Secure Share

Learn how to securely share data with client-side encryption and passphrase protection. Your data is encrypted on your computer before transmission - we never see your raw data or passphrase.

How Secure Sharing Works

Secure sharing uses zero-knowledge architecture where your data is encrypted on your computer before any network transmission. Here’s how the process works:

Encryption & Upload Process

Encryption and Upload Flow
Your data is encrypted on your computer before any network transmission - the cloud storage only receives encrypted data it cannot decrypt

Download & Decryption Process

Download and Decryption Flow
Recipients download encrypted data and decrypt it locally on their own computer - without the correct passphrase, the data remains encrypted

Key Security Features

  • Client-Side Only Encryption: All cryptographic operations happen on your device
  • Zero-Knowledge Storage: We only store data we cannot decrypt
  • Unique Random URLs: Each share gets a randomly generated URL
  • End-to-End Security: Decrypted data only exists on sender’s and recipient’s computers
  • Automatic Deletion: Encrypted data expires and is permanently deleted
  • PBKDF2 Key Derivation: Industry-standard password-based key derivation with 64,000 iterations

Step-by-Step Instructions

1. Access Your Data

You can access the share panel from several places:

  • Execute a query - run any SQL query to display results
  • Open a table - browse any database table
  • Export a notebook - share all or part of your notebook analysis

Once you have data displayed, you can proceed to share it securely.

2. Open the Share Panel

Click the share icon on the right.

Share Panel
Access the sharing options by clicking the share icon

3. Configure Options

Share Panel Detail
Configure your sharing options and security settings - encryption happens on YOUR device

  1. Format: Choose the format for your data from options such as CSV, Excel, HTML, Web Page and Markdown. This allows you to customize the data based on the preferences or requirements of your audience.

  2. Storage Region: For data compliance purposes, select the region where the data will be stored. This ensures that your data storage aligns with local regulations and standards.

  3. Delete After: Decide when the data should automatically expire and be deleted from storage. This step is crucial for managing data retention and ensuring that sensitive information is not accessible indefinitely.

  4. Passphrase: CRITICAL SECURITY FEATURE: Enter a passphrase or generate one randomly. This passphrase:

    • Stays on your computer - never transmitted to storage
    • Encrypts your data locally before any upload
    • Must be shared separately with recipients (never through our system)

  5. Name: Give your data file a clear and identifiable name to make it recognizable for both you and the recipients.

4. Share

Now click Share.

What Happens Next - Client-Side Encryption:

  • Step 1: Your data is encrypted on your computer using your passphrase
  • Step 2: Only the encrypted data is uploaded to a unique, randomly generated URL
  • Step 3: We store encrypted data we cannot decrypt in cloud storage (S3 compatible)
  • Result: Recipients access the encrypted data via the unique URL
Share Complete
Secure sharing complete - your encrypted data is safely stored and only you have the key

A link for the encrypted data is provided, along with options to copy, email or visit the link.

Important Security Practice: Share the link and passphrase separately for maximum security:

  • Send the unique URL via email/message
  • Share the passphrase through a different channel (phone, separate message, etc.)
  • This ensures that even if one communication is intercepted, your data remains secure

5. Recipient Access

When recipients visit the unique URL you shared, they download the encrypted data and must enter the passphrase to decrypt the data on their own computer. This maintains end-to-end security because:

  • Encrypted data travels over the network (never plain text)
  • Decryption happens on the recipient’s computer (not on our servers)
  • Only the passphrase holder can decrypt the data

This zero-knowledge approach ensures that sensitive information never exists in an unencrypted state during transmission or storage.

Security Architecture Details

Zero-Knowledge Security Model

Our secure sharing system is built on a zero-knowledge architecture:

  • Client-Side Only Encryption: All cryptographic operations happen on your device
  • Encrypted Storage: We only store data we cannot decrypt
  • Automatic Deletion: Encrypted data expires and is permanently deleted
  • End-to-End Security: From your device to the recipient’s device

This approach guarantees that your sensitive information remains completely private - even our own systems cannot access your decrypted data.

Technical Encryption Details

Here are the technical details of our client-side encryption process that ensures zero-knowledge security:

Client-Side Only Operations

ALL cryptographic operations are performed on YOUR computer using the browser’s native Web Crypto API. This means:

  • Encryption happens before any network transmission
  • Your passphrase is never stored by our system
  • We receive only encrypted data we cannot decrypt

Secure Key Derivation

A cryptographic key is derived on your computer from your passphrase using industry-standard methods:

  • Algorithm: PBKDF2 (Password-Based Key Derivation Function 2)
  • Hash Function: SHA-512
  • Key Length: 256 bits
  • Iterations: 64,000
  • Cipher: AES-GCM

Data Encryption Process

  • A random initialization vector (IV) is generated on your computer for each encryption
  • Your data is encrypted locally on your device using AES-GCM cipher

Secure Upload & Storage

  • Only encrypted data is transmitted to cloud storage (never plain text)
  • Unique, randomly generated URL created for each share
  • We store the encrypted data + random salt + IV (but NOT your passphrase)
  • We cannot decrypt your data - we don’t have your passphrase
  • Data expires automatically and is permanently deleted