Frequently Asked Questions

And answers about Cryptshare

General Questions

What is Cryptshare?

From the very beginning, we have designed Cryptshare as a secure digital transfer service.

As such, Cryptshare makes sure your data is protected at all points of risk on the journey from sender to recipient, meaning from the time it leaves the relative safety of your firewall until it reaches its intended destination.

When your data is in transit it is most at risk because this is precisely when it is most vulnerable to third-party attacks.

To secure your data exactly when it needs it most, Cryptshare has much more to offer than simply email security.

Powered by its many innovations, Cryptshare not only enables exchanges between individuals using email in a traditional way, but also facilitates communication for machine-to-machine and application-to-application use cases – challenges that every enterprise are facing.

How to use Cryptshare?

We recommend you to watch our video on YouTube to see how Cryptshare works.

How much does Cryptshare cost?

The price depends on several factors:

  • How many employees will use Cryptshare?
  • Would you like to make it easier for your employees to communicate securely using our Outlook or Notes integrations?
  • Do you want to automate processes and need access to the Cryptshare API?

Our SaaS solution, for example, offers smaller companies a somewhat limited functionality and starts at 5 EUR per user per month.

Learn more on our pricing page.


How is Cryptshare different than other transfer methods?

While keeping a high level of security, Cryptshare is much more intuitive and user-friendly that other methods for transferring large or secure information such as Email, S/MIME, FTP, S-FTP or portal solutions.

Cryptshare combines the following advantages:

  • No client software installation required – a browser is sufficient.
  • No special know-how required using the system – the user frontend is self-explanatory.
  • Attractive, intuitive and simple user interface that everybody can understand and that can be adapted to your corporate design.
  • No need to set up user accounts. No forgotten passwords, dead accounts or time-critical creation requests.
  • Full audit trail of all transfers. The senders will be informed about the status of their transfers. A log gives information about all transfers in a central place.
  • No dead files. Cryptshare deletes all transfer packages after a configurable number of days and thus cleans up itself.
  • Integration into Outlook and Notes can be used to further increase the ease of use.
  • No file size limits. Cryptshare can exchange files of any size.

Cryptshare is ideal for ad-hoc file transfers in the area of B2B or B2C communication, especially as external parties can send you confidential data without having to fulfill any pre-requisites.

How is Cryptshare different than other products and providers of services for web-based secure file transfer?

Cryptshare is characterized by the following advantages:

  • Cryptshare is under your control, in your data center or hosted as a private cloud service. It can be used as your company’s portal for exchanging your files with your partners. Cryptshare is not a public cloud-based file sharing solution but a business server product running under your control. This makes sure that sender and recipient have access to the Cryptshare server URL and are not blocked by their firewall or filter systems from accessing the system. Also you can be sure that no one can read your data but you. There is no backdoor for lawful interception as with many cloud services.
  • Consistent encryption without having to exchange certificates or software in advance.
  • No user accounts. No time-critical creation of accounts, no resetting of forgotten passwords, no deletion of unused accounts.
  • No cost for external users, no matter if they send or receive files.
  • No limits or costs for transfer volumes (apart from ISP cost).
  • No limits or costs for bandwidth (apart from ISP cost).
  • No storage cost in Cryptshare. Only the cost of physical storage you allocate applies.

How is Cryptshare for Outlook different from S/MIME or PGP?

Cryptshare for Outlook offers several advantages compare to S/MME or PGP:

Easier to use.

You can send a secure message ad-hoc to any recipient without any preparation. Recipients do not need to have an S/MIME or PGP installation, nor do you need to exchange public keys with them before you can communicate. They don't even need to have a Cryptshare installation, licence or user account. The only need to have an email address and you need to inform him on a separate way about the password that you have set for the message. In case you forget, the recipient automatically gets your contact details and can get in touch with you.

No size limit. 

S/MIME and PGP encrypt your email message, but do not help you with large file attachments. Typically, size limits apply either on your mail server, on the recipient's mail server or on the systems of email providers on the way. Often, these limits are as low as 10 or 20 MB. As a result, large files cannot be attached. With Cryptshare for Outlook, you can attach very large files to your message, up to multiple gigabyte. The files are not transported via email, but via your Cryptshare server, even taking the load off your and the recipient's email system. Only your system administrator can limit the size by configuration.

