Native End-to-End Encryption

Every transfer on Bam! uses TLS 1.3 (Transport Layer Security) connections that automatically encrypt all data in transit. This happens at the transport layer, without any configuration by the user.

Encryption is active by default on every transfer, regardless of the chosen plan. Data is encrypted in transit and never accessible in plaintext by our servers. No intermediary — including Bam! — can access file content during transfer.

Premium Password Encryption

Premium users can add an extra layer of protection with AES-GCM a 256-bit encryption. The encryption key is derived from the user's chosen password via PBKDF2 (Password-Based Key Derivation Function 2) with 100,000 iterations.

The entire operation happens through the native browser's Web Crypto API. The password is never transmitted or stored: only the sender and recipient know it. Completely zero-knowledge architecture.

Integrity Verification

Every transferred file is verified via xxHash128 hash. The hash is calculated on the sender side before sending and compared on the receiver side upon download completion, guaranteeing the file was not altered during transfer.

Temporary Storage

Your files transit temporarily on Cloudflare R2 and are automatically deleted: immediately after download in Burn mode, or when the link expires in Cloud mode (maximum 3 days). No data is retained beyond what is necessary.

Our servers exclusively handle signaling — real-time notifications between sender and recipient via Supabase Realtime. File content transits encrypted via HTTPS and is never accessible in plaintext from our infrastructure.

Vulnerability Reporting

We believe in collaborative security. If you discover a vulnerability or security issue, we invite you to responsibly report it to us.

Contact us at security@bam.app with a detailed description of the issue. We commit to responding within 48 hours and resolving confirmed vulnerabilities as quickly as possible.