THREE.WORD.SHARE

Privacy

Last updated: June 2026

threewordshare is built so we see as little of your data as possible. Here is what that means in practice.

Your files are encrypted before they leave your device

When you send a file, it is encrypted in your browser. The key is derived from your three words, so anyone you give the words to can open the file, and we only ever store the scrambled version plus a hashed form of the words.

So we do not keep your files or filenames in readable form. Being honest about the limits: the encryption is only as strong as the words. Because we store a hash of them, someone with access to our database could in theory work back to the words and open the file. The optional fourth secret word closes that gap. It never reaches us in any form, so a file locked with one cannot be opened by us at all.

What we actually store

  • The encrypted file, in Cloudflare R2, until it expires.
  • A hashed version of your three words that points to the file, plus a small encrypted blob of metadata, in Redis. We store a hash, not the words themselves, so the words cannot be read back out of our database.
  • An expiry on every transfer. When it is up, the file and its words are deleted and the words go back into circulation.

Accounts are three words too

Pro accounts do not use an email or a password. Your account is three words, and we store only a hash of them. That means we genuinely cannot recover them for you, so write them down. We keep your subscription status and a couple of device session tokens, nothing else about you.

Payments

Billing runs through Lemon Squeezy, which acts as the seller and handles the payment. Your card details go to them, not to us. We keep only the subscription id and whether it is active, so we know whether to unlock Pro.

What we do not do

We do not run ads. We do not load third-party trackers or analytics. We do not ask for your email. We set one cookie, and it exists only to keep you signed in to Pro.

Abuse prevention

We keep short-lived counters tied to IP addresses in Redis to rate-limit requests and stop spam. They expire within minutes and are not used to profile you.

Deleting your data

Every file deletes itself when it expires. Turn on burn-after-download and it is gone the moment it is fetched. Respin your account words or cancel Pro and the old record stops working.

Contact

Questions about any of this: hecodesforme.com.