More security.

For technical reasons, S/MIME and PGP can encrypt the email body text, but not the subject line. With Cryptshare for Outlook, you can choose to also send the subject line encrypted if it contains confidential information. Thus, you protect yourself and your recipient from eavesdropping and social engineering attacks. Also, S/MIME and PGP use the same encryption keys every time you communicate. If the private key gets compromised, so is any communication you have encrypted with the corresponding key pair. Cryptshare uses another key for each communication between two parties.

More compliance and audit trail.

Cryptshare will inform you when your message has been delivered to the recipient and will keep a full audit trail about all communications. Your message will not be routed through a series of mail servers of which some are out of your control. Instead, your message is uploaded to your own, secure server and downloaded by the recipient straight from there, using latest transport and storage encryption technology. This allows to provide a full audit trail about all communications, notifications to the users e.g. about successful deliveries or attempts to attack the contents and takes away headaches with data protection legislation in many countries and industries.

How is Cryptshare for Outlook different than using cloud-based file sharing solutions?

One way to share large files with external contacts are cloud-based file sharing services. However, these cloud-based file sharing services often require the recipient to set up a user account, learn using a new interface or even install a piece of software on their device. 

Cryptshare for Outlook offers a way to exchange large files bidirectionally without having to meet any of these preconditions. Using Cryptshare for Outlook, you can just attach files of any size to your email message. It makes sure that the files are delivered to the recipient in a secure and auditable way without exceeding file size restrictions on the email server.
External contacts can not only respond to you, but can also initiate new large file transfers to you. When you receive an incoming communication containing files, you can choose to save the files to disk or import them into your Outlook inbox. Using warning thresholds and import size limits, the administrator can make sure that very large files can only be saved to disk, but not into the inbox.

Does Cryptshare for Outlook work with Office 365?

Cryptshare for Outlook can be used with any supported version of a local Outlook installation on your PC, no matter how Outlook has been licensed or purchased. This includes all Office365 plans where you can download and install Outlook on your computer. However, Cryptshare for Outlook is not yet available within the Outlook Web App (OWA).

Where can I download the installers of Cryptshare Server, Cryptshare for Outlook and Cryptshare for Notes?

Since we as a manufacturer of security technology are subject to certain regulations, we cannot make the files completely publicly accessible.

However, you can open a user account in our customer and partner area at any time and download the files afterwards.

Click here to visit our portal


Can the domain names registered in the license file be changed later on?

Yes, this is possible. Please send your change requests to your reseller or by e-mail to We will then provide you with a new license file which you can upload to your Cryptshare server. As soon as you have adjusted your policies accordingly, the new domains can be used. We reserve the right to charge for the issuing of a new license file.

Can the number of licensed domains be increased later on?

Yes, you can add more domains to your license key as long as these domains are owned by your company as well.

Please send your change requests to your reseller or by email to We will then provide you with a new licence file which you can upload to your Cryptshare server. As soon as you have adjusted your policies accordingly, the new domains can be used. We reserve the right to charge for the issuing of a new licence file.

Do external communication partners need an extra license?

No. External communications partner that communicate with you using your company's Cryptshare Server do not need to be licensed. Neither if you send information to them nor when they send information to you. Also, they don't need to create a user account or set up any software.

Is Cryptshare for Outlook included in our license?

The use of Cryptshare for Outlook requires an Business Licence Key to be installed on the Cryptshare Server. As a user, you cannot check whether or not Cryptshare for Outlook is licensed on your Cryptshare Server. However, your administrator can check the licence key as described in our admin documentation.

I have purchased a named user licence and would like to change the listed names. Is that possible?


I have purchased a named user licence and would like to change the listed names. Will there be a charge for this?

We reserve the right to charge for repeated requests of listed name changes.

Technology and Architecture

Which browsers are supported by Cryptshare?

Please find an up-to-date list of supported browsers here.

Which encryption technology is used by Cryptshare?

Cryptshare uses latest transport layer security (TLS) to protect the communication between clients and servers. The key length is depending on the SSL certificate you implement on your Cryptshare Server.

Files that are stored on the Cryptshare server are also encrypted. We use the AES algorithm with a key length of 256 bit. Each transfer is encrypted with an individual AES key. Cryptshare Server does not save passwords at any time.

