No. Everything is encrypted in your browser with AES-GCM-256 before upload. The key is derived from a random value in the URL fragment (#…), which browsers never send to servers.

The symmetric layer — AES-GCM-256 with a PBKDF2-SHA256-derived key — is considered post-quantum safe. A quantum computer running Grover's algorithm halves the effective key length, so AES-256 retains 128 bits of post-quantum security, which remains far beyond any foreseeable attack. The key exchange uses a random secret embedded in the URL fragment rather than an asymmetric handshake, so there is no Shor-vulnerable RSA or elliptic-curve step to worry about.

There is no fixed size limit. Files up to 500 MB are encrypted in one pass; files above that are split into 128 MB chunks, each independently encrypted, and streamed directly to R2 via multipart upload — so your browser never holds the whole file in memory. Decryption is also streamed chunk-by-chunk straight to disk. In practice the ceiling is set by Cloudflare R2's multipart limit (~1.25 TB at 128 MB per part).

The full site and Worker source are open on GitHub. Read every line yourself, or fork it and run your own instance. Open the network tab while you use the site — you'll only ever see ciphertext leaving your machine.