_/ drop / privacy

what we log

short answer: almost nothing. here's the full picture.

your IP address

never stored, never read

who uploaded a file

no accounts, no identity

who downloaded a file

we don't know and don't want to

yes

the files themselves

stored in Cloudflare R2 until the file expires — that's the product

yes

download count per file

needed to show how popular a file is

yes

anonymous download token

a random cookie ID — used only to prevent the same browser from extending a file's lifespan multiple times

the cookie

when you visit a download page, we set one cookie called drop_id. it contains a random 16-character string — something like xk29mq7vR4nBwLpY.

it's not linked to you. it has no name, no email, no IP. it's just a way to know "this browser already downloaded this file" so we don't add +3 days every time the same person clicks download.

it expires after 30 days. clearing your cookies removes it. that's it.

your files

files are stored in Cloudflare R2, a private bucket. they're not publicly accessible — every download goes through a short-lived signed URL that expires after 1 hour.

files expire automatically. each download from a new browser adds +3 days, up to a cap of 30 days from the original upload. after expiry, the file is deleted from storage.

we don't read your files. we don't index them. we don't know what's in them.

third parties

file bytes are stored on Cloudflare R2 — subject to Cloudflare's own privacy policy. file metadata (name, size, expiry) lives in Redis on our own server.

no analytics. no ads. no trackers. no CDN for the frontend other than what Nginx serves directly.

← backlast updated May 2026