The Cryptshare add-on products "Cryptshare for Outlook” and “Cryptshare for Notes” also use TLS for communication with the Cryptshare Server.

Where is the Cryptshare Server located? Is it hosted or is it in the cloud?

When you decide to use Cryptshare, you will have one (or many) Cryptshare Servers dedicated for your business. Employees of your business can use them to exchange their own files with their external communication partners. No third parties can use your Cryptshare Server(s) to communicate with each other.

You can run your own Cryptshare server(s) within your secure perimeter (e.g. within your DMZ). Or you can decide to have your Cryptshare Server(s) hosted by a hosting partner or Infrastructure-as-a-Service cloud provider of your choice.

In the meantime, Cryptshare is also available as a public cloud-based Sofware-as-a-Service.

Which user rights and settings are required to work with Cryptshare?

All you need to send and receive messages and files via Cryptshare is an email address and a browser. As Cryptshare uses Cookies, you need to set up your browser to accept Cookies. Apart from that, no further pre-requisites need to be met to be able to use Cryptshare.

Does Cryptshare make use of ActiveX-components?

No. Cryptshare does not use any ActiveX components.

Do I open a security leak by using Cryptshare in my company?

No. Cryptshare provides a series of security measures (e.g. SSL/TLS for transport security, AES 256bit for storage security, policy control, detailed logging, one-time passwords etc.). In addition, that, you can use third-party systems to further control the data streams such as Anti-Virus solutions or DLP solutions to scan the contents that are sent or received and block unwanted information from leaving or entering the business. Thus, Cryptshare provides compliance.

As Cryptshare fulfills all the communication needs of your users, is very easy to handle and provides control for your users, they will no longer go for shadow IT solutions to exchange large files.

So Cryptshare closes existing security holes by bringing your users on-board a well-controlled, auditable and secure communication solution with a maximum level of interoperability between you and your customers and partners.

Can I use Cryptshare on other hypervisors such as Citrix XEN?

Yes. We only provide pre-configured virtual appliances for VMware and MS Hyper-V,  but if you want to use another hypervisor than VMware or MS HyperV, you have the option to manually create a virtual machine using one of the operating systems supported by CryptshareDownload and install Cryptshare as software on that machine.

How large can a file transferred via Cryptshare be at maximum?

A file or a transfer package consisting of multiple files can have any size. There is no technical limit in Cryptshare other than limitations of the server hardware for storing the file.

Although there is no technical limit for the size of files transferred via Cryptshare, we suggest to set a size limit which reflects the performance limits of your current IT infrastructure.

The size limit for Cryptshare transfer is not static. Using the Cryptshare policy, you can set individual size limits for certain sender/recipient combinations and tailor Cryptshare to meet different use cases of different user groups in your business.

Is it possible to run multiple Cryptshare Servers in my company?

Yes. You can run as many Cryptshare servers as you want without any additional licence cost as the licence is per mailbox, not per server. This way, you can set up for example a Cryptshare Server for each country or continent your company is represented in.

Can logging information of a Cryptshare server be imported into a log management system?

Yes. The log data are stored in a database on the Cryptshare Server. It is possible to export the log data into central log management / SIEM systems for further processing using the LogBack library.

Does the file storage take place in an encrypted area of the file system or is every file encrypted individually?

Every transfer package is encrypted individually. The key is derived from the password set by the user. As a result, each transfer residing on the Cryptshare Server is encrypted with another key which grants a high level of security. The keys are not stored on the Cryptshare Server. Only the sender is in control of the password and thereby of the encryption key.

What are the prerequisites for operating Cryptshare for Outlook?

To be able to use Cryptshare for Outlook, you need to have

  • A Cryptshare Server to connect to. That could be the Cryptshare Server of your own business or of your communication partner's business. The Cryptshare Server needs to be licensed and configured for the use of Cryptshare for Outlook.
  • A local Microsoft Outlook installation (see list of supported Outlook clients)
  • An installation of the Cryptshare for Outlook Add-In on your PC. You can obtain the Add-In from the Cryptshare Server's administrator.

System Requirements

Click here for a full detailed list of system requirements.

Does Cryptshare for Outlook support my Outlook version?

In general, we support all Microsoft Outlook versions which are still supported by Microsoft as well. To check if your MS Outlook version is on the list, please refer to the list of supported Outlook versions

Does Cryptshare for Outlook work with Apple Mac?

