Security and Privacy

WhySave combines client-side encryption, short session lifetimes, strict validation, and endpoint protections to reduce transfer risk while preserving a simple user flow.

Security model

WhySave encrypts transfer data before upload. Sessions are generated with opaque identifiers and short expiry windows. Public endpoints include payload validation and per-IP rate limits to reduce abuse and brute-force attempts.

  • Client-side encryption prior to network transfer.
  • Short TTL sessions with expiry cleanup.
  • Strict checks for session validity and malformed fields.
  • Rate limiting on create, resolve, upload, and download routes.

Operational protections

WhySave applies security headers, no-store cache directives on sensitive screens, and constrained cross-origin behavior. Requests are handled with status-specific responses so failures are easier to diagnose without exposing internals.

Privacy behavior

WhySave follows a minimum-retention approach. Transfer payloads and session metadata are kept only as long as required for short-lived transfer and are removed at expiry or session end.

  • Stored: encrypted transfer payload and minimal session metadata.
  • Not stored: decrypted file contents and plaintext transfer data.
  • Cleanup: automatic expiry deletion and explicit end-session deletion.

Shared-link responsibility

Access to a transfer session depends on possession of its link or code during the active lifetime. For higher sensitivity transfers, use password mode and share the password separately from the session link.

WhySave • Security and privacy focused on temporary transfer control.