QuickDrop

Privacy Policy

Last updated: May 3, 2026

Information We Collect

QuickDrop is designed with privacy in mind. We collect minimal information:

  • Files you upload (Drop): Stored temporarily and automatically deleted after expiration
  • Account information: Email and name if you choose to sign up
  • Anonymous identifiers: Browser cookies to track upload limits for anonymous users

Flash P2P Transfers

When using Flash (P2P) transfers, your files are sent directly between devices using WebRTC technology. This means:

  • No server storage: Your files never pass through or are stored on our servers
  • Direct connection: Files transfer directly from sender to receiver
  • Encrypted transfer: WebRTC connections are encrypted by default (DTLS)
  • Temporary codes: Room codes are only used to establish connection and expire after 10 minutes

We use a signaling server (PeerJS) only to help devices discover each other. Once connected, all data flows directly between devices without passing through any server.

OAuth Sign-In Data

When you sign in with Google or GitHub, we receive:

  • Google: Your name, email address, and profile picture
  • GitHub: Your username, email address, and profile picture

We do not receive or store your Google/GitHub password. Authentication is handled securely by these providers.

Password Security

If you create an account with email and password, your password is securely hashed using industry-standard bcrypt encryption before storage. We never store or have access to your plain-text password.

How We Use Your Information

  • To provide file sharing functionality
  • To enforce upload limits and prevent abuse
  • To send share links and download notifications

Data Retention

Files are automatically deleted when they expire or reach their download limit. We do not keep copies of your files after deletion.

Third-Party Services

We use the following third-party services:

  • Cloudinary: For secure file storage and delivery (Drop uploads only)
  • PeerJS: Signaling server to establish P2P connections (Flash transfers). Only connection metadata is exchanged - not your files.
  • STUN servers: Public servers (Google, Cloudflare, Twilio, Mozilla) to help establish peer connections
  • Authentication providers: Google and GitHub for optional sign-in

Your Rights

You can delete your account and all associated data at any time from your profile settings. Anonymous uploads are automatically deleted based on expiration settings.

Account Deletion

When you delete your account, the following data is permanently removed:

  • All your uploaded files from our cloud storage (Cloudinary)
  • All share links associated with your files
  • Your account information (email, name, profile picture)
  • Your upload quota and usage history

This action is irreversible. Local browser history of your shares is cleared separately from your device.

Contact

For privacy concerns, please reach out to us through the application.