No. There is no version of Cryptshare for Office for Mac Apple/Macintosh available at the moment.

Is there a Cryptshare app for smartphones and/or tablets?

No. There are no iOS or Android apps available at the moment. Please get in touch with us, if you have a need for this.

Why is Cryptshare for Outlook secure?

Cryptshare for Outlook

  • Secures the transport of your data between your computer and the Cryptshare Server as well as between the Cryptshare Server and the recipient's computer using the latest transport layer security (TLS) standards.
  • Secures the files using strong AES-256bit encryption while they reside on the Cryptshare Server using one-time encryption keys for each transfer which are not stored on the server, but can only be generated by you or the recipient in terms of entering the correct transfer password.
  • Automatically removes data from the server after a defined interval.
  • Performs a virus check of all contents you send or receive via Cryptshare.
  • Detects unauthorized attempts to download data and reacts by blocking or deleting the contents from the server and informing you about the incident.
  • Keeps a full audit trail of the data you send and receive, including IP addresses of senders and recipients.
  • Notifies you about successful and unsuccessful delivery.
  • Puts you in control over your data at any time.

Is Cryptshare for Outlook compatible with other Outlook Add-Ins

There is a large number of MS Outlook Add-Ins on the market interacting with Outlook contents in different ways. Cryptshare for Outlook is designed to be as compatible as possible to any other Outlook Add-In. However, testing it in combination with all of them in different versions and configurations is impossible.

The best way to verify compatibility for your environment is to register for a trial on our hosted demo server and use and test Cryptshare for Outlook in your environment. Of course you can also get in touch with our support team to find out if there any known issues or incompatibilities with the Add-Ins you use.

I am not using MS Exchange. Can I still use Cryptshare for Outlook?

Yes. Cryptshare for Outlook works on any supported MS Outlook Client, no matter if this MS Outlook client is connected to an on-premise MS Exchange Server, a mail server in the cloud (including MS Exchange 365) or any POP/IMAP/SMTP mail server on-premise, hosted or in the cloud.

Do I have to make any changes on my mail server?

No. Relaying has to be activated, if you use Microsoft 365.


Can file exchange take place in both directions, i.e. outbound and inbound?

Yes. You can exchange files in both directions. Neither your employees nor their communication partners need to install software, exchange certificates or set up user accounts in advance. No matter if the transfer is inbound or outbound – the sender opens the URL of the Cryptshare server in his browser and is guided through a few easy, self-explanatory steps.

Thus, anybody can send messages or files securely without having to involve IT staff in advance.

The Cryptshare license covers communication with any number of external contacts, no matter if these use the system as recipients or senders.

To make Cryptshare even easier and more comfortable to use, we offer integration into MS Outlook and HCL Notes. These allow the confidential sending and receiving of confidential messages or large files straight from your email client.

Can I use Cryptshare to exchange files with any number of communication partners?

Yes. You only need to license the number of email accounts within your own email domain(s). The number of external contacts you communicate with is not relevant for the license price.

It does not matter for the license if the external users are sending or receiving information.

Is there a log where I can see which files have been provided and downloaded when and by whom?

Yes. The sender of a transfer gets an email that informs about the download of a file transfer. Also he is notified if the download expires without having been downloaded. In addition to that, there is a central log file that only administrative users can access. You can configure logging options to keep track of the details you want to see and hide those you don’t want to log.

It is possible to log the point in time when up- or downloads have been made, the sender and recipients’ IP and email addresses, filenames and sizes as well as texts and subjects entered by the users.

Can I send multiple files in one transfer?

Yes. You can send any number of files per transfer.

Can I send one transfer to multiple recipients?

Yes. You can enter any number of recipients per transfer.

How is the password exchanged with the recipient of the transfer?

We suggest exchanging the password on a separate way, e.g. by telephone, SMS or by agreement in advance. 

If you use Cryptshare for Outlook, you can also send the password automatically via SMS if a compatible SMS gateway is connected. 

The recipient receives the sender’s contact data as part of the notification message. He can get in touch with the sender to ask for the password if he does not know it already.

Cryptshare itself does not store the password at any time.

What happens if I send a file to a wrong recipient or if I send the wrong files?

You can revoke a transfer anytime.

Can a transfer still be cancelled if the files are already uploaded to the Cryptshare server?

