Trust & Safety

Your files and filenames are encrypted on your device and stay encrypted on ours. Because we do not hold the decryption keys, a few things are permanently off the table, no matter who asks:

• We cannot read file contents.
• We cannot read filenames or folder names.
• We cannot scan for illegal material, match against hash lists, or run any automated content moderation.
• We cannot recover a deleted file's content for anyone, including law enforcement.
• We cannot produce plaintext under subpoena, warrant, or National Security Letter.

This is not a policy we could relax if we wanted to. The keys do not exist on our servers. A court order requiring us to hand over plaintext would ask for something we cannot physically produce.

Running a service requires some data. We keep the minimum needed and nothing more:

• Account email and display name.
• File sizes, timestamps, and the sharing graph (who granted access to whom).
• Share link IDs and their status (active, revoked, expired).
• IP addresses briefly, typically one hour, for rate limiting. They are purged automatically after that and are not associated with uploads, downloads, or logins.

This is the shape of data that content moderation teams at other companies would augment with plaintext scans. We do not have that augmentation and will not build it.

If you received a SecureWarp share link and believe it contains illegal or abusive content, use the Report this content link on the share page. No account required.

Signed in users can report files shared with them from the drive's context menu.

You can also email trust@securewarp.com with the share URL and a description of what you saw. Include enough detail that we can act on the report without seeing the content ourselves, because we cannot.

Every report enters a human review queue. Since we cannot inspect the file, a reviewer reads your written description alongside the account metadata and decides whether to act. The actions available are narrow and targeted:

• Revoke the share link.Stops new downloads. The file stays in the uploader's account.
• Place an evidence hold on the file. Freezes it in place so the uploader cannot delete or reshare it while the report is under review. This does not give us access to its contents.
• Suspend the uploader's account. Logs them out and blocks them from signing back in until unsuspended.
• Ban the uploader's email and IP. Reserved for confirmed abuse. Prevents re-registration from the same email or recently used IP.

These are reversible until they are not. A revoked link can be unrevoked; an evidence hold can be lifted. A ban on the email of a confirmed CSAM uploader is permanent.

What we cannot do: undo downloads. If a recipient opened a link before it was revoked and saved the plaintext to their device, that copy is beyond our reach. This limitation applies to every end-to-end encrypted service.

Child sexual abuse material is the one category where we automate the first response. The moment a CSAM report is filed:

• The share link is revoked automatically.
• The uploader is emailed a neutral notice that their content is under review, with a reference number.
• IP preservation turns on for that account going forward, so subsequent logins, uploads, and downloads from the account are logged. Previously purged IPs cannot be recovered.

A human reviewer then decides whether to place an evidence hold, suspend the account, and file a CyberTipline report with the National Center for Missing & Exploited Children (NCMEC) as required by US law. Our NCMEC report contains the uploader's email, the timestamps we hold, the IP log where preservation was on, and the reporter's written description. It does not contain plaintext, because we do not have it.

Confirmed CSAM uploaders are terminated and banned from re-registering with the same email. IP bans are added where the preservation log identifies a signup or re-signup IP. NCMEC and law enforcement pursue the case from there.

A note on IP retention, because this is where reasonable people ask hard questions.

For the overwhelming majority of accounts, we do not keep IP addresses. They are held for an hour, used to prevent brute force attempts, and purged. That is the default and it does not change.

When a report is filed against a specific uploader, or when an admin opens an investigation on a specific account, IP preservation turns on for that account only. From that point forward, logins, uploads, downloads, and link creations from the account are logged. The IPs are hashed, not stored in the clear. Preservation is per account, not global, and is lifted when the investigation closes unless the account was terminated.

We do this so that when law enforcement presents valid process about a flagged account, we can respond with the IP log we lawfully held, rather than nothing. We do not run a continuous surveillance log on the rest of the userbase to make that possible.

We respond to lawful process (subpoenas, court orders, search warrants) served on SecureWarp. What we can produce is narrowly bounded:

• Account email, registration timestamp, and display name.
• Login history and the IP log for accounts under preservation.
• File metadata: size, creation and deletion timestamps, evidence-hold status.
• The sharing graph: which accounts were granted or received access, and when.
• Share link history and revocation status.
• Reports filed by or against the account.

What we cannot produce: plaintext file contents, filenames, folder structure, or anything that would require a decryption key. No court order can change that, because the keys do not exist on our side.

Law enforcement requests should be directed to trust@securewarp.com. We notify affected users of legal process unless the law prohibits it.

If you hold copyright on material being shared through SecureWarp without your authorization, send a DMCA notice to trust@securewarp.com. Include:

• Your contact information and electronic or physical signature.
• The work or works you claim are infringed.
• The SecureWarp share URL of the allegedly infringing material.
• A statement of good faith belief that the use is not authorized.
• A statement under penalty of perjury that the information is accurate and that you are authorized to act.

We process compliant notices by revoking the share link and notifying the uploader, who may submit a counter notice. Repeat infringers are terminated.

Reports are rate-limited and deduplicated. A pattern of false reports targeting a specific user or link can itself result in action against the reporting account or IP. If you submit a report under penalty of perjury (e.g. DMCA), knowingly false statements carry legal liability.

Because the initial automated response is deliberately narrow (link revocation and a neutral notice to the uploader), an abusive reporter cannot use this system to delete files, suspend accounts, or impose bans. Those actions require a human reviewer.

We will publish a periodic transparency report summarizing the volume and categories of reports received, the actions taken, and the number of law enforcement requests received. It will not identify individual users or content.

Trust and safety: trust@securewarp.com
General: hello@securewarp.com