Privacy Policy

Our Privacy Commitment

At CryptDrop, we are dedicated to protecting your privacy. This service was built with privacy as its core principle.

Information Collection

We collect absolutely minimal data to provide our service:

• Message Content: Your message content is encrypted in your browser before being sent to our servers. We never receive the unencrypted content.
• Encryption Keys: Encryption keys are generated in your browser and are never transmitted to our servers. Keys are only shared in the URL fragment (#) which is not sent to the server.
• Attachments: Any file attachments are encrypted client-side and we never have access to the unencrypted content.

Data Storage

We only store:

• The encrypted message
• A unique ID for the message
• Creation timestamp
• Encrypted file attachments (if any)

All data is permanently deleted from our servers after:

• The message is viewed once, or
• 24 hours from creation, whichever comes first

Data Deletion

When a note is deleted (after viewing or expiration), it is immediately removed from our database. Since all data is encrypted, even direct database access would not reveal the content.

Minimal Logging

We maintain minimal logs for security and abuse prevention:

• No persistent user profiles or tracking
• No logging of message content or file attachments
• No IP addresses permanently stored
• Logs are used only for real-time security monitoring and abuse prevention

What we don't do:

• We don't profile users or build usage patterns
• We don't store historic access logs
• We don't associate any data with user identities

No Third Party Sharing

We do not share any data with third parties. Period.

Security

We employ multiple layers of security:

• Client-side AES-256 encryption
• HTTPS for all connections
• XSS and other vulnerability protections
• Secure HTTP headers

We cannot access your message content even if legally compelled to do so, as we never possess the encryption keys.