant of record — VAT handled).

Soon — currently a waitlist. Studio (€39/mo) adds team workspaces + projects + client chat + custom domain on top of Creator, with 3 seats included. If you have a real launch-blocker need, write to support@shotdrive.io with "Studio waitlist" in the subject.

Yes. The Free tier sends files (1 GB per file, 5 GB total, 30-day retention) without an account — drop a file, share a link. With a free account you keep the same limits but get persistent galleries and the inbox.

Cancel anytime — your subscription stays active until the end of the billing period, then stops. We don't pro-rate cancellations in the standard flow. If something is genuinely wrong, write to support@shotdrive.io and we'll work it out.

Yes. Every sub-processor is EU-resident (Supabase Frankfurt, Cloudflare EU, Brevo France, Polar EU, Sentry EU region). A formal Data Processing Agreement is at /legal/dpa. Privacy page lists what we see, what we don't, and your data subject rights.

Yes — write to support@shotdrive.io with your company name and the email of your data protection contact. We send a Article 28 DPA for review. See /legal/dpa for what it covers.

At /legal/imprint — German §5 TMG and §18 MStV compliance details.

No. We can't — your files are encrypted in your browser before they reach us. There's no plaintext for any model to learn from. Our business is the product, not your data.

Email magic link or Google. More providers (Apple, Microsoft) coming as customer demand emerges. Authentication runs on Supabase (Frankfurt) — your sign-in is EU-resident.

The vault is how Shotdrive lets your encrypted galleries follow your devices without ever putting your decryption keys on our servers. You set it up with a passkey (Face ID / Touch ID / Windows Hello) and a recovery phrase. When you upload, the gallery key gets wrapped by your vault key, so it's recoverable on any device you've added to the vault — but never readable by us.

From /dashboard/account → Privacy → Delete account. We immediately anonymize your user record, mark every gallery deleted, and hard-delete your vault keys. Encrypted file ciphertext is removed from object storage within 30 days. Cancel your Polar subscription separately (one-click link in the deletion flow).

The recipient opened the gallery URL without the #key=... part at the end. Some chat apps strip URL fragments. Ask the sender to copy the full URL by clicking the gallery's share button (which assembles the link correctly) rather than the address bar.

Use a Chromium-based browser if you can — it has `showSaveFilePicker`, which streams the file directly to disk. Firefox and Safari fall back to OPFS or a 256 MB blob, which can struggle with very large files. The download will resume from the beginning, not mid-stream — that's a limitation of the streaming-decrypt design.

No — it's the strict Content-Security-Policy on /g, /d, /b doing its job. We don't allow third-party scripts on delivery surfaces. Browser extensions injecting scripts will trigger the warning but the page still works.

security@shotdrive.io. 48-hour acknowledgement, 90-day coordinated disclosure. The cryptographic implementation lives in the public repo under apps/shotdrive/src/lib/crypto/ — please write to us before public disclosure.