Rabbitdrop Logo rabbitdrop
Legal

Privacy Policy

Last updated: April 26, 2026

At Rabbitdrop ("we", "our", or "us"), your privacy is important to us. This Privacy Policy explains what information we collect when you use rabbitdrop.com (the "Service"), how we use it, and what choices you have. By using the Service you agree to the practices described here.

1. Information We Collect

1.1 Information you provide

  • Email address — collected only when you create a Verified account, purchase a paid plan, or contact us for support. Anonymous (Ghost) users are never asked for an e-mail.
  • Files you upload — stored temporarily on our secure infrastructure for the sole purpose of delivery. We practice strict data minimisation: we do not open, read, or analyse the content of your files.
  • File Processing (Local WASM) — We utilize WebAssembly (WASM) technology to process and chunk files locally in your browser before transmission. This structural analysis happens on your local device to enhance privacy.

1.2 Information collected automatically

  • File metadata — name, size, and MIME type are automatically read to facilitate the transfer. This data is linked to your transfer and is purged simultaneously with the file.
  • IP address — used transiently to enforce per-IP rate limits (e.g., the 1 GB daily limit for Ghost users) and detect abuse.
  • Infrastructure Logs — upload/download timestamps, technical error logs, and performance metrics (such as upload duration). These are processed via Cloudflare to diagnose technical issues, measure service health, and optimize transfer speeds.
  • Cloudflare Turnstile — we use Cloudflare Turnstile for bot protection on uploads. Turnstile may process certain browser signals on Cloudflare's behalf. See Cloudflare's Privacy Policy for details.

1.3 Cookies & local storage

We use browser local storage exclusively to keep you signed in when you have an account (session token only). We do not use advertising cookies or analytics SDKs that profile individual users. Essential infrastructure cookies may be set by Cloudflare.

2. How We Use Your Information

  • To operate the Service (store, process, and deliver files within our retention lifecycle).
  • To manage payments, subscriptions, and tax collection via Lemon Squeezy (Merchant of Record).
  • To send transactional emails (verification, subscription receipts).
  • To detect and prevent abuse or violations of our Terms of Service.

3. File Storage, Encryption & Hard-Delete Lifecycle

Files are stored on Cloudflare R2 and protected at every stage:

  • In-transit encryption — all data is encrypted via TLS 1.2+ (HTTPS).
  • At-rest encryption — Cloudflare R2 encrypts all stored objects using AES-256.

Every transfer follows a strict lifecycle before Hard Delete:

  • Ghost/Verified Phase — files are deleted after 24 hours (Ghost) or 3 days (Verified).
  • Flash Phase — files are active for 7 days.
  • Lazarus Window (14 days) — after the active phase, files enter a 14-day recovery window before final purging.
  • Hard Delete — at the end of the lifecycle, the file is permanently and irreversibly deleted from our storage. No copy is retained.

This automatic mechanism is designed to be fully compatible with the GDPR right to erasure.

4. Third-Party Service Providers

We share data only with the following sub-processors necessary to provide the Service:

  • Cloudflare, Inc. — infrastructure, R2 storage, and bot protection.
  • Lemon Squeezy LLC — We process payments through secure, third-party PCI-DSS compliant payment providers. Upon merchant approval, Lemon Squeezy will act as our Merchant of Record for payment processing and tax management.. We do not store your credit card details; they are handled directly by Lemon Squeezy.

5. Your Rights

You have the right to access, rectify, or request erasure of your data. Uploaded files are automatically hard-deleted at the end of their lifecycle. For account-related inquiries, contact info@rabbitdrop.com.

6. Contact Us

Questions about this Privacy Policy? Contact us at:
info@rabbitdrop.com