> THE_NEED_FOR_VAPORLINK
In an era of permanent digital footprints, VaporLink was built to provide a temporary bridge. We believe that not every file needs to live forever on the internet. Our mission is to provide a secure, fast, and weightless way to share data that disappears as quickly as it was sent.
Whether you are a developer sharing a quick beta build, a designer sending a draft, or a student sharing assignments, VaporLink ensures your files only exist as long as they are needed.
[ THE_ZERO_TRUST_CORE ]
The fundamental flaw in modern cloud architecture is the implicit requirement of trust. Users are forced to trust that administrators won't peek at their data, trust that backend servers won't be compromised, and trust that 'deleted' actually means deleted. VaporLink operates on a Zero-Trust Architecture.
We actively assume our own infrastructure could be compromised. Therefore, we design our systems so that even if a malicious actor gains full database access, they obtain nothing but cryptographically shattered ciphertext. We don't want your trust; we want to provide mathematical guarantees that your trust isn't required in the first place.
[ AUTOMATIC_ERASURE ]
Data is a toxic asset. The longer it sits on a server, the higher the probability of an eventual breach. VaporLink solves this through enforced Data Ephemerality. Our Edge functions run continuous TTL (Time-To-Live) sweeps across all storage buckets and database partitions.
When a file or secure note hits its 24-hour expiration threshold, it isn't just marked as 'invisible'—the storage pointer is physically overwritten, and the associated metadata is purged entirely from the Convex backend. We do not maintain delayed backups, shadow copies, or cold-storage archives of expired user content. Once it's gone, it is mathematically irretrievable.
> CRYPTOGRAPHY_&_CLIENT_SIDE_COMPUTE
The cornerstone of our privacy model relies on shifting the computational burden of cryptography away from our servers and directly into your browser's local memory sandbox. This is achieved through modern APIs like window.crypto.subtle.
When you utilize our Secure Note feature, for example:
- Your browser generates a cryptographically secure, random 256-bit encryption key.
- The plaintext message is encrypted locally using the AES-GCM (Galois/Counter Mode) cipher, which provides both confidentiality and data authenticity.
- Only the resulting encrypted ciphertext payload is transmitted to the VaporLink database.
- The decryption key never leaves your device. It is appended to the shareable URL as a fragment (the part after the
#). Because browsers explicitly do not transmit URL fragments to servers during HTTP requests, VaporLink Labs never sees or logs the key required to unlock your data.
This paradigm extends to our file tools as well. Image metadata stripping, WebP compression, and Hash generation all occur locally. Fast, private, and trustless.
> OUR_TECH_STACK
VaporLink is built on modern, distributed infrastructure designed for speed and reliability:
- ▪Next.js 14 App Router: Powering our high-speed, SEO-optimized frontend with React Server Components.
- ▪Convex: Serving as our real-time, strongly-typed backend and database with zero-latency synchronization.
- ▪Clerk: Handling enterprise-grade user authentication and secure session management.
- ▪Vercel Edge Network: Deploying content globally to minimize latency regardless of geographic location.
> SECURITY_FIRST_PHILOSOPHY
Our philosophy is simple: Security through Minimization. By minimizing the data we collect during onboarding, minimizing the time that data is stored through strict TTLs, and minimizing the metadata we retain regarding user behavior, we eliminate 99% of the attack vectors associated with traditional cloud storage providers. We build tools for developers, by developers, prioritizing privacy above all else.
VaporLink Labs // Built for the open, secure web. // Adherence to Zero-Knowledge Protocols