Security
How we protect your files and data.
Encryption in Transit
All connections to simpledrop use TLS 1.3. File uploads, downloads, and API requests are encrypted end-to-end between your browser and our infrastructure. We do not accept unencrypted connections.
Storage & Infrastructure
Files are stored on Cloudflare R2, a globally distributed object storage service. Data is replicated for durability and availability. Access is controlled by cryptographically secure, unguessable links. We do not store your files on our own servers; they reside in enterprise-grade cloud infrastructure.
Access Control
Shared links are generated with high-entropy random identifiers. Without the full URL, files cannot be accessed. You control who receives each link. Optional password protection and download caps add another layer of control. Account authentication uses industry-standard OAuth (e.g. Google) — we never store passwords.
AI & Third-Party Processing
When you use AI features, file contents may be sent to Anthropic (Claude) for analysis. Anthropic does not train on customer data. All API communication is encrypted. We only share the minimum data required to deliver the feature you requested.
Incident Response
We monitor for unusual activity and have processes in place to respond to security incidents. If we become aware of a breach affecting your data, we will notify affected users and relevant authorities as required by law.
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly to security@simpledrop.zip. We appreciate coordinated disclosure and will work with you to address issues promptly.