How Sharebrand works
Sharebrand is a white-label file sharing platform for client-facing businesses. We help businesses share files securely under their own brand with custom domains, branded interfaces, and full control over the client experience. Your files, your brand, your control.
Data flow
- —File upload: You or your clients upload files to Sharebrand. Files are encrypted in transit and stored securely in redundant cloud storage.
- —Brand customization: Your branded portal is created with your custom domain, logo, colors, and messaging. Clients see your brand, not ours.
- —Secure sharing: Files are shared via secure links with optional password protection, expiration dates, and download limits.
- —Client access: Your clients receive branded emails and access files through your custom-branded portal. All interactions reflect your brand identity.
- —Data retention: Files are stored for the duration you specify. You maintain full control over file lifecycle and deletion.
Data & subprocessors
We keep our subprocessor list minimal. Each service listed below processes some form of customer data as part of operating the platform.
| Service | Role | Data involved |
|---|
| Cloudflare | CDN, DDoS protection, primary infrastructure | Request routing, security layer — no persistent customer data |
| Vercel | Application hosting and deployment | Hosting infrastructure — no persistent customer data |
| Supabase | Database and authentication | User accounts, workspace settings, file metadata |
| Backblaze | File storage and backups | Uploaded files, encrypted at rest |
| SimpleBackups | Automated backup orchestration | Database backups, secure transfer |
| Sanity | Content management system | Blog posts, documentation, marketing content |
| Stripe | Payment processing | Payment info handled entirely by Stripe — not stored by Sharebrand |
| Resend | Transactional email | Email address, notification content |
| Vercel Analytics | Web analytics | Usage patterns, performance monitoring — privacy-focused |
| Fathom Analytics | Privacy-first web analytics | Anonymous usage data — no personally identifiable information |
Data retention
- —Files and metadata are retained for the lifetime of your workspace or until you delete them.
- —Deleting files removes them from our storage within 30 days (to allow for recovery). You can request immediate hard deletion.
- —Deleting your workspace removes all associated files, branded portals, and user data. You can export everything first.
- —Backups are retained for 90 days in secure encrypted storage, then permanently deleted.
File storage & backups
All uploaded files are stored in Backblaze B2 cloud storage with redundant copies across multiple data centers. Files are encrypted at rest using AES-256 encryption.
Backup strategy
- —Database snapshots are taken every 6 hours and retained for 90 days.
- —File storage uses cross-region replication — your files exist in multiple geographic locations.
- —All backups are encrypted both in transit and at rest.
- —You can export your workspace data (files, metadata, user lists) at any time from your account settings.
Disaster recovery
In the event of a catastrophic failure, we maintain the ability to restore from backups within 24 hours. Our infrastructure is designed for 99.9% uptime, and we monitor all systems 24/7.
Encryption
- —Files in transit: All file uploads and downloads use TLS 1.3 encryption. Files are never transmitted in plain text.
- —Files at rest: All files stored in Backblaze are encrypted at rest using AES-256 encryption managed by Backblaze's infrastructure.
- —Database encryption: All database records (user accounts, file metadata, workspace settings) are encrypted at rest using AES-256, managed by Supabase's infrastructure layer (AWS).
- —Passwords: User passwords are hashed using bcrypt and never stored in plain text. Authentication is handled by Supabase Auth with industry-standard security practices.
- —Secure links: All file sharing links use cryptographically random tokens. Optional password protection adds an additional layer of security.
Access controls
- —Workspace data is strictly scoped by workspace ID. No workspace can access another workspace's files or data through the API.
- —Team members have role-based access. Workspace owners can assign Admin, Member, or View-only permissions.
- —File access is controlled through secure sharing links. Links can be password-protected, have expiration dates, and limit download counts.
- —Clients who receive files can only access files shared with them via their unique link. They cannot see your workspace, other files, or other clients' data.
- —Cloudflare WAF provides DDoS protection, rate limiting, and country-level blocking on all public-facing endpoints.
- —Two-factor authentication (2FA) is available for all accounts and required for workspace owners on paid plans.
GDPR
Sharebrand is built with GDPR principles in mind. We collect only the data necessary to operate the platform. No tracking pixels, no third-party advertising integrations, no sale of personal data.
Our analytics tools (Fathom Analytics, Vercel Analytics) are privacy-focused and configured without advertising features. No personally identifiable information is shared with advertising networks.
- —You can export all workspace data (files, metadata, user lists) at any time from your account settings.
- —You can request deletion of your workspace and all associated files and data.
- —Files you share belong to your workspace. Recipients can request deletion of files they received by contacting you or us directly.
- —We honor right-to-access, right-to-erasure, and data portability requests under GDPR.
For Data Processing Agreement (DPA) requests, contact us at privacy@sharebrand.com.
Certifications & current status
Sharebrand is committed to security and transparency. Here's where we stand on formal certifications and security practices:
| Item | Status |
|---|
| SOC 2 Type II | Planned |
| ISO 27001 | Planned |
| Third-party penetration test | Planned |
| GDPR compliance practices | Active |
| File encryption at rest (AES-256) | Active |
| TLS 1.3 in transit | Active |
| Cloudflare WAF & DDoS protection | Active |
| Redundant file backups | Active |
| 99.9% uptime SLA | Active |
Our infrastructure providers (Cloudflare, Supabase on AWS, Backblaze, Vercel) maintain their own SOC 2 Type II compliance and security certifications. We will publish our own formal certifications as we continue to grow.
Vulnerability disclosure
If you discover a security vulnerability in Sharebrand, please report it responsibly to security@tarkle.com.
- —We aim to acknowledge reports within 48 hours.
- —For critical vulnerabilities, we aim to provide a fix timeline within 5 business days.
- —Please do not publicly disclose vulnerabilities before we've had a chance to address them.
- —We appreciate responsible disclosure and will credit researchers who report valid security issues (unless you prefer to remain anonymous).
For general security questions not covered here, contact us at sharebrand.com/contact.