Yes, this is possible. As the sender, you can revoke transfers at any time via "revoke transfer". In addition, system administrators can delete transfers directly from the Cryptshare Server.

Besides that, Cryptshare password protection will still keep your file safe. To be able to download the file, the recipient needs to know the password and get in touch with you to ask for it. Until you authorize the recipient by giving the password to them, the files cannot be downloaded. The download link without the password is of no value for a wrong recipient. Cryptshare only accepts a very limited number of unauthorized download attempts and will then either block access or erase the files from the server and notify the sender about the incident.

How long does a file transfer take?

The duration of a file transfer is depending on the network speed between the participants, i.e. the sender, the Cryptshare Server and the recipient, as well as from the file size and the reaction speed of the recipient.

Files are uploaded to the Cryptshare server first. When they have completely arrived, a download notification will be sent automatically to the recipient. As soon as the recipient downloads the files, the transfer is complete.

Can Cryptshare scan files for viruses when being transferred?

Yes. There is a possibility to embed a virus scanner into the Cryptshare Server that can be called using a command line. Our appliances are pre-packaged with a virus scanner. If you install Cryptshare on your own server, you are free to choose which virus scanner you want to use.

Will files be compressed automatically during a transfer?

An automatic compression of the files during the transfer does not take place.

How do I keep track of the transfer passwords I used?

Using Cryptshare for Outlook, you can set a password or have a password auto-generated for each message you want to send securely. Ideally, you should use passwords which are not trivial. But we all know that it is hard to remember passwords which are not trivial. Cryptshare for Outlook solves this problem for you. The upload manager sidebar will keep track of all the passwords that you have set manually or have had auto-generated by Cryptshare. If a recipient calls you and asks for the password, all you need to do is look up the password in the upload manager. The password history will remember the passwords for all transfers which are still available on the server for download and auto-delete older ones.

The passwords are stored encrypted in your local user profile on your computer. To restrict access to passwords, you will be asked for your Windows login password the first time you start Outlook.

Which content can be sent using Cryptshare for Outlook?

Using Cryptshare for Outlook, you can exchange confidential email messages, very large files or both with your external contacts. Where file sharing solutions typically only allow you to exchange large files and email encryption solutions can only handle attachments up to a certain size, Cryptshare for Outlook solves both issues for you at once.

What is the maximum file size I can send?

Technically, there is no size limit in Cryptshare, so you could potentially send files of any size. However, there are limits that the administrator can (and probably will) set. These limits do not apply per user, but per sender/recipient combination, so they could be different when sending to recipient A or B. This will allow the administrator to tailor the file size to the use case. For example, you might be able to send very large files to somebody in the marketing department that deals with hi-resolution images and videos, but will see a lower limit when sending to HR.

Even though you can send very large files out of MS Outlook now, you don't need to worry about the size of your mailbox. There are warning thresholds and file size limits that allow to customize the solution so that only files up to a certain size can be kept as email attachments in inbound or outbound messages. Larger files can only be saved to disk.

Will using Cryptshare for Outlook increase the size of my mailbox?

No. The benefit of Cryptshare is that you can send very large file attachments, but these attachments are no longer handled by your email server. Also, they don't necessarily stay attached to the messages in your mailbox. Administrators can define limits beyond which file attachments are automatically detached from sent or received messages and replaced by links to the location in the file system.

As a result Cryptshare reduces the space consumption on the mail server and makes it very easy for users to find the files which were sent or received in the message. 

What is Cryptshare QUICK Technology and how does it help me?

The QUICK Integrated Cryptshare Key considerably simplifies the use of Cryptshare!

Instead of having to exchange one-time passwords manually, QUICK will take care of password management for you.

You won't have to deal with passwords anymore and can send and receive information with passwordless security.

Learn more about the revolutionary QUICK Technology now.


Is there a possibility to control access to Cryptshare by creating user groups?

The Cryptshare policy allows controlling access to Cryptshare by black- or whitelisting using regular expressions against email addresses, email domains, LDAP users, LDAP groups, IP addresses and IP address ranges. Thus you can control on any desired level of granularity who can use the system and who cannot. Actually, you do not only grant access to certain users or groups, you can even control who they can communicate with and who they can not.
We currently support Microsoft Active Directory and HCL Domino Directory as LDAP directories.

