DirectFileTransfer is designed with security as a core principle. Your files never touch our servers — they transfer directly between devices with end-to-end encryption.
All file transfers are encrypted using DTLS (Datagram Transport Layer Security) with 256-bit AES-GCM. Encryption keys are negotiated directly between the two browsers — our server never has access to them.
Our signaling server only helps establish the initial WebRTC connection. Once connected, all file data flows directly between devices. We cannot see, intercept, or store your files.
For additional security, you can set a password on your transfer room. Only people with the correct password can join.