Plain English.

What we can see

• · The label on the Teleport (e.g. Monthly export).
• · Sender IP, timestamp, and bytes transferred — for abuse prevention.
• · Your email and user id, if you signed in.
• · A hash of the password you set, if any. Never the password itself.

What we can't see

• · The contents of your files — bytes don't pass through us.
• · Anything inside the file (EXIF, author metadata, etc.).
• · Your Drive, beyond the one Teleports/ folder we write to. We use the narrow drive.file scope.

Where files live

Uploaded bytes sit in Vercel Blob (encrypted at rest). Files are split into chunks; we only share their URLs with whoever has pro access the teleport. If you chose Google Drive, the file streams from storage to your Drive via your browser — not through us.

Retention

• · Anonymous — 5 MB, deleted after 24 hours.
• · Signed in — 100 MB, 7 days.
• · Pro — 50 GB, 30 days.

You can revoke any Teleport at any time. A cron job sweeps expired files daily.

Encryption

In transit: TLS everywhere. At rest: server-side encryption. We don't do end-to-end encryption — put the file in an encrypted archive before uploading if that matters to you.

Abuse

Don't use this to distribute malware, CSAM, or facilitate illegal transfers. We cooperate with lawful takedowns and delete obviously abusive teleports on sight.