Can the retention period of the files be varied?

Yes. Administrators can set a maximum retention period for transfers. For each transfer, the user can modify the retention period to a value within the limits set by the administrator.

The retention time limits set by the administrator can be defined in policy rules. This means that you can set different maximum retention times for different sender/recipient combinations. For more details, please refer to our documentation on Policy Settings.

Is there a possibility to apply a content filter on the files that are being transferred via Cryptshare?

Yes. Using third-party content filters / reverse proxy servers that are able to scan SSL/TLS traffic on port 443, the data stream from/to the Cryptshare server can be monitored by this filter as well.

Is there a possibility to archive files and emails that are being transferred via Cryptshare?

Yes. Click here to learn more about the Archiving and DMS Interface of Cryptshare.

Is Cryptshare GDPR/DSGVO/AVG, NTA7516, CCPA, FIPS140-2, HIPAA etc. compliant?

Cryptshare has a strong encryption and will help you to be compliant with standards like GDPR/DSGVO/AVG, NTA7516, HIPAA or CCPA.

Our development approach is to continuously develop and improve our product Cryptshare.
Customers benefit from this model because they are always entitled to the latest and best version of Cryptshare.

A certification of a product with the scope of Cryptshare would take several months to complete and would only apply to exactly the version that has been certified.

Any changes to that version would require a re-certification of parts or even of the complete solution, causing similar effort.

As Cryptshare is a web application, we provide minor fixes and updates on a regular basis. This is done to react on recent security threats becoming known in technology components that we use as well as to react on new developments like updated browser versions or technologies. Unfortunately, this frequent update policy is contradictory to a certification approach. Apart from the implications on our release cycles, the cost for a continuous recertification cycle would demand us to increase license costs significantly.

As a result, Cryptshare is currently not certified at any level of the Common Criteria.

We have customers in many security-relevant industries such as banking, insurance, public sector, utilities, defense etc. who are using Cryptshare after having assessed product security on their own. In addition to internal automated and manual security reviews, we also encourage all our customers to share feedback from security checks and assessments with us to constantly keep product security on a high level.

We do not regard security as a one-time achievement, but as a constant process.


How do I install Cryptshare? Can I install Cryptshare on my own?

We provide Cryptshare as pre-configured Virtual Appliance that you can take live in no time.
Alternatively, Cryptshare can be installed very easy on any supported operating system using automated installation routines.

For our email integration products, several methods for automatic large scale roll-outs exist.

Do I need an SSL certificate and if so which one?

Yes. You do need an SSL certificate to allow encrypted transfer between the users and the Cryptshare Server. The certificate is not part of the Cryptshare license and needs to be obtained separately by you. There is a self-created certificate pre-installed on the Cryptshare Server when it is shipped to you. However this certificate is only provided to secure your access to the system during first-time configuration and should be replaced by a commercial certificate as soon as possible.

There are no specific requirements for the SSL certificate. Technically you can take any certificate from any provider.

We suggest to take the following into consideration though:

  1. Choose a provider that issues certificates from a Certificate Authority that is known to the browsers that your users want to use. You can see the list of known Certificate Authorities in the browsers. This makes sure that visitors of your Cryptshare Server will not see any security warnings when using the site.
  2. Depending on the provider, there may be additional options you can book or buy for your SSL certificate. In terms of encryption, no additional options are required to use Cryptshare. The simplest SSL certificate will do. However you can use any additional options without any problems as well if you wish.
  3. SSL certificates not only provide encryption, they also provide authenticity. You might want to go for additional certificate options (e.g. EV - Extended Validation) to increase the trust of your users into the authenticity of your certificate.

Please note: you need a separate SSL certificate for each (sub-)domain you want to use. So if you want to use an additional web site or web application on the same machine, you need multiple SSL certificates or a so-called wildcard certificate that covers all possible subdomains of a main domain.

What are the prerequisites for operating Cryptshare?

An overview on our system requirements you will find below. 

Which languages are supported?

Out of the box, we provide language packs for several languages such as Dutch, English, French, German, Italian, Spanish, Swedish, Portuguese and Ukrainian

The latest language packs can be found on

It is also possible to modify or create language packages. Information on this can be found at:

Can I change the User Interface Design of Cryptshare for Outlook?

Yes, details on customizing Cryptshare below