Download Limits, Abuse Reports & Rate Limiting: Protecting Your Transfers
SecureEU Team
Privacy & Security
Encryption protects the contents of your files — but what about who can access them, how often, and what happens when someone misuses a link? SecureEU now ships three features that give you and the platform itself a robust layer of access control and abuse prevention: download limits, abuse reporting, and automatic rate limiting.
Download Limits: Control How Many Times Your Link Works
Every transfer on SecureEU now supports an optional maximum download count. Once you've uploaded your files and received the download link, you can set a limit — anywhere from 1 to 1,000 downloads. After that many successful downloads, the link stops working. Set it to 0 (the default) for unlimited downloads until the link expires.
🔢 How Download Limits Work
- Set a max between 1 and 1,000 — or leave at 0 for unlimited
- The download counter is tracked server-side — it can't be spoofed
- Once the limit is reached, the download page shows a "limit reached" message
- Works alongside password protection and link revocation for layered security
This is especially useful when you need to send a file to exactly one person. Set the limit to 1, and even if the link is forwarded or leaked, nobody else can download the file. Combined with password protection, you get two independent barriers — the link and the password — each of which must be satisfied.
When to Use Download Limits
| Scenario | Recommended Limit |
|---|---|
| Sending a contract to one person | 1 download |
| Sharing files with a small team | 5–10 downloads |
| Distributing a report to a department | 50–100 downloads |
| Public or semi-public sharing | 0 (unlimited) |
Abuse Reporting: EU-Compliant Content Takedown
Any encrypted file-sharing service can be misused. Unlike platforms that ignore the problem, SecureEU provides a clear, accessible abuse-reporting mechanism — because EU law requires it.
Every download page includes a "Report abuse" link that takes the reporter to a dedicated form at
/report/{batchId}. The reporter describes the
issue (minimum 10 characters, maximum 2,000) and optionally provides a contact email. The report is logged with a timestamp and
the reporter's IP address for accountability.
🛡️ Abuse Report Safeguards
- Duplicate prevention — one report per IP per batch ID
- Batch verification — the system confirms the transfer exists before accepting a report
- Admin review queue — reports are flagged as unreviewed until an admin takes action
- Rate-limited — maximum 5 reports per IP per hour to prevent spam
This matters for compliance. Under the EU's Digital Services Act (DSA) and GDPR, platforms hosting user-generated content must provide a mechanism for reporting illegal material. Our abuse system ensures SecureEU can respond promptly while maintaining the zero-knowledge guarantee: we can remove encrypted blobs from storage even though we can't read them.
Rate Limiting: Automatic Protection Against Abuse
Behind the scenes, SecureEU applies IP-based rate limiting to every sensitive endpoint. This isn't something you configure — it's always on, protecting you and the platform automatically.
⏱️ Rate Limits by Endpoint
| Action | Limit | Window |
|---|---|---|
| Initiate upload | 20 requests | 1 hour |
| Send email | 10 requests | 1 hour |
| Submit abuse report | 5 requests | 1 hour |
| Contact form | 5 requests | 1 hour |
The rate limiter uses a sliding window algorithm — it tracks the timestamps of your recent requests and counts how many fall within the window. This is more accurate than a fixed-window approach and prevents burst attacks at window boundaries.
If you exceed the limit, you'll receive a 429 Too Many Requests response with a
Retry-After header telling you how long to wait.
Stale entries are periodically evicted from memory so the system stays lean even under heavy traffic.
How These Features Work Together
Each feature addresses a different vector:
- Download limits — restrict who can access your files after they're shared
- Abuse reports — enable takedown when content violates the law
- Rate limiting — prevent automated misuse of the platform itself
Combined with password protection, link revocation, custom expiry, and end-to-end encryption, SecureEU gives you a complete toolkit to share files securely while maintaining full control over access.
Available on Every Transfer
Download limits are available on all transfers — free and paid. Abuse reporting is accessible from every download page. Rate limiting is always active, with no configuration required. These aren't premium add-ons; they're part of the platform's security baseline.