- Built in C++
- The core engine is native C++, giving PhotonFile direct control over streaming I/O, memory lifecycle, and how bytes move through the system. There is no interpreter or heavyweight application framework between your file and the wire.
- Live relay, short-lived state
- Relay streams encrypted chunks from sender to receiver while both sides are connected. It is designed for real-time forwarding, not stored delivery, background queues, or retained transfer buckets.
- Vault is persistence by choice
- Vault is the storage path for files that need to stay available after upload. Usage is based on stored capacity, so retained files are governed by how much you keep rather than the size of a single transfer.
- Performance narrows the exposure window
- Relay I/O is tuned for sustained, multi-gigabyte throughput. Faster completion means transfers spend less time in flight, with fewer moving parts between sender and receiver.
- Why we use relays instead of WebRTC
-
WebRTC is excellent for real-time audio and video, but
PhotonFile uses purpose-built relays for file transfer.
- Predictable connections. Relay traffic follows a single controlled path instead of negotiating many peer-to-peer candidates.
- No peer IP exchange. Sender and receiver do not need to expose network addresses to each other.
- Large-transfer tuning. PhotonFile relays are built for sustained file streams, not generic media sessions.
- Broad network compatibility. HTTPS and WSS work more reliably across corporate networks, firewalls, and mobile carriers.
The result is a consistent, private, high-throughput path designed specifically for moving files.
- Client-side encryption by default
-
PhotonFile applies a client-side encryption layer on top of
TLS before a file reaches the relay. Users can turn this
layer off for extra browser compatibility.
- A random symmetric key is generated per transfer with the browser's Web Crypto API.
- File chunks are encrypted with AES-GCM before upload, so relays only see ciphertext.
-
The key is kept in the link fragment (
#...), outside HTTP requests and server logs.
Anyone with the full link can decrypt in their browser. Without the key material, relay traffic is not useful on its own.
- Engineered to forget
- Relay minimizes surface area and lifetime: live transfer, short-lived state, no retained plaintext files, and no server-side decryption keys for client-side encrypted transfers. Vault exists for the opposite case: files you intentionally choose to keep.
- What we don't publish
- For security and competitive reasons, we do not publish internal network layout, server images, or detailed deployment maps. This page focuses on product behavior: Relay is short-lived by default, Vault is persistent by choice, and client-side encrypted transfers do not leave server-side keys to recover.
Public product overview for persistent client-side encrypted storage, sharing, versioning, and Secure Inbox.
Public technical security overview covering client-side encryption, vault isolation, scoped sharing, and post-quantum-ready key management.
Want the transfer comparison? View the comparison or read the FAQ.