Military-grade encryption, automatic expiry, and zero friction for recipients. No accounts. No compromise. Just secure file transfer on infrastructure you control.
Drag and drop your documents and set an expiry date. Files are encrypted with AES-256-GCM the moment they arrive.
Send your recipient a link. Or flip it: send them an upload invitation so they can send files to you.
They click the link and verify their email with a one-time code. No account to create. No password to remember.
When the deadline passes, the link dies and files are permanently deleted. No forgotten documents. No lingering data.
Recipients never need to register. A secure link and email verification is all it takes. No friction, no excuses for falling back to email.
Set the deadline — one day, one week, three months. When it passes, the link stops working and files are permanently deleted.
Every download, every access attempt, logged with timestamps, IPs, and identities. Each entry cryptographically chained — no one can alter records undetected.
Flip the flow. Send an upload invitation — they verify their email, upload their files, and you're notified the moment the package arrives.
Executables, scripts, and dangerous file types are blocked at three levels: extension, binary signature, and MIME type. A renamed .exe won't slip through.
Resumable uploads mean an interrupted connection doesn't mean starting over. Progress is preserved and transfer continues from where it left off.
Every file is encrypted before it touches the disk. Each package gets a unique encryption key, generated fresh at upload time. File names, sizes, and metadata are all encrypted too — no plaintext record of what you sent.
Encryption keys are protected by Azure Key Vault, running on a Hardware Security Module. The master key never exists on the server — not in memory, not in a config file. Even a complete server compromise leaves your files unreadable.
Passwords are hashed with Argon2id — the winner of the Password Hashing Competition. One-time codes and access tokens are never stored in plaintext. A full database leak reveals nothing usable.
Prosochi runs on a dedicated bare-metal server in Finland, inside the EU, subject to GDPR. No shared hardware, no shared hypervisor, no multi-tenancy. Your data doesn't sit next to anyone else's.
All traffic is encrypted in transit. Browsers are instructed via HSTS to never connect over plain HTTP. Session cookies are marked Secure and HttpOnly — inaccessible to scripts and never sent unencrypted.
Recipients don't just follow a link — they must also verify they control the email inbox it was sent to, using a time-limited one-time code. A forwarded or intercepted link alone won't grant access.
| Email / Cloud drives | Prosochi | |
|---|---|---|
| Encryption | Unencrypted between servers | End-to-end AES-256-GCM |
| File retention | Stored indefinitely | Automatic expiry you control |
| Access control | Anyone with the link / forward | Email verification + time-limited OTP |
| Audit trail | None or basic logs | Tamper-proof, cryptographically chained |
| Recipient setup | Account required / IT permissions | No account. No software. No friction. |
| Infrastructure | Shared, multi-tenant | Dedicated bare-metal EU server |
| File scanning | Your files are scanned / indexed | No scanning. No data mining. Ever. |
Exchange contracts, signed documents, and sensitive client communications without relying on email. Audit trails prove compliance.
Transfer financial statements, tax records, and due diligence files with expiry dates and access logs. No more "lost in the inbox" excuses.
Collect CVs, right-to-work documents, and onboarding forms securely. Candidates upload files without signing up for anything.
Share patient records and clinical documents with encryption that meets modern data protection standards. No shared infrastructure. No third-party scanning.