diff --git a/client/certificates.go b/client/certificates.go
index 4284c91..1981ccc 100644
--- a/client/certificates.go
+++ b/client/certificates.go
@@ -52,7 +52,7 @@ func (cs *CertificateStore) Pin(name, fingerprint string) error {
 		Fingerprint: fingerprint,
 	}
 
-	file, err := os.OpenFile(cs.path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+	file, err := os.OpenFile(cs.path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
 	if err != nil {
 		return err
 	}
diff --git a/server/protocol.go b/server/protocol.go
index 558dbb7..9194796 100644
--- a/server/protocol.go
+++ b/server/protocol.go
@@ -232,10 +232,10 @@ func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) {
 	name := filepath.Base(part.FileName())
 
 	if _, err := os.Stat("files"); os.IsNotExist(err) {
-		os.Mkdir("files", 0755)
+		os.Mkdir("files", 0700)
 	}
 
-	target, err := os.OpenFile(filepath.Join("files", name), os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
+	target, err := os.OpenFile(filepath.Join("files", name), os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)