Frequently Asked Questions
Quick answers about security, privacy, sharing, and practical limits.
Can encrypted file sharing services like encrypt.lu read my files or password?
Short answer: No.
All encryption happens locally in your browser before upload. We never receive your plaintext files, password, or decryption key—making encrypt.lu a true end-to-end encrypted file transfer service.
What is stored on the server for encrypted file sharing (Secure Link)?
Only encrypted data and minimal transfer metadata (expiry, retention, and download counters). The server cannot decrypt your data.
What if I lose my password or random key for an encrypted share?
Recovery is not possible. Because keys never leave your device, there is no reset mechanism. Keep your password or key in a safe place.
What is the difference between Password and Random Key mode?
Password mode uses your password to generate a secure encryption key (via Argon2id).
The strength of your encryption depends on your password.
Random Key mode generates a high-entropy key instantly.
This provides maximum security, but the key must be stored safely.
Is a secure encrypted sharing link enough to decrypt on its own?
Only if no additional password was set. If password protection is enabled, the recipient must also enter that password.
How long does encrypted file sharing keep uploaded files?
Only for the retention period you select (10 minutes to 3 days), or until first download if you enable one-time download.
Do I need to create an account to send encrypted files?
No, you can start sending encrypted files instantly without creating an account.
For larger files or extended usage, we may ask for a quick email verification to continue.
This helps prevent abuse while keeping the service simple and accessible.
How does encrypt.lu compare to WeTransfer or Google Drive in terms of privacy?
encrypt.lu uses end-to-end encryption, meaning only the sender and recipient can access the files.
In contrast, services like WeTransfer or Google Drive rely on server-side encryption, where the provider can access the data.
We cannot access your files—even if we wanted to.