CleanMetadata

How We Protect Your Files

Complete transparency about our security and privacy measures

Zero file retention • Privacy-first analytics • Military-grade encryption
View Code on GitHub
Back to File Upload

Encryption at Rest

Every uploaded file is immediately encrypted using AES-256 encryption with a unique session key before being written to disk.

Technical Implementation:
• Algorithm: AES-256 in Fernet mode (IETF RFC 3394)
• Key derivation: PBKDF2 with SHA-256, 100,000 iterations
• Session keys: 32-byte random tokens per user session
• No master keys stored on server

Your files are never stored in plain text - not even for a microsecond.

Auto-Deletion

Files and encryption keys are automatically deleted after 10 minutes maximum. No exceptions, no recoveries, no backups.

Deletion Process:
• Background cleanup runs every 60 seconds
• Files older than 10 minutes are permanently removed
• Session encryption keys expire with browser session
• Zero data persistence beyond cleanup window

Once deleted, your files cannot be recovered by anyone - including us.

Privacy-Focused Analytics

We use Fathom Analytics - a privacy-first service that tracks basic usage without personal data collection or cookies.

What We Collect (via Fathom):
• Page views and basic traffic patterns
• GDPR and CCPA compliant analytics
• No personal information or IP addresses
• No cookies or cross-site tracking
What We DON'T Collect:
• File names, contents, or metadata
• Individual user identification
• Browser fingerprints or user agents
• Cross-site behavioral tracking

Fathom is designed to respect privacy while providing essential traffic insights.

Transparent Third-Party Services

We use minimal, privacy-focused third-party services. Check your browser's network tab to verify our connections.

Third-Party Services Used:
• Fathom Analytics (privacy-first, no cookies)
• Bootstrap CSS from trusted CDN
• Basic ad networks (minimal cookie usage)
• Lucide icons from CDN
What We Avoid:
• Google Analytics or Facebook Pixel
• Invasive tracking or user profiling
• Cross-site data sharing
• Personal data monetization

Verify for yourself: Open DevTools → Network tab while using our service.

Processing Security
  • Files decrypted only during processing
  • Temporary files immediately deleted
  • Memory cleared after each operation
  • No swap file or disk cache retention
Technical Guarantees
  • No database or persistent storage
  • Session-isolated encryption keys
  • Automatic cleanup on server restart
  • File validation before processing

Our Privacy Promise

We built CleanMetadata because we believe privacy is a fundamental right. Your files are yours alone - we never see them, store them, or profit from them.

This page explains exactly how we protect your data. If you have technical questions about our security implementation, feel free to inspect our open-source code.

See example encryption metadata 
{
  "algorithm": "AES-256-Fernet",
  "salt": "f54a3d8b2c1a9e7d6c5b4a3f2e1d0c9b8a7f6e5d4c3b2a1f",
  "iterations": 100000,
  "ciphertext": "v0F0aGlzSXNBVGVzdEZpbGVDb250ZW50Rm9yRGVtb25zdHJhdGlvbj...",
  "session_key_hash": "sha256:a1b2c3d4e5f6...",
  "created_at": "2025-06-18T23:44:15.123Z",
  "expires_at": "2025-06-18T23:54:15.123Z"
}