The Question Nobody Asks But Absolutely Should
You upload a confidential document to a file sharing service. You share the link with a colleague. They download it. The link expires after seven days. And then... what?
Most people assume the file is deleted. Gone. Vanished into the digital ether. But assume is the operative word here. The truth about what happens to expired files is more nuanced, more varied between services, and more important for your privacy than most users realize.
We researched the publicly documented practices of major file sharing services, examined the technical realities of file deletion at scale, and explored the legal frameworks that govern data retention. Here's what we found.
Why File Expiry Exists in the First Place
Before examining what happens after expiry, it's worth understanding why file sharing services implement expiry at all. There are four primary drivers:
Privacy & Security Hygiene
A shared link that never expires is a security liability. It can be forwarded, posted, indexed by search engines, or discovered through brute force. Time-limited links reduce the window of vulnerability. This isn't just best practice — it's fundamental security hygiene.
Storage Costs
File storage isn't free. At cloud scale, storing petabytes of user-uploaded files that nobody will ever access again represents real infrastructure cost. Services that offer free transfers need some mechanism to reclaim that storage, and time-based expiry is the most user-transparent approach.
Legal Compliance
Data protection regulations like GDPR in Europe establish principles of data minimization and storage limitation. Keeping files indefinitely without a legitimate purpose can violate these requirements. Expiry policies help services demonstrate compliance.
User Expectation Management
Most users upload files for a specific, time-bound purpose: sending a document to a colleague, sharing photos with family, delivering work to a client. Permanent storage isn't what they're asking for. Expiry aligns the service behavior with actual user intent.
What Actually Happens When Files Expire
When a file sharing link hits its expiration date, several things can happen depending on the service's technical architecture. Understanding these patterns helps you make informed choices about which services to trust with sensitive material.
Pattern 1: Immediate Deletion
Some services delete expired files immediately when the expiry timestamp passes. Technically, this means a rm command (or equivalent) is executed against the file object in storage. The file is unlinked from the filesystem and its space becomes available for reuse.
Caveat: Even "immediate" deletion doesn't mean the bits are overwritten. On most storage systems, deleted data remains on disk until overwritten by new data. For truly sensitive information, this distinction matters.
Pattern 2: Delayed Garbage Collection
Many services don't delete files individually as they expire. Instead, they mark files as "expired" and run batch deletion jobs periodically — every few hours, daily, or even weekly. During this window, technically expired files may still exist on disk and could potentially be recovered.
This approach is common because running individual deletions for millions of expiring files would create massive I/O load. Batch processing is more efficient operationally but creates a gap between "expired" and "actually gone."
Pattern 3: Backup Retention
This is the one most users don't consider. Even if a service deletes a file from their primary storage, they may retain backups for disaster recovery purposes. Those backups could contain your "deleted" file for days, weeks, or months — sometimes longer, depending on the backup retention policy.
Few services publicly document how long expired files persist in backup systems. This is an area where transparency varies dramatically between providers.
Pattern 4: Log Retention After File Deletion
Even after the file itself is deleted, most services retain metadata logs: who uploaded it, when, the filename, file size, IP addresses involved, and download activity. These logs serve legitimate purposes — abuse detection, troubleshooting, legal compliance — but they mean that traces of your file transfer persist even after the file itself is gone.
Service-by-Service: What's Documented vs Unknown
We reviewed publicly available documentation from major file sharing services. Here's what we found:
WeTransfer
Free tier: Files are available for 7 days. WeTransfer states that files are "permanently removed" after this period. Their documentation uses definitive language about permanent removal, though the technical specifics of their deletion process aren't public.
Paid tier (WeTransfer Pro/Portal): Extended storage options are available with customisable expiry settings. Portal users have significantly more control over how long files remain accessible.
What we don't know: Whether WeTransfer retains backups containing expired files, and the exact timing/mechanism of their deletion process.
Dropbox
Documented policy: Dropbox maintains version history for files for 30 days (or 120 days for Plus/Business users) even after a share link has expired or been disabled. If someone has the direct file URL and the file still exists in your Dropbox, they may still be able to access it depending on permission settings.
Key insight: Dropbox's model is fundamentally different from dedicated file transfer services because uploaded files persist in your account indefinitely unless you manually delete them. Link expiry only affects the share link, not the underlying file.
Trash retention: Deleted files remain in the Trash for 30 days before permanent deletion, providing a recovery window.
Google Drive
Documented policy: When you delete a file in Google Drive, it moves to Trash where it stays for 30 days before being permanently deleted. Google's documentation confirms this timeline. Files in Trash don't count toward storage quota but are recoverable during this window.
Share link behaviour: Disabling a share link prevents new access, but if someone already has the file open or cached, behaviour can vary. Google's documentation notes that revoking access should take effect quickly but doesn't specify exact timing.
Backup systems: Google maintains extensive backup and redundancy systems across multiple data centers. While not specifically documented for consumer Drive accounts, enterprise data resilience practices suggest multi-layered backup strategies that could extend data persistence beyond the stated deletion timeline.
QuickUpload's Approach
QuickUpload implements immediate file deletion upon expiry with verifiable removal. When a transfer expires, the file is purged from active storage without relying on delayed garbage collection cycles. Users can verify that their shared links have expired and files are no longer accessible.
