Privacy Policy

SendDrop is built around one principle: the less we know about you, the better. We do not require accounts. We do not track what links you share. We do not sell data. Most data is deleted automatically after pickup or expiry.

• Link content (payload): Stored encrypted in our database until pickup or expiry — then physically deleted. All payloads are encrypted with AES-256-GCM. For PIN-protected drops, the server cannot read your content without the correct PIN.
• IP address: Used in-memory for rate limiting (max drops/pickups per minute). Never written to a database or log file. Lost on server restart.
• Pickup history: Stored only in your browser's localStorage. The server has no record of which codes you have sent or received.
• Link previews: For non-PIN-protected drops, our server fetches the URL to extract an og:image preview. This fetch appears to the target site as coming from SendDropBot. No preview data is retained after the drop expires.

• No analytics or behavioural tracking scripts
• No device fingerprints
• No email addresses or names
• No payment information

SendDrop displays advertisements served by Google AdSense to support the free service. Google may use cookies and similar technologies to serve ads based on your prior visits to this and other websites.

You can opt out of personalised advertising at any time by visiting google.com/settings/ads.

Ad cookies are set by Google and governed by Google's Privacy Policy. SendDrop does not receive or store any data Google collects for advertising purposes.

Drops are deleted from our database automatically when:

• The pickup limit is reached (burn after read)
• The expiry time passes (5 minutes, 1 hour, or 24 hours)
• Our hourly cleanup job runs and removes expired rows

We do not retain backups of drop content beyond the primary database row.

SendDrop runs on Hostinger infrastructure (Node.js + MySQL). Beyond Google AdSense (described above), no third-party analytics, CDN content scanning, or AI processing services have access to drop payloads. Our database server is located in the EU (Hostinger Lithuania).

All drop payloads are encrypted with AES-256-GCM before being written to the database. The encryption key is derived from the pickup code and optional PIN combined with a server-side secret. For PIN-protected drops, the server cannot decrypt the payload without the correct PIN — meaning your content is protected even from us.

Because we collect no personal identifiers, we cannot look up data associated with “you” as an individual. If you know the pickup code of a drop you created, you can retrieve and delete its content by using it before it expires. For any other requests, contact us at the address below.

Questions about this policy? Email golearnsap@gmail.com