diff --git a/backend/src/index.js b/backend/src/index.js
index 11d9887..438c8f2 100644
--- a/backend/src/index.js
+++ b/backend/src/index.js
@@ -8,6 +8,7 @@ const previewRoutes = require('./routes/preview');
 const userRoutes = require('./routes/user');
 const searchRoutes = require('./routes/search');
 const batchRoutes = require('./routes/batch');
+const trashRoutes = require('./routes/trash');
 const errorHandler = require('./middleware/errorHandler');
 
 const app = express();
@@ -24,6 +25,7 @@ app.use('/api/preview', previewRoutes);
 app.use('/api/user', userRoutes);
 app.use('/api/search', searchRoutes);
 app.use('/api/batch', batchRoutes);
+app.use('/api/trash', trashRoutes);
 
 app.use(errorHandler);
 
diff --git a/backend/src/routes/trash.js b/backend/src/routes/trash.js
new file mode 100644
index 0000000..a9a774d
--- /dev/null
+++ b/backend/src/routes/trash.js
@@ -0,0 +1,87 @@
+const express = require('express');
+const db = require('../db');
+
+const router = express.Router();
+
+// Get trashed files
+router.get('/', (req, res) => {
+  const token = req.headers.authorization?.replace('Bearer ', '');
+  if (!token) return res.status(401).json({ error: 'No token' });
+  
+  try {
+    const jwt = require('jsonwebtoken');
+    const decoded = jwt.verify(token, process.env.JWT_SECRET || 'clouddisk-secret-key');
+    
+    db.query(
+      'SELECT * FROM files WHERE user_id = ? AND deleted_at IS NOT NULL ORDER BY deleted_at DESC',
+      [decoded.userId]
+    ).then(files => {
+      res.json({ files });
+    });
+  } catch (error) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// Restore file
+router.post('/:id/restore', (req, res) => {
+  const token = req.headers.authorization?.replace('Bearer ', '');
+  if (!token) return res.status(401).json({ error: 'No token' });
+  
+  try {
+    const jwt = require('jsonwebtoken');
+    const decoded = jwt.verify(token, process.env.JWT_SECRET || 'clouddisk-secret-key');
+    
+    db.run(
+      'UPDATE files SET deleted_at = NULL WHERE id = ? AND user_id = ?',
+      [req.params.id, decoded.userId]
+    ).then(() => {
+      res.json({ success: true });
+    });
+  } catch (error) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// Permanently delete
+router.delete('/:id', (req, res) => {
+  const token = req.headers.authorization?.replace('Bearer ', '');
+  if (!token) return res.status(401).json({ error: 'No token' });
+  
+  try {
+    const jwt = require('jsonwebtoken');
+    const decoded = jwt.verify(token, process.env.JWT_SECRET || 'clouddisk-secret-key');
+    
+    // Permanently delete
+    db.run(
+      'DELETE FROM files WHERE id = ? AND user_id = ? AND deleted_at IS NOT NULL',
+      [req.params.id, decoded.userId]
+    ).then(() => {
+      res.json({ success: true });
+    });
+  } catch (error) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// Empty trash
+router.post('/empty', (req, res) => {
+  const token = req.headers.authorization?.replace('Bearer ', '');
+  if (!token) return res.status(401).json({ error: 'No token' });
+  
+  try {
+    const jwt = require('jsonwebtoken');
+    const decoded = jwt.verify(token, process.env.JWT_SECRET || 'clouddisk-secret-key');
+    
+    db.run(
+      'DELETE FROM files WHERE user_id = ? AND deleted_at IS NOT NULL',
+      [decoded.userId]
+    ).then(() => {
+      res.json({ success: true });
+    });
+  } catch (error) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+module.exports = router;