For detailed information on QuickUpload's expiry controls and data handling practices, see our features page or visit the FAQ section for answers to common questions about file expiration.
The "Permanent Storage" Myth
Here's an uncomfortable truth: nothing stored online is truly permanent, and conversely, nothing deleted online is guaranteed to be gone forever.
Cloud providers operate complex, distributed storage systems with multiple layers of caching, replication, backup, and CDN distribution. A file you upload might exist simultaneously across multiple servers, in multiple geographic regions, in backup snapshots, and in edge cache nodes. Deleting "the file" means deleting all of these copies — and verifying that deletion is extremely difficult from outside the system.
This isn't meant to alarm you unnecessarily. For the vast majority of use cases — sharing work documents, personal photos, project files — standard file sharing services provide adequate privacy. But if you're handling genuinely sensitive material (legal documents, medical records, financial data, trade secrets), understanding these limitations matters.
Legal Frameworks Governing File Deletion
GDPR: Right to Erasure (Article 17)
The European Union's General Data Protection Regulation establishes a "right to erasure" (sometimes called the right to be forgotten). Data subjects can request deletion of their personal data, and organizations must comply within specific timeframes (generally 30 days) unless a legal basis for retention exists.
For file sharing services, this means they must be technically capable of deleting user data upon request and must have processes in place to handle such requests. It also means that indefinite retention of expired files without purpose could violate GDPR's storage limitation principle.
Practical implication: Services operating in or serving EU users must have genuine deletion capabilities, not just cosmetic "expiry" that leaves data intact behind the scenes.
HIPAA Considerations
For healthcare-related file sharing, HIPAA (in the United States) requires that protected health information (PHI) be disposed of properly when no longer needed. This includes audit logging requirements — you must be able to track what happened to PHI, including its eventual disposal.
HIPAA doesn't mandate specific deletion timelines but does require that covered entities and business associates implement reasonable safeguards for data disposal. Standard consumer file sharing services generally aren't HIPAA-compliant without additional agreements and configurations.
Data Retention Laws
Certain jurisdictions require organizations to retain specific types of data for defined periods — often for law enforcement or regulatory purposes. These requirements typically apply to metadata (logs, transaction records) rather than file content, but the interaction between mandatory retention laws and user expectations of deletion creates tension.
In practice, most file sharing services can comply with both deletion requests AND legal retention requirements by separating file content (which gets deleted) from metadata logs (which may be retained per legal requirement).
How to Ensure Your Files Are Actually Gone
If you need confidence that a shared file has been truly deleted, here are verification approaches:
Test the link yourself. After expiry, try accessing the share link. A proper implementation will return an error message indicating the link has expired or the file is unavailable.Contact the service directly. For sensitive deletions, reach out to customer support and request confirmation of deletion. Some services can provide verification for compliance purposes.Use services with transparent policies. Choose providers that publicly document their deletion practices rather than burying them in vague terms of service language.Consider encryption before upload. The strongest guarantee of deletion is encrypting files client-side before uploading. If you hold the encryption key and delete your local copy, the encrypted file on the server is useless regardless of whether it's actually deleted.
Best Practices for Setting Expiry Dates
Setting the right expiry duration is a balancing act:
Too short (1-2 days): High risk of recipient missing the window, especially across time zones or busy schedules. Leads to re-uploads and frustrated clients.Too long (90+ days): Extends the security risk window unnecessarily. Links get forgotten, forwarded, or discovered long after the intended sharing context has passed.Sweet spot (7-14 days): Provides ample time for recipients to download while maintaining a reasonable security boundary. Most professional file sharing happens within this window anyway.Context-dependent: Adjust based on urgency. Time-sensitive press materials might need 24-48 hours. Archive handoffs for long-term projects might warrant 30 days.
The Backup Paradox
Here's the philosophical question at the heart of all this: if a cloud provider maintains backup systems for disaster recovery, is anything ever really deleted?
The honest answer: probably not immediately, and possibly not completely. Enterprise-grade backup systems often maintain point-in-time recovery snapshots that could theoretically be used to restore "deleted" data. Tape backup systems, still used by some providers for cold storage, might retain data for months or years.
What protects users isn't perfect technological deletion — it's access control. Even if data persists in a backup somewhere, it should be inaccessible through normal channels, protected by authentication, authorization, and audit controls. The goal isn't necessarily to make bits disappear instantly; it's to ensure deleted data cannot be reasonably retrieved or accessed.
This is why regulatory frameworks like GDPR focus on both deletion capability AND access restriction. Both matter.
Conclusion
File expiry is more complex than a simple countdown timer. Behind every expired link is a chain of technical processes, backup systems, log retention policies, and legal obligations that determine what actually happens to your data.
Our recommendations: Choose services with clear, documented deletion practicesSet appropriate expiry times for your use caseUse password protection for sensitive sharesConsider client-side encryption for highly confidential materialUnderstand that "deleted" and "unrecoverable" aren't always the same thing
At QuickUpload, we believe transparency about data handling builds trust. Our expiry control features give you full visibility into your transfer lifecycle, and our privacy policy clearly documents how we handle your data. Because you deserve to know what happens to your files — even after the link expires.
Have questions about QuickUpload's data practices? Check our comprehensive FAQ for detailed answers about file expiration, security, and privacy.