SecretDropBox

Privacy Policy

Last updated: August 10, 2025

Introduction

Welcome to SecretDropBox. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we handle any information when you use our service.

As an enterprise-focused secure sharing platform, we understand the importance of data protection and compliance with regulations.

Zero-Knowledge Architecture

SecretDropBox operates on a zero-knowledge architecture, which means:

  • We cannot access the content of your shared secrets or files
  • All encryption and decryption happens in your browser, not on our servers
  • We do not store encryption keys - they remain in your control
  • Even if compelled by law, we cannot decrypt your content

This approach ensures your organization maintains complete control over sensitive information while meeting compliance requirements.

Information We Collect

We collect minimal information to provide our service:

Encrypted Data

We store only encrypted data that we cannot read or access. This includes:

  • Encrypted secret content (text or files)
  • Encrypted metadata about your secrets

Technical Information

We collect limited technical information necessary for the operation of our service:

  • IP addresses (stored temporarily for security and abuse prevention)
  • Browser type and version
  • Access timestamps
  • Error logs (without personal information)

We do not use cookies for tracking or advertising purposes. We use only essential technical cookies required for the service to function.

How We Use Information

We use the limited information we collect only for:

  • Providing and maintaining our service
  • Improving and developing our service
  • Protecting against abuse and attacks
  • Complying with legal obligations

We understand that enterprise customers have strict compliance requirements, and our minimal data collection practices are designed with this in mind.

Data Retention

Encrypted secrets are automatically deleted after:

  • They are accessed once (one-time secrets)
  • They reach their expiration date (maximum 7 days)
  • You manually delete them

Technical logs are retained for a maximum of 30 days and then permanently deleted.

Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object

To exercise these rights, please contact us at [email protected].

International Transfers

SecretDropBox is operated from servers in the United States. If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

We ensure compliance with international data protection laws and regulations, including GDPR and other applicable frameworks.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • By email: [email protected]
  • By mail: SecretDropBox Inc., 123 Security Ave, San Francisco, CA 94107, USA