What we do to protect your data

Security and Privacy

Built with zero-knowledge architecture and modern, battle-tested cryptography. No AI training, no backdoors—your data stays yours.

Client-side Encryption

Proven Cryptography

Files are encrypted with libsodium (XChaCha20-Poly1305 and Argon2id) directly in your browser before upload. ShieldFive never stores plaintext files or passphrases.

We built a zero-knowledge flow first: encryption happens locally, metadata (filenames/folders) is encrypted server-side, and passphrase entry always stays on the client. If you lose a passphrase, we cannot recover it—so the product reminds you to store it safely.

Built for today, transparent about tomorrow

We ship only what we document. Client-side encryption, metadata protection, delete-account compliance, and geofenced sharing are live today. Upcoming improvements—MFA, device approvals, desktop app hardening—are tracked publicly so you always know what’s next.

Protected by European Laws

All our infrastructure is located within the European Union and fully complies with the GDPR, one of the world’s strongest data protection frameworks.

Full GDPR-aligned storage. No cross-border data transfers. No vague consent forms. We believe your personal data should remain exactly that: personal. You’re in control.

EU Data Center

Physical and Digital Security You Can Trust

ShieldFive runs on infrastructure hosted in ISO 27001-certified data centers in Frankfurt, right in the heart of the European Union.

Your data never leaves strict GDPR jurisdiction. Supabase hosts our infrastructure in ISO 27001 data centers and we encrypt data before it leaves your browser, so storage providers only see ciphertext.

Because true privacy starts with full control over where and how your data is stored.

No Tracking with No Exceptions

Privacy isn‘t a feature, it‘s our foundation. We believe that access to privacy is a human right, not a premium option. We never track user activity or monitor file contents. Everything you upload is encrypted before it reaches our servers, so even under legal request, we are unable to access your files.

For abuse prevention we log country and a hashed IP (never the raw address) on share opens. Optional Sentry/PostHog are opt-in via env keys, and analytics properties are redacted to avoid leaking filenames or paths.

Filenames and storage metadata are also encrypted with a dedicated key before they hit Supabase. Our storage provider only ever sees random IDs—not the contents of your vault.

This means no ad targeting, no behavioral profiling, and no monetization of your data, ever. Your usage remains invisible to us and to third parties.

End-to-End Encryption by Default

Unlike most cloud services that only encrypt in transit, ShieldFive encrypts everything on your device before transmission. You choose the passphrase, ShieldFive never stores it, and metadata is encrypted server side for extra protection.

We cannot read your files, reset passwords, or provide decryption to third parties. Sharing flows emphasize separate passphrase delivery because that’s the only way we can honestly keep your vault zero knowledge.

Limited time special offer

Get 30% off ShieldFive Pro, for life.

Designed for privacy-first lawyers, journalists, NGO teams, and anyone tired of AI touching their files. No renewals. No dark patterns. Just a vault that works.

Offer ends June 30 or when 500 spots are gone.

Don’t miss your chance to go private.

Secure Your Lifetime Rate

Honest answers to real concerns

Straight Answers, No Marketing Nonsense

What is ShieldFive?
ShieldFive is a zero-knowledge, AI-free file manager built for people who can’t afford to be compromised. Your files are encrypted on your device before upload—so no one but you can read them. No scanning. No training. No backdoors. Just pure control.
How do I create a ShieldFive account?
Creating an account is quick and free. Click “Sign Up” in the top navigation, enter your email address and a strong master password, then verify your email. Once you’ve confirmed, you can log in and begin uploading files. Your master password unlocks your vault; each file has its own passphrase today (hybrid vault mode is on the roadmap).
How do I upload and encrypt files?
After logging in, click “Upload” and select the files you want to store. You’ll be prompted to enter a password for each file. The encryption happens locally in your browser—ShieldFive never sees your plaintext. Once encrypted, the files are sent to our servers for storage. You can monitor progress and later download or share each file using its unique passphrase.
How do I share a file?
To share, select the encrypted file in your ShieldFive dashboard and click “Share.” You’ll generate a shareable link and set a separate link password (if desired), an expiration date, or download limit. Anyone with the URL and the link password can decrypt and download the file—no account needed. This means you can share sensitive documents without revealing your email or giving full account access.
What happens if I lose a file’s password?
Because we never hold your file-level keys, if you lose a password for a specific file, ShieldFive cannot decrypt it. You should back up each file’s passphrase in a secure password manager or hardware vault. Only the lost file is affected—every other file in your account remains encrypted and accessible with its own passphrase or vault key.
How do I recover or avoid losing encryption passwords?
There is no recovery. Always store passphrases in a password manager or offline backup before uploading. The onboarding checklist and encryption modal require acknowledgment that we cannot restore lost keys.
How does geolocked access work?
Geolock restricts decryption to approved regions or countries. Even if someone gets the file link and password, it stays locked outside your allowed zone. It’s like a digital safe tied to a place—not just a password.
Why is my share blocked in my country?
If the sender geofenced a link, only allowed country codes can access it. Ask the sender to add your country to the allowlist or disable geofencing for that link.
What file types and sizes are supported?
There is no restriction on overall storage usage beyond your plan’s quota. You can upload any file type—documents, images, videos, archives, etc. Today uploads are gated by your plan and backend limits; Free is intended for small documents, and larger uploads require a paid plan. The Supabase bucket is configured up to 500 GiB per file, but frontend and plan limits are enforced below that until we ship large-upload UX.
Where is my data stored?
All encrypted files are stored in our centrally located EU data center. Regardless of where you or your recipients are located, your files remain encrypted at rest, and all decryption happens on your device. We never see unencrypted content—and by choosing a European data center, we keep your data under EU jurisdiction with robust security controls.
How do I configure two-factor authentication (2FA)?
We’re rolling out TOTP-based 2FA soon. Until then, choose a strong password, store file passphrases securely, and sign out on shared devices. We’ll announce when 2FA is available in Settings → Security.
Why do I still see used space after deleting files?
When you delete an encrypted file from ShieldFive, it moves to your “Trash” for 24 hours. During this grace period, the file remains recoverable if you change your mind. After 24 hours, the file is purged and its encrypted data is removed from our servers—then your used space reduces accordingly. You can also empty Trash manually to free up space immediately.
Do you scan or analyze any of my data?
No. We don’t scan, index, or train models on your data. ShieldFive is fully zero-knowledge by design—not just policy.
My payment failed—what should I do?
Update billing details and retry. If it still fails, contact support with your invoice ID. We log failed billing events and retry; a customer portal for payment updates is coming soon.

Start protecting what’s yours

Still using Google Drive?

Every day your files sit on Big Tech servers, they’re being scanned, indexed, or stored with questionable consent. ShieldFive gives you a clean break—real privacy, for real people.

Create Your Encrypted Vault

Free for NGOs and privacy-first individuals

Zero-Knowledge Encryption
EU Hosting
No AI or Model Training
Self-Destructing Links
No Usage Tracking
No VC. No Data Monetization.