Privacy Policy

Last updated: January 15, 2026

Data We Collect

We collect minimal data necessary to operate the Service:

• Upload metadata: file size, upload timestamp, expiration date, IP address (hashed and stored for 48 hours for abuse prevention)
• Access logs: standard web server logs retained for 7 days
• Registered users: email address and hashed password

Data We Do NOT Collect

• File contents (encrypted client-side, we cannot decrypt)
• File names (encrypted as part of the payload)
• Tracking cookies or advertising identifiers
• Browser fingerprints

Encryption

All files are encrypted using AES-256-GCM in your browser before transmission. The encryption key is derived from a random value embedded in the URL fragment identifier, which is never sent to our servers per the HTTP specification. This means we have zero knowledge of your file contents.

Data Retention

Encrypted file data is deleted upon expiration (default 30 days). Server access logs are retained for 7 days. IP hashes for abuse detection are retained for 48 hours. Account data is retained until account deletion.

Third Parties

We do not sell, share, or transfer user data to third parties. We do not use analytics services or advertising networks. Our servers are self-hosted in certified data centers in the European Union.

GDPR

We comply with GDPR. You have the right to access, rectify, and delete your personal data. Contact privacy@quickdrop.example for data requests.

Changes

We will notify registered users of material changes to this policy via email. Updated policies take effect immediately upon posting.