diff --git a/.gitignore b/.gitignore
index 276e4bd..f07eab2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,4 +9,5 @@ worker/
 node_modules/
 .cargo-ok
 wrangler.toml
-config.json
\ No newline at end of file
+config.json
+config.insecure.json
\ No newline at end of file
diff --git a/config.insecure.json.example b/config.insecure.json.example
new file mode 100644
index 0000000..1306ec8
--- /dev/null
+++ b/config.insecure.json.example
@@ -0,0 +1,5 @@
+{
+  "comments": "This file contains configuration that will be load into the browser frontend. See src/util.coffee for details.",
+  "max_upload_size": 10485760,
+  "file_lifetime": "7 days"
+}
\ No newline at end of file
diff --git a/src/util.coffee b/src/util.coffee
index 1a7ae42..274f3dd 100644
--- a/src/util.coffee
+++ b/src/util.coffee
@@ -1,7 +1,16 @@
+import configInsec from "../config.insecure.json"
 import { detect as detectBrowser } from 'detect-browser'
 
+# The following two items are read from `config.insecure.json`
+# These configuration will be load into the frontend, so make sure
+# no sensitive information is leaked through the json
 # Maximum upload size (in bytes)
-MAX_UPLOAD_SIZE = 10 * 1024 * 1024 # 10 MB
+MAX_UPLOAD_SIZE = configInsec.max_upload_size
+# File lifetime (deleted after X days)
+# This is only intended for human, any auto-deletion
+# should be configured in your S3 bucket
+FILE_LIFETIME = configInsec.file_lifetime
+
 # Maximum file name length
 MAX_FILENAME_LENGTH = 255 # bytes
 
@@ -91,5 +100,6 @@ export {
   isText,
   progressText,
   humanFileSize,
-  MAX_FILENAME_LENGTH
+  MAX_FILENAME_LENGTH,
+  FILE_LIFETIME
 }
\ No newline at end of file
diff --git a/src/web/helpButton.coffee b/src/web/helpButton.coffee
index 8b89905..94ae5fb 100644
--- a/src/web/helpButton.coffee
+++ b/src/web/helpButton.coffee
@@ -19,7 +19,7 @@ class HelpButton extends React.Component
           There is <strong>absolutely no guarantee</strong> on its functionality, security and reliability.
         </p>
         <p>
-          <strong>Maximum file size: {util.humanFileSize util.MAX_UPLOAD_SIZE}</strong>, all uploads are kept for <strong>7 days</strong> only.
+          <strong>Maximum file size: {util.humanFileSize util.MAX_UPLOAD_SIZE}</strong>, all uploads are kept for <strong>{util.FILE_LIFETIME}</strong> only.
         </p>
         <p>
           File uploads with <strong>"Encryption: ON"</strong> are encrypted with <i>AES-128-GCM</i> before uploading to server.