Question 1

How long is the protonURL available?

Accepted Answer

The protonURL and its content are deleted as soon as they are accessed. Additionally, protonURL has an automatic deletion policy for sharing links that are not accessed within 72 hours by default. It is possible to modify the lifespan of the link in the advanced options. This means that if the sharing link is not accessed during the selected duration after its creation, it will be permanently deleted from our servers. This measure is taken to ensure that shared data is stored on protonURL's servers for a limited time and to protect the confidentiality of the content.

Question 2

Is the data really deleted?

Accepted Answer

Yes.protonURL is designed to provide a secure and confidential content-sharing service. The service ensures that sharing links self-destruct after the first access, meaning that shared data can only be viewed once. This limits access to the shared data and reduces the risk of leaks or misuse.  Regarding data deletion, protonURL does not store shared data on its servers after it has been accessed. The shared data is temporarily stored on our servers only for the duration of the sharing link. Once the sharing link has expired or the data has been accessed, the data is automatically deleted from protonURL’s servers. This ensures that data is not stored longer than necessary and is securely and permanently deleted.  It should be noted that protonURL has an automatic deletion policy for sharing links that are not accessed within 72 hours or the duration selected in the Advanced Options. This means that if the sharing link is not accessed within this period after its creation, it will be permanently deleted from our servers. This measure is taken to ensure that shared data is stored on protonURL’s servers for a limited time and to protect the confidentiality of the content. This also applies to any attached files, which are permanently deleted from our filesystem at the same time.

Question 3

Are you really not keeping track of shared content?

Accepted Answer

protonURL is a service designed to ensure the security and confidentiality of shared data. The service guarantees that sharing links self-destruct after the first view and that shared data is automatically deleted from the protonURL.ch servers once the sharing link has expired or the data has been accessed. This ensures that shared data is not stored longer than necessary and that it is securely and permanently deleted.  Regarding traces of shared content, protonURL does not store a copy of the shared data on its servers and does not track the activity of viewing sharing links. This means that we do not keep any record of the shared content or of the people who have viewed the sharing links. This privacy policy is designed to protect users' privacy and ensure that shared data is only accessible to those who have received the sharing link.

Question 4

How are the contents of protonURLs stored?

Accepted Answer

Data stored on protonURL is encrypted with AES-256-CBC encryption. A different key and IV are used for each content. This means that even if an attacker manages to access the encrypted data, they will not be able to decrypt it without the corresponding IV. The IV is a random number that is generated for each piece of content when it is encrypted and is stored separately from the encrypted data itself. Encrypted data is stored on secure servers in Europe and is constantly monitored to ensure its security and confidentiality.  Attached files are encrypted with the same AES-256-CBC method and stored outside the web directory, making them inaccessible via HTTP. The original filename is also encrypted separately. Both the file and its metadata are permanently deleted upon first access or expiration.

Question 5

Is it possible to retrieve the content of a protonURL already consulted?

Accepted Answer

No, it is not possible to retrieve the content of a protonURL once it has been viewed and the sharing link has expired. When the sharing link is accessed for the first time, the shared content is automatically destroyed and can no longer be viewed or retrieved from the protonURL.  The automatic destruction feature of shared content is an important security measure to protect the confidentiality of the shared data and ensure that it can only be accessed once. This greatly reduces the risk of data leaks or misuse of confidential information.  It is therefore important to ensure that the people who have access to the protonURL have the necessary information to view the shared content upon first reading. If the recipients are unable to view the content of the protonURL within the given timeframe, it is recommended to recreate a sharing link with a new protonURL to ensure that the data remains protected.

Question 6

Is it possible to send a protonURL to multiple contacts?

Accepted Answer

No. As soon as the first contact consults the protonURL, its content will be erased, so the next contact who wishes to consult the content will no longer have access to it.

Question 7

Can I attach a file to a protonURL?

Accepted Answer

Yes. You can attach a file (up to 10 MB) when creating a protonURL. The file is encrypted with AES-256-CBC using the same key as the text — including your custom key if you use one. It is stored outside the web directory and is permanently deleted the moment the protonURL is first accessed, or when it expires. The recipient downloads the file directly from the reveal page, and like the text, it can only be accessed once.

Question 8

Is it possible to encrypt the contents of a protonURL with my own key?

Accepted Answer

Yes. You can activate this option by checking the box for it under the text box and filling in your key. Be sure to save it and pass it on to the person who will need to open your protonURL, because as we do not store users' private keys, without it it will be impossible to display the content. This key also encrypts any attached file — the recipient will need it to download the file as well.

Question 9

Do you store users' private keys?

Accepted Answer

No. This private key is used when creating the protonURL to encrypt the content but is not saved. It is therefore important that you keep it on your side and pass it on to the recipient in order that it can display the content.

Question 10

What happens if I enter the wrong private key?

Accepted Answer

The system will try to decrypt the protonURL with this bad key, the content will be displayed still encrypted, then as soon as it is displayed it will be deleted like a classic protonURL. Indeed, as we do not save the private keys, it it was not possible for us to test if the entered key is the correct one.

Question 11

Is this a fake URL shortener service?

Accepted Answer

No. protonURL is not primarily designed as a fake URL shortener.
                    Its main purpose is to let you create and share temporary links securely, without storing or tracking the original URL in any way.
                    
                    However, you can paste any URL and share a protonURL instead of the original one.
                    This means the main URL won’t appear in the link you send, which can sometimes look similar to a “fake URL shortener” — but there is no redirect manipulation, no tracking, and no hidden behavior.
                    
                    protonURL simply generates a clean temporary link, nothing more.

Question 12

Why did you create this service?

Accepted Answer

Simply because sending passwords, or sensitive content, by email or SMS is very risky, especially since this content remains available for months, and even years, in the inbox and in the sent items. 
                    With our system, all that will remain in these boxes is a link to content that no longer exists.

protonURL

Secure and confidential sharing

Tool used to share information secret, private or non-private
with a link whose content will be deleted on first reading.