ttl.space

Features & use cases

End-to-end encrypted file transfer with a TTL on every link. Your browser encrypts, the server stores ciphertext, the clock runs down.

Try it free See Orbit plan

Who uses ttl.space

Developers

API keys, .env files, DB credentials. Ship them through a burn-after-read link; the secret never hits Slack message history, email archives, or data-export bundles. Read the pattern →

Lawyers

Privileged documents to counsel or clients without a third-party cloud keeping a copy after delivery. Link expires; the document doesn’t sit in someone’s Dropbox waiting for a subpoena. How to do it →

Banking & finance

Wire instructions, KYC packs, and account statements sent between institutions through a link that expires before the next audit cycle. No attachment sitting in the recipient’s mailbox for seven years of retention.

Healthcare

Lab results, imaging, referral forms. A time-limited link between practices or to a patient, instead of unencrypted email or fax.

Journalists

Source documents delivered end-to-end encrypted. Link expires before the next news cycle. No SecureDrop instance to stand up, no Signal number to exchange first.

Designers & agencies

Ship PSDs, Figma exports, or raw video cuts to a client before the NDA is signed. File expires on its own; their Dropbox doesn’t fill up with assets they haven’t paid for.

IT & onboarding

Hand off credentials and config to a new hire or contractor. Burn-after-read link: the audit log records the fetch timestamp, and there is nothing left to rotate a month later. The 30-second handoff →

What you get

End-to-end encryption

XChaCha20-Poly1305 over 64 KiB chunks. Argon2id key derivation: 3 passes, 64 MiB memory, 256-bit output. The browser does all the crypto before the first byte reaches the server. Read the internals →

Zero-knowledge server

The server stores ciphertext, a salt, and a nonce. That is it. The password is never transmitted. A subpoena returns bytes nobody on our side can read.

Self-destructing links

TTL from 5 minutes to 7 days on the free tier, up to 30 days on Orbit. When the clock expires the file is deleted from storage; there is no trash can and no restore path.

Burn after reading

Single-download mode. The file is deleted the moment the first successful GET completes. Use this when a second fetch would be one fetch too many.

No account for the basics

Free tier: 2 GB per file, 10 uploads/day, 10 GB/day per IP, 7-day max TTL. No signup, no email, no cookie banner. Orbit: 10 GB per file, 30-day TTL, 500 GB storage (up to 2.5 TB with add-ons), dashboard with on-demand delete and listing.

Command line

A single ttl send binary encrypts and uploads in one command. Fits in shell pipelines and CI jobs. CLI docs →

How it works

  1. Step 1

    Encrypt locally

    The browser derives a key from your password with Argon2id, then encrypts the file in 64 KiB chunks and uploads ciphertext. Nothing readable leaves the device.

  2. Step 2

    Share the link

    You get a URL. Anyone with the link and the password can download until the TTL expires, or until the first fetch completes in burn mode.

  3. Step 3

    Delete

    TTL expiry or the burn condition, whichever hits first. The object is removed from storage and the metadata row is purged on the next sweep.

Ready to try it?

Drop a file on the home page. No account, no email, nothing to install.

Start uploading CLI docs Read the blog