Coming Q3 2026 — early access open

Send files.
Not data.

Nullsend is the white-label file transfer platform that physically cannot read your files. End-to-end encrypted in your browser, before anything leaves your device.

Get early access See how it works
acme.nullsend.io
$ uploading contract-v4-final.pdf (8.4 MB) → generating 256-bit key in browser → encrypting with AES-256-GCM → uploading ciphertext ✓ encrypted — server sees only ciphertext share: acme.nullsend.io/d/8f3a2b#k=•••••
What we cannot do

The features other file transfer companies don't list.

Nullsend's architecture means certain things are not just policy-restricted — they're cryptographically impossible. That's the entire product.

We can't read your files

Files are encrypted in your browser before upload. Our servers see only ciphertext.

We can't train AI on them

You can't train on what you can't see. No model, ours or anyone else's, gets your data.

We can't hand them over

A subpoena gets ciphertext and metadata. Useless without the key — which we never have.

We can't preview them

No thumbnails. No previews. No virus scanning. These trade-offs are the point.

We can't recover them

Lose the link, lose the file. Forever. By design — anything else is a backdoor.

We can't change our mind

Architectural guarantees don't depend on a Terms of Service we could change next year.

How it works

Three steps. One encryption key. None of them touch our servers.

The key is generated in your browser, lives in the share URL, and is never transmitted to Nullsend. This is how end-to-end encryption is supposed to work.

01 / encrypt

In your browser

When you drop a file in, your browser generates a random 256-bit AES key and encrypts each chunk locally. The plaintext never leaves your device.

02 / upload

Ciphertext only

Encrypted chunks stream directly to EU-resident storage. Our servers store ciphertext and metadata. We see what you uploaded, not what's in it.

03 / share

Key in the URL fragment

The decryption key lives after the # in the share URL. By web standards, fragments never reach the server. Share the URL; only the recipient can decrypt.

End-to-end encryption flowFile is encrypted in the sender's browser, ciphertext goes to Nullsend's storage, recipient downloads ciphertext and decrypts in their browser using the key from the URL fragment.SENDER · BROWSERfile.pdf+ AES-256 key→ ciphertextciphertextNULLSENDEU storagestores ciphertextno key, everciphertextRECIPIENT · BROWSERkey from URL #→ decryptfile.pdfkey travels in URL fragment — never via server
Built for business

Privacy infrastructure, not a privacy promise.

Everything you'd want from a modern file transfer platform, with the architectural guarantee that we cannot read what passes through.

White-label

Your subdomain, your brand, your colours. Recipients see files.yourfirm.com — not ours.

AES-256-GCM

Industry-standard authenticated encryption. WebCrypto-native. No custom crypto, no rolled-our-own anything.

EU data residency

Ciphertext stored in EU-Central. GDPR-compliant by architecture. DPA available before signup.

Auto-expiry

Files self-destruct on a schedule you set — 7, 30, 90 days, or on first download. No manual cleanup.

Optional passwords

Add a recipient password for two-factor access. Stretched with Argon2id; we still can't see the key.

Team access

Admin, sender, and view-only roles. Per-user audit log of who sent what — never of what's in it.

Branded delivery

Recipients get email from your-firm@, not noreply@nullsend. Custom SMTP on Growth and above.

Honest pricing

Flat monthly per tier. Overage at £0.05/GB. No tracking pixels, no upsells, no surprise renewals.

Pricing

Four tiers. No free plan. 14-day money-back.

Nullsend is B2B-only. There's no free tier because there's no advertising revenue, no data resale, and no other way for the lights to stay on. Pick a tier; pay monthly.

Starter
£19/mo

For solo practitioners and small studios.

  • 50 GB storage
  • 5 GB per transfer
  • 3 users
Growth
£49/mo

For agencies and small firms.

  • 250 GB storage
  • 20 GB per transfer
  • 10 users · custom SMTP
Business
£99/mo

For mid-size practices and studios.

  • 1 TB storage
  • 100 GB per transfer
  • 50 users · 90d retention
Enterprise
£199+/mo

For regulated industries.

  • Custom storage
  • Unlimited transfer size
  • DPA · audit logs · SLA

Ex-VAT. UK and EU billing only at launch. Full pricing

Early access

Stop trusting promises.
Start trusting architecture.

Join the early-access list. We'll email you when accounts open in Q3 2026, and you'll get 20% off your first three months as a founding customer.

No spam. No third-party tracking. Unsubscribe in one click.