privacy

creation is protected by Faros login.
shared links are short-lived.
stored content is encrypted.

share encryption

• content is processed by the Faros service during creation
• stored share blobs are encrypted
• the viewer decryption key lives in your url fragment
• url fragments are not sent during normal link opens
• public viewers need the full link including the fragment key

what we store

• encrypted share blob
• generic placeholder title ("Flare page")
• random fun description (not your content)
• timestamps (created, expires)
• content hash and creator metadata

viewer links

• anyone with the full public link can view until expiry
• password shares require the generated password
• burn-after-read shares are deleted after first successful view
• expired shares return gone

how encryption works

• AES-128-GCM encrypted share blobs
• per-share random key
• key stored in url fragment (#k=...)
• decryption happens in your browser
• Faros processes plaintext at creation time

how long

• 72 hours by default
• 168 hours maximum
• then it's gone forever
• burn after read: instant deletion after first view

cookies

• only for password-protected sites
• 24-hour session cookies
• no tracking cookies ever

third parties

• AWS handles infrastructure
• Faros logs operational metadata for abuse and reliability
• no ads

last updated: january 2026

back to Flare