Privacy Policy
Last updated: February 2025
Overview
Blindrop is a zero-knowledge secret sharing service. We are committed to protecting your privacy and have designed our service to minimize data collection.
What We Cannot See
Due to our zero-knowledge architecture, we cannot access:
- The content of your secrets (encrypted in your browser before transmission)
- Decryption keys (stored only in the URL fragment, never sent to our servers)
- Who views a secret or what they do with it
What We Store
- Encrypted secret data (unintelligible without the decryption key)
- View count remaining
- Expiration timestamp
- Creation timestamp
All stored data is automatically deleted when the view limit is reached or the secret expires (maximum 7 days).
Server Logs
Our hosting provider (Vercel) may collect standard server logs including:
- IP addresses
- Browser user agent
- Request timestamps
- Request URLs (excluding the fragment containing the decryption key)
These logs are used for security, abuse prevention, and service operation. They are retained according to Vercel's data retention policies.
Cookies
Blindrop does not use cookies for tracking or analytics. Our hosting provider may use essential technical cookies for infrastructure purposes (such as load balancing and security).
Third Parties
We do not sell, share, or provide your data to third parties for marketing or advertising purposes. We may disclose information if required by law or to protect our rights and safety.
Data Location
Encrypted data is stored using Upstash Redis. Server infrastructure is provided by Vercel. Both services may process data in various geographic locations.
Contact
For privacy-related inquiries, please contact us at privacy@bastionforge.com
Changes
We may update this policy from time to time. Continued use of the service constitutes acceptance of any changes.