戻る

Security at TeslaSend

TeslaSend is anonymous by design. There are no accounts, no passwords, no email addresses and no personal profiles, so there is nothing about you to steal, leak or sell.

Here is exactly what data the service touches and what happens to it, in plain language with no legal jargon.

No registration, no identity

You never sign up. When you open TeslaSend, your browser creates a random session on the spot, and that session is the whole "account". We don't know your name, your email or which car you drive. A session is nothing more than an anonymous list of links.

A session ID that cannot be guessed

Your session is identified by a UUID, a random ID with roughly 5.3 undecillion (5,300,000,000,000,000,000,000,000,000,000,000,000) possible values. Guessing one specific session by brute force is next to impossible.

On top of that, the database security rules forbid listing sessions entirely: the only way to open a session is to already know its exact ID from your QR code. Nobody can browse or list other people's sessions, not even us through the public API.

Deleted means deleted

When you delete a link, it is physically removed from the database at that moment. There is no soft deletion. Nothing is marked as "hidden" and quietly kept around, and there is no recycle bin. One-time links remove themselves right after being opened, and links with an expiry time are cleaned up automatically.

We only read the page title

To show a link nicely in your list, our server briefly fetches the target page just to read its title tag, then stops downloading as soon as the title is found. Only that short text (300 characters max) is stored next to your link. The content of the pages you send is never stored, indexed or analyzed.

Analytics without surveillance

The only tracking on TeslaSend is Google Analytics 4 with anonymous, aggregated usage stats: how many people visited and which pages they opened. There is no session replay, no screen recording, no keystroke logging, no ad trackers and no fingerprinting. Your links are never part of the analytics data.

Encrypted transport, strict storage

All traffic is encrypted with HTTPS (TLS). Links live in Google Firebase (Firestore) behind strict validation rules: the database accepts only a URL and a few small flags with hard size limits. Nothing else can be written to it.

Security FAQ

Can someone else see my links?

Only if they have your exact QR code or session ID. IDs are random UUIDs that cannot be guessed, and the database refuses to list sessions, so they cannot be found that way either.

Do you sell or share my data?

No. There are no accounts and no personal data to sell. Your links live in an anonymous session and are never shared with third parties.

What happens when I delete a link?

It is deleted from the database right away and physically, not just flagged as removed. There is no trash bin and no way to restore it.

Do you record my screen or what I type?

No. There is no session-replay or screen-recording software on the site. The only analytics is anonymous Google Analytics 4 page statistics.

Do you open the pages I send?

The server fetches the page only to read its title, so the link looks nice in your list. It stops downloading at the title tag, and only the title text is saved.

Private by default, nothing to set up

Open TeslaSend