Security
Last updated: 2026-07-11
How beeShare protects your files, your links and your account.
Files that never leave home
Local transfers move bytes directly between your devices on your own network. There is no cloud copy to breach — our servers never see those files.
Share-link protection
Every link address is a 256-bit random secret — practically impossible to guess. On top of that, senders can add a passcode, a required email (the recipient proves the address with a 6-digit code), one-time download, device binding (the link only works on the first device that opens it), and an expiry date.
Wrong passcodes and codes are strictly limited: too many attempts lock the link.
Downloads
A download only starts after all of the link’s protections pass, using a single-use ticket that expires in seconds. Opening or previewing a link can never quietly consume it.
Your account
Passwords are hashed with argon2id — the current best practice — and never stored in plain text. Sessions use short-lived signed tokens that rotate; resetting your password signs you out everywhere.
Stored files
Link files are deleted from storage when the link expires, is revoked, or completes its final download — whichever comes first.
Payments
Payments run entirely on Stripe. Card data never touches beeShare servers.
Server hygiene
Rate limits and attempt caps throttle abuse; link addresses are scrubbed from our own logs so logs never become a way in.
Found a problem?
If you believe you found a security issue, please tell us privately first: support@beeshare.app. We appreciate responsible disclosure.