PRIVACY
Last updated: January 2025
The Short Version
We are not a storage company. We are a deletion company. Delivery is just a temporary state.
Burnbox is designed to know as little about you as possible. We cannot read your files. We do not track you. We do not sell data.
What We Collect
| Your files | Encrypted (we cannot read them) |
| Filenames | Encrypted |
| IP addresses | Not logged by Burnbox* |
| Account info | No accounts required |
| Cookies | None |
| Analytics | None |
| File size (approximate) | Temporarily stored |
| Expiry timestamp | Temporarily stored |
* Burnbox application code does not log IP addresses. However, our hosting providers (Netlify, Supabase) may retain standard server logs including IP addresses for security and DDoS protection as part of their infrastructure operations.
How Encryption Works
Your files are encrypted in your browser using AES-256-GCM before being uploaded. The encryption key is generated locally and included in the share link (after the # symbol). This key is never sent to our servers.
We store only encrypted data. Without the key (which only you and your recipient have), the files are unreadable — even to us.
Data Retention
Burn after read: Files are deleted immediately after the first download.
Expiry: Files are automatically deleted after your chosen expiry time (1 hour to 30 days).
No backups: Once deleted, files cannot be recovered.
Third Parties
Hosting: Netlify (serves the website)
Storage: Supabase (stores encrypted blobs)
Fonts: Google Fonts
We do not share, sell, or provide access to your data to any other third parties. Our hosting providers may collect basic server logs (IP, timestamp) as part of their standard operations, but we do not access or use this data.
Law Enforcement
If we receive a valid legal request, we can only provide what we have: encrypted blobs that are unreadable without the decryption key. We do not have access to your keys, your files, or your identity.
Your Rights
Since we don't collect personal data, there's nothing to request, correct, or delete. Your files are automatically deleted based on your chosen settings.
Changes
We may update this policy occasionally. Significant changes will be noted on this page with an updated date.
Contact
Questions? Email privacy [at] burnbox [dot] au