Privacy Policy

Last updated: March 26, 2026

1. Data Controller

VaultDrop ("we", "us", "our") is the data controller responsible for your personal data. VaultDrop is operated within the European Union and is committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR).

2. Data We Collect

We collect the following categories of personal data:

  • Account information — email address and hashed password when you create an account.
  • Files and metadata — files you upload, along with file names, sizes, and upload timestamps.
  • Usage data — IP addresses, browser type, and access timestamps recorded in server logs and audit trails.
  • Anonymous transfers — files sent via the anonymous transfer feature are stored temporarily without any account association.

3. Legal Basis for Processing

We process your data under the following GDPR legal bases:

  • Contract performance — to provide the cloud storage service you signed up for.
  • Legitimate interest — to maintain security, prevent abuse, and improve our service.
  • Consent — where applicable, such as for optional communications.

4. Where Your Data Is Stored

All data remains within the European Union. We use the following EU-based infrastructure:

  • Application server — Hetzner, Germany.
  • File storage — Cloudflare R2, EU jurisdiction.
  • Database — Turso (LibSQL), EU West (Ireland).

Your data is never transferred outside the EU. We do not use any US-based cloud providers for data storage or processing.

5. Data Retention

  • Account data — retained for as long as your account is active. Deleted upon account deletion.
  • Files — retained until you delete them. Soft-deleted files are permanently removed within 30 days.
  • Anonymous transfers — automatically deleted after 7 days.
  • Audit logs — retained for up to 12 months for security purposes.

6. Your Rights

Under the GDPR, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate personal data.
  • Erasure — request deletion of your personal data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Restriction — request limited processing of your data.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at privacy@vaultdrop.eu.

7. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, third-party analytics, or advertising cookies. Your theme preference (light/dark mode) is stored in your browser's local storage.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (TLS), hashed passwords, two-factor authentication, and audit logging of security-relevant actions.

9. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a notice on our website. The "last updated" date at the top reflects the most recent revision.

10. Contact

If you have questions about this privacy policy or your personal data, contact us at privacy@vaultdrop.eu.

You also have the right to lodge a complaint with a supervisory authority in the EU member state where you live or work.