PhotonFile Logo PhotonFile
Ephemeral File Transfer Architecture (Ephemeral by Default)

The Engineering Behind PhotonFile

PhotonFile defines a new category, Ephemeral File Transfer: files are relayed live through encrypted memory, cleared from memory as soon as the transfer ends, and designed to operate ephemerally by default. Under the hood, PhotonFile is built in C++ for precise control over performance, memory lifecycle, and privacy-oriented behavior.

Built in C++
The entire relay engine is native C++. That choice gives full control over memory lifecycle, streaming I/O, and how bytes move through the system. There is no interpreter or heavyweight application framework between your file and the wire.
In-Memory Transfers
PhotonFile forwards data through memory during live transfer. Data is streamed in encrypted chunks from sender to receiver and cleared from memory when the session ends. The relay does not depend on stored delivery or background queues to complete a transfer.
Ephemeral by Default
Ephemeral File Transfer is designed around live delivery and short-lived handling. PhotonFile's default behavior is to relay in real time through encrypted memory and clear transient state when the session ends, reducing the long-tail risk that comes from retained data.
Performance as Privacy
In an Ephemeral File Transfer model, speed is not just convenience, it is part of privacy. Relay I/O is tuned for sustained, multi-gigabyte throughput without caching layers or job queues, so transfers spend less time in flight and have a smaller exposure window.
Why We Use a Relay Instead of WebRTC (STUN / TURN / ICE)
WebRTC is excellent for real-time audio and video, but its connection model is poorly suited for high-volume, Ephemeral File Transfer. PhotonFile uses purpose-built encrypted relays instead of STUN/TURN/ICE for several reasons:
  • Simpler, predictable connections. WebRTC requires extensive NAT traversal logic, ICE negotiation, and multiple connection candidates. Relays give a single, predictable, stable path every time.
  • No peer IP exposure. WebRTC exposes each client's network addresses to the other party. With PhotonFile's relay model, neither side ever learns the other's IP.
  • Controlled performance. TURN servers (the fallback for many WebRTC flows) were never designed for multi-gigabyte, high-throughput file streams. PhotonFile relays are tuned specifically for sustained large transfers.
  • Better privacy guarantees. With WebRTC, metadata such as ICE candidates, fingerprints, and DTLS handshakes are shared peer-to-peer. A relay keeps all signaling server-side and avoids passing identity-like network data to the recipient.
  • Easier encryption story. PhotonFile's model layers TLS + optional client-side AES-GCM cleanly. WebRTC enforces DTLS-SRTP under the hood, adding complexity and limiting control over the exact flow of encrypted file data.
  • Works everywhere without permission prompts. Many corporate networks, firewalls, and mobile carriers block or throttle WebRTC. HTTPS + WSS through a relay works reliably across essentially every environment.

Relays give a consistent, private, high-throughput path purpose-built for file transfer, not generic real-time communication. That matches the goals of Ephemeral File Transfer: simple, reliable delivery with a tight privacy envelope.

Client-Side Encryption (Optional)
PhotonFile supports optional client-side encryption for people who want an extra layer of protection on top of TLS. Encryption happens entirely in your browser before any bytes are sent to a relay.
  • A random symmetric key is generated per transfer using the browser's Web Crypto API.
  • File data is encrypted in streaming chunks (AES-GCM) on the client, and the relays only ever see opaque ciphertext.
  • The decryption key is kept in the link fragment (#...), so it is not sent in HTTP requests or written to server logs.
  • Anyone you share the full link with can decrypt the file in their browser; without the key material, relay traffic is not useful on its own.

This model is designed so that even if a relay is inspected after the fact, there are no retained keys and no plaintext files to recover, only short-lived encrypted traffic that was handled ephemerally by default.

Engineered to Forget

PhotonFile is designed from the ground up to forget by default. The system is built around live relay and short-lived state, with privacy-oriented defaults rather than long retention windows.

Minimize surface area. Minimize lifetime. Maximize privacy.

  • Relays handle transfer data in memory, keeping state short-lived and clearing it when the session ends.
  • There are no server-side keys. With client-side encryption enabled, keys never leave the browser and never enter relay traffic or logs.
  • State is deliberately ephemeral. Relays do not maintain upload histories, access logs tied to transfers, or any form of retrievable session data.
  • Decryption happens entirely in the browser. Because the key never leaves your browser, the relay only sees opaque ciphertext and cannot decrypt or recover anything.

This Ephemeral File Transfer architecture is designed so that after a session ends, the system has little to remember: no retained keys, no plaintext files, and no long-lived transfer state tied to your session.

What We Don't Share
For security and competitive reasons, we don't publish internal network layout, server images, or detailed deployment maps. The important part for you is the behavior: PhotonFile is engineered so that the Ephemeral File Transfer pipeline is ephemeral by default and does not retain encryption keys.

Want to see how this compares to storage-based services? View the comparison or read the FAQ.