Yes. Up to 100 MB per file and up to 3 files per request are free. Files expire in 72 hours unless you pay $2 to extend by 30 days, or pay to group them into a 30-day space for $5.

Do I need to sign up?

No. Anonymous use is the default. You can optionally attach your email so you can recover files later if you lose the share link.

How long do files last?

Free files expire in 72 hours. After that there is a 7-day grace period during which a $2 extend will bring the file back for 30 more days. After the grace period the storage is permanently purged.

Can AI agents use quik.space?

Yes. quik.space exposes an MCP (Model Context Protocol) server and accepts the x402 standard for stablecoin micropayments on Base. Agents do not need API keys or signup — their wallet is their identity.

What file types are supported?

Any file up to 5 GB. The recipient page renders inline previews for images, audio, video, PDFs, markdown, HTML (sandboxed), Microsoft Office docs, and plain text or code.

Is quik.space safe

The honest version. What we do, what we do not do, and what to email if you find a problem.

Who can access your file

Only whoever holds the share URL. The share ID is an 8-character random string with roughly 218 trillion possible combinations — practically unguessable. There is no public index, no search engine for shared files, and we never list other people's uploads. If you do not share the link, nobody finds the file.

Retention defaults

Free uploads live 72 hours from the moment the upload finishes. After 72 hours the file enters a 7-day grace period where the share page shows a paid-recovery prompt. After grace ends, the file is permanently purged from storage and from backups within a short rotation. The maximum default storage window is 72 hours plus 7 days — about 10 days total — and that requires nobody paying to extend. Most files are gone by hour 73.

Moderation

Every upload's SHA-256 hash is computed and checked against a blocklist of known-bad content. The blocklist is aligned with NCMEC for CSAM and includes published malware hash sets. Matches are rejected before they ever reach a share URL.

Every /u/ page exposes a report endpoint. Verified CSAM and malware reports trigger automated takedown within minutes. Copyright and spam reports are reviewed manually, with a 48-hour target turnaround.

quik.space is GDPR-aligned by construction. The default retention is short, every file is deletable from its share page by anyone with the link, and we collect no marketing profile. For written data-subject requests — access, erasure, portability, objection — email hello@quik.space. We aim to respond within 30 days, the GDPR statutory window.

Encryption in transit

All traffic to and from quik.space uses HTTPS (TLS 1.2 or higher). HSTS is enforced. The files themselves are stored in Supabase Storage with the provider's standard at-rest encryption. quik.space does not currently offer client-side end-to-end encryption — the platform operators can read file content if compelled by a valid legal request. For genuinely sensitive material, encrypt the file yourself before uploading.

Responsible disclosure

Found a security bug, an exposed share, a moderation bypass, or a privacy issue? Email hello@quik.space with reproduction steps. We acknowledge within 48 hours and aim to ship a fix within 30 days for high-severity issues. There is no formal bug bounty program yet, but meaningful reports are eligible for a discretionary thank-you.

Who can access your file

Retention defaults

Moderation

GDPR and data deletion

Encryption in transit

Responsible disclosure