Privacy Policy

We respect your privacy. This page explains what we collect, why, and how to exercise your rights under the GDPR.

1. Data we process

We process the following data only to operate the service:

• Files you upload: stored on our servers until they expire or you delete them.
• Account data: email address and a cryptographic hash of your password (Argon2id).
• Sessions: a server-side session record and an HTTP-only session cookie.
• Download logs: a SHA-256 hash of the requester's IP, user-agent, and timestamp - for abuse prevention. The IP itself is not retained.
• Payments: when you subscribe, the crypto transaction is processed by our payment provider. We store the order ID, amount, status, and crypto symbol - not your wallet address.

2. Legal basis

Processing is based on Art. 6 (1)(b) GDPR (performance of a contract) for service operation and billing, and Art. 6 (1)(f) GDPR (legitimate interests) for security and abuse prevention.

3. Retention

Files expire automatically based on your tier. Deleted files are removed from storage. Account data is kept while your account is active and erased on request. Download logs are retained for up to 90 days for abuse prevention, then deleted.

4. Your rights

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to lodge a complaint with a supervisory authority. Contact us at legal@drop.xxx to exercise any of these rights.

5. Sharing

We do not sell personal data. We share data only with processors that operate the service on our behalf (hosting, our payment provider) and where legally required.

6. Contact

Operator: Drop, . Email: legal@drop.xxx.