ReFile/ Denoise Labs
PricingDocs
Sign inGet started

Security & Trust

What we promise about your files

ReFile sees a lot of your files. We've kept the system small on purpose so we can explain — concretely, not generically — where your data goes, what touches it, and when it disappears. The source is public on GitHub so anything below can be verified, not just trusted.

Where your files run

Every conversion runs inside an ephemeral Modal sandbox — a per-job Linux container with no persistent disk, no other tenants, and no network access except to fetch your input file and return the output.

When files are deleted

Inputs and outputs are deleted automatically 24 hours after creation. There is no archive, no backup, no cold tier. This is enforced by a cron, not a promise — once the timer fires, the bytes are gone.

What the AI sees

The Groq LLM that picks the tool only sees your text prompt and the filenames involved. It never sees the file contents. The sandboxed worker is the only system that touches your actual bytes.

What we store, what we don't

We retain your prompt history and the generated command (so you can re-run it). We do not retain the converted files past 24 hours. We never store your file contents in any analytics, log, or training pipeline.

Commands are visible before execution

Every job records the exact command we plan to run on your file. The history page shows it. Nothing executes in a black box — if the AI proposes something you don't expect, you'll see it.

No ads, no resale, no training

Your files, prompts, and outputs are never used to train AI models, sold to advertisers, or shared with third parties for any purpose other than running the conversion you asked for.

How one conversion actually flows

  1. 1You upload a file. It lands in Convex storage encrypted at rest, accessible only via a short-lived signed URL we mint for you.
  2. 2Your text prompt + filenames (not the file bytes) go to a Groq-hosted LLM, which proposes a single command to run. That command is saved to your history before anything executes.
  3. 3A fresh Modal sandbox is spun up just for this job. It downloads your file via the signed URL, runs the command, writes the output back to Convex, and shuts down. No state survives the run.
  4. 4You download the output. 24 hours later, the cleanup cron deletes both your input and the output from storage. The history row stays (prompt + command), but the files are gone.

Operational details

Encryption everywhere

All traffic is TLS 1.2+. Files at rest are encrypted by the storage provider. Session cookies are HTTP-only and signed.

Sign-in scopes are minimal

Google sign-in requests basic profile and email only. ReFile cannot read your Drive, Gmail, or anything else on your Google account.

Delete on demand

You can delete any chat or your entire account at any time from Settings. Account deletion removes every chat, prompt, and stored command — files are already gone after 24h.

Reporting a vulnerability

Please email security@denoiselabs.com with steps to reproduce. Do not publicly disclose until we've had a reasonable window to fix the issue (typically 30 days). We do not currently run a paid bounty, but we credit reporters of valid issues.

ReFile's code is public. If a claim on this page doesn't match what the code actually does, that's a bug — please file it.

View source on GitHub
Terms of ServicePrivacy Policy← Back to ReFile
ReFile

AI-native file automation. Describe the outcome, drop the file, get the command and the result.

A Denoise Labs product

Product

  • Convert
  • Chat
  • Pricing
  • Changelog

Popular conversions

  • All conversions
  • PDF → JPG
  • HEIC → JPG
  • Word → PDF
  • MOV → MP4
  • Compress PDF
  • Compress video

Resources

  • Docs
  • Developers
  • Community
  • Status
  • GitHub

Legal

  • Terms
  • Privacy
  • Security

Contact

  • Email
  • Support
© 2026 ReFile · A Denoise Labs productBuilt for people who like commands as much as outcomes.