Legal
Last updated: May 2026
CYPH3RDROP is designed to collect as little data as possible. We do not require accounts. We do not store your name, email address, or IP address. We cannot read your secrets — they are encrypted in your browser before they reach us.
When you create a secret, we store one thing: an encrypted blob of ciphertext. This is the output of AES-256-GCM encryption that ran in your browser. We do not hold the encryption key. We cannot decrypt it.
Each encrypted blob is assigned a random ID and given a time-to-live of 7 days. It is permanently deleted either when the link is opened or when the 7-day window expires — whichever comes first.
We do not store your IP address, browser fingerprint, device information, or any personal identifiers. We do not log which secrets were created by whom. There is no user account system and no cookies are set.
We use Upstash Redis to store encrypted blobs. Upstash processes data in accordance with their own privacy policy, available at upstash.com. The data they hold is encrypted ciphertext with no associated personal information.
We use Vercel to host and serve this website. Vercel may collect standard server access logs (including IP addresses) as part of their infrastructure. These logs are governed by Vercel's privacy policy and are not accessible to us.
CYPH3RDROP does not use cookies, analytics trackers, advertising pixels, or any third-party tracking scripts. There is no Google Analytics, no Meta Pixel, and no session tracking of any kind.
CYPH3RDROP is not directed at children under the age of 13. We do not knowingly collect any information from children.
If we make material changes to this policy, we will update the date at the top of this page. We encourage you to review it periodically.
Questions about this policy? Reach us at hello@cyph3rdrop.com.