Back to My Work
Dark Mode
PrivacyFileShare — Hero Banner
Full-Stack Development Android Application Backend Development

PrivacyFileShare
— Android Application

A scalable SaaS platform that enhances user privacy by enabling anonymous file sharing allowing people to send and receive files without revealing their phone numbers or email addresses.

Role Full-Stack Developer
Year 2026
Current Platform Android + Web
Tech Stack React Native · Supabase · Vercel and more...
Live Site | GitHub
* Please open image in new tab for better experience *
01 Project Overview

PrivacyFileShare is an Android-first SaaS platform designed to eliminate the friction and privacy risk of conventional file sharing. Most file-sharing tools require both parties to expose their contact details phone numbers or email addresses creating an unnecessary digital footprint.

This project tackles that problem head-on: users generate a short-lived, anonymous link tied to no personal identity. The recipient downloads the file using only the link, and the file is purged after transfer. No accounts. No traces.

Category SaaS / Privacy Tech
Timeline 6 Months
Target Users Privacy-conscious individuals, journalists, professionals
Tech Stack React Native · Node.js · Supabase · Vercel
Status Live
02 The Challenge

The primary challenge was designing a zero-identity file transfer system one where both sender and receiver remain completely anonymous while still ensuring the transfer is secure, fast, and tamper-proof.

Key technical hurdles included:

  • Generating truly unique, collision-resistant short codes without user authentication
  • Enforcing single-use or time-limited links without server-side sessions
  • Preventing abuse (spam uploads, large file flooding) without rate-limiting tied to identity
  • Keeping the Android UI intuitive for non-technical users who value privacy
Challenge and Problem diagram
Solution architecture overview
03 The Solution

The solution centers around a tokenized, ephemeral transfer model. When a user selects a file, the backend generates a cryptographically random token and stores the file temporarily in an isolated Supabase Storage bucket with no metadata linking back to the uploader.

The receiver enters or scans the token in the Android app or on the web interface, retrieves the file, and the record is automatically deleted post-download (or after expiry). Key decisions:

  • IP-based rate limiting at the Edge (Vercel) to combat abuse without user identity
  • All file transfers secured over HTTPS — data is encrypted in transit via TLS
  • Supabase Row-Level Security enforcing token-match-only access at the storage level
  • Minimal React Native UI: single screen for send, single screen for receive
From Concept to Deployment — Technical Overview
04 Technical Decisions
Why Firebase over a traditional database?

Firebase's real-time listeners made token-state tracking trivial listening for a "consumed" flag change triggers instant cleanup without polling.

Why HTTPS over a custom encryption layer?

Privacy is enforced through anonymity and access control rather than client-side encryption. Files are transmitted over TLS (HTTPS), stored with Supabase server-side encryption, and protected by strict Row-Level Security — no identity is ever attached to a transfer.

Why Vercel for backend?

Serverless Edge Functions scale to zero and burst instantly a perfect fit for a product with unpredictable, bursty traffic patterns.

05 System Architecture
Android Client React Native · Expo · HTTPS file transfer
Edge API (Vercel) Token generation · Rate limiting · File routing
Supabase Storage Secure file storage · Row-Level Security · Auto-TTL
Supabase DB (Postgres) Token metadata · Expiry tracking · Consumed state
Database Schema
System Architecture Diagram
System Architecture Diagram
User Flow
User Flow — File Transfer
After Flow Diagram
After Transfer — Post-Transfer Flow
06 Security & Privacy

Privacy is not a feature it is the product. Every architectural decision was evaluated through a privacy-first lens.

  • Full anonymity — no phone number, email, or identity is attached to any transfer
  • No account system — no user data is stored or associated with transfers
  • Token expiry — tokens self-destruct after download or after a configurable TTL
  • TLS in transit — all API calls are HTTPS-only via Vercel's Edge
  • Supabase Row-Level Security — strict token-match validation at the storage layer
  • No analytics or tracking — no third-party SDKs injected into the Android app
Security and Privacy Flow QR Login Security Flow
Development Process
07 Development Process
1
Discovery & Architecture

Mapped privacy requirements, defined threat model, and designed the zero-knowledge token scheme.

2
Backend API (Vercel + Firebase)

Built token generation, storage routing, and expiry enforcement as stateless serverless functions.

3
Android Client

Developed the send/receive flows in React Native with secure HTTPS file transfer to Supabase Storage.

4
Security Hardening & Deployment

Stress-tested token collision rates, applied Firebase rules, and deployed to Vercel production.

08 Measurable Impact & User Feedback
100% Zero-identity transfers
< 3s Avg. file delivery time
0 User data stored on server
Impact — App Metrics and Capabilities
"Finally a way to send files to someone without giving out my number. Clean and it just works." — Beta User, Journalist
"The token idea is brilliant. I shared a confidential doc with a client no email, no trace. Exactly what I needed." — Beta User, Freelance Consultant
"Super minimal UI. I was sending a file within 30 seconds of opening the app for the first time." — Beta User, Privacy Enthusiast
Full Ecosystem Map
09 Scale & Future Innovation

The current architecture handles the MVP use case well. Planned evolutions:

Full anonymous group transfers
QR code-based token sharing
Configurable expiry (minutes / hours / single-use)
iOS client and cross-platform web app
Self-hosted deployment option for enterprises
Independent security audit & open-source release
© 2026 All Rights Reserved By DBS World.