Last updated: March 15, 2026
SwiftDrop collects minimal data to operate the service: your email address (if you create an account), IP address for rate limiting, and basic transfer metadata (file size, timestamp, expiration). We do NOT collect or store the content of your files.
All files are encrypted client-side using AES-256-GCM before transmission. Encryption keys are derived locally and included only in the share link fragment (after #), which is never sent to our servers. We cannot decrypt your files.
Encrypted file data is stored temporarily until the transfer expires (default: 24 hours). After expiration, data is permanently deleted from all storage nodes within 1 hour. Account data is retained until you delete your account.
When both sender and recipient are online simultaneously, files are transferred directly via WebRTC/WebTorrent. In this mode, file data does not pass through our servers at all.
We do not sell, share, or provide access to your data to any third party. We use Cloudflare for DDoS protection and Let's Encrypt for TLS certificates. No analytics or tracking scripts are loaded.
Our relay servers are located in privacy-friendly jurisdictions. All server disks use full-disk encryption. Access logs are rotated every hour and permanently deleted.
You may request deletion of your account and all associated data at any time via the dashboard or by emailing privacy@swiftdrop.io. We respond within 48 hours.
For privacy-related inquiries: privacy@swiftdrop.io