Help Center

ShieldFive Help

Need help? Contact support

Security and privacy commitment

ShieldFive is built on zero-knowledge principles. Your files are encrypted client-side, and we cannot decrypt your file contents.

How is my data protected from unauthorized access?

ShieldFive implements multiple layers of security:

  • Database security: All your metadata is protected by row-level security policies that ensure you can only access your own data

  • Download protection: File downloads require single-use, time-limited tokens that expire after one use

  • Zero-knowledge encryption: All encryption happens in your browser before data reaches our servers

Where are my files physically stored?

Your encrypted files are stored securely using enterprise cloud storage (Backblaze B2). Files are stored with randomized, meaningless names that provide no clue about their contents or owners. ShieldFive cannot identify which files belong to which users based on storage alone.

What usage data does ShieldFive collect?

ShieldFive collects minimal telemetry to improve the service:

  • Analytics: Optional and can be disabled. When enabled, data is anonymized and scrubbed of personal information

  • Error reporting: Helps us fix bugs and improve stability. All reports are sanitized

  • Share access logs: IP addresses are hashed before storage to protect visitor privacy

We do not collect plaintext file contents. We cannot decrypt your files, and share-link passwords are never stored in plaintext.

Are public features protected from abuse?

Yes. All public-facing features include protections:

  • Rate limiting on all operations (typically 10 requests per minute)
  • CAPTCHA verification on contact forms and sensitive actions

  • Automated abuse detection to prevent denial-of-service attacks

These measures protect both ShieldFive's infrastructure and your data.

Why do I see the onboarding checklist?

We show a quick checklist before your first upload to reinforce the zero-knowledge model and reduce accidental data loss:

  • Lost passphrases cannot be recovered by anyone
  • ShieldFive cannot decrypt your files or reset your encryption keys
  • You are responsible for passphrase management

The checklist is recommended, but it does not block uploads.

How are download links secured?

File downloads use cryptographically signed, single-use tokens that:

  • Work only for the specific file and authorized user
  • Expire immediately after one use or after a short time period
  • Cannot be guessed, reused, or shared

This prevents unauthorized access even if someone intercepts a download link.

What happens when I delete my account?

Account deletion is permanent and irreversible:

  • All encrypted files are deleted from storage
  • All metadata, folders, and share links are removed

  • Active subscription records are removed from ShieldFive; billing providers may retain records required for legal compliance

  • Your account cannot be recovered after deletion

Make sure to download any files you want to keep before deleting your account.

Can ShieldFive access my passphrases or encryption keys?

ShieldFive cannot decrypt your files or recover lost passphrases. For protected share links, password verification happens server-side over HTTPS with hashed storage.

  • All encryption happens in your browser, not on our servers

  • Unwrapped vault keys stay on your device; share-link passwords may be submitted over HTTPS for verification

  • We only see encrypted data that we cannot decrypt

  • ShieldFive employees cannot access your plaintext file contents