Your data stays yours.
This privacy policy explains how Dropvault collects, uses, and protects your information. We are based in the United Kingdom and comply with the UK GDPR and the Data Protection Act 2018.
Last updated: 26 January 2026
Who we are
Dropvault is operated by Dropvault Core, a UK-based service. For privacy requests, contact us at privacy@dropvault.example.
Data we collect
We collect minimal data needed to operate the service: account email, encrypted payloads, share metadata (such as expiry settings), and security logs. We do not receive your plaintext files or encryption keys.
Legal basis for processing
We process personal data to provide the service (contract), to secure and improve the platform (legitimate interests), and to comply with legal obligations.
How we use data
We use data to deliver encrypted files, manage access, prevent abuse, and provide support. We do not sell your data or use it for advertising.
Data retention
Encrypted payloads and share links are retained only as long as needed for delivery or until their expiry. Operational logs are kept for a limited period for security and compliance.
International transfers
If we transfer data outside the UK, we use appropriate safeguards such as UK IDTA or equivalent contractual protections.
Your rights
You may request access, correction, deletion, restriction, or portability of your data. You can also object to processing. Contact us to exercise these rights.
Cookies
We use essential cookies for session security and service functionality. We do not use third-party advertising cookies.
Contact and complaints
For privacy concerns, email privacy@dropvault.example. You may also complain to the UK Information Commissioner's Office (ICO).