Privacy Policy

Last updated: 6 June 2026

This Privacy Policy explains what information is involved when you use JustDrop at justdrop.ai (the "Service"), why, and what choices and rights you have. JustDrop is built so that we handle as little of your information as possible — most of what follows is about how little we hold, not how much.

1. Who we are

The Service is operated by Vibecraft Digital FZ LLC ("JustDrop", "we", "us"), a free-zone company registered at Meydan Free Zone, Dubai, United Arab Emirates. We are the controller responsible for the limited personal data described in this policy.

For any privacy question or request, contact us at support@justdrop.ai.

2. What we don't do

Because of how JustDrop is built, several things that most websites do simply don't happen here:

• We don't require an account, login, or any sign-up.
• We don't use advertising, ad networks, or marketing trackers.
• We don't set tracking cookies and we don't run web analytics.
• We don't build profiles of you or track you across other websites.
• We don't sell, rent, or trade personal information, and we don't "share" it for cross-context behavioural advertising.
• We can't read the contents of your files, messages, voice notes, passwords, or locations — they are encrypted on your device before they reach us.

3. The information we handle, and why

To move a file from one device to another, a small amount of information has to pass through our systems. Here is all of it.

Encrypted content (we can't read it)

When you send a file, photo, voice note, password, live location, or chat message, it is encrypted on your device first. We only ever receive the scrambled version and store it temporarily so the other person in your room can download it. We do not have the keys to unscramble this content, so to us it is meaningless data.

Transfer details (room metadata)

To route a transfer between two devices, we briefly store technical details about the room, such as:

• the room code;
• file names, file sizes, and file types;
• timestamps (when a file was added, downloaded, or the room created);
• whether a sender and receiver are currently present in the room;
• the encrypted key material used so that only the two people in the room can open the content.

We use this only to make the transfer work. It is deleted along with the content (see Section 6).

Security and abuse-prevention data

To protect the Service from abuse, our systems briefly process your IP address in memory to count requests and apply rate limits. This is held for roughly one minute and is never written to a database, log file, or audit trail by us. Separately, our hosting and content-delivery providers may process your IP address at the network level to deliver the site and defend against attacks — this is standard for any website.

If you contact us

If you email support@justdrop.ai, we receive your email address and whatever you choose to put in your message, and we keep it for as long as needed to handle your request.

4. How your content stays private (end-to-end encryption)

JustDrop uses end-to-end encryption. In plain terms: the file is locked on your device before it leaves your browser, and only the people in your room — the ones holding the room code — have what's needed to unlock it.

• Each file is encrypted on your device with a unique key (AES-256-GCM).
• That key is itself locked using the recipient's public key, so only their device can recover it.
• The private keys that unlock everything are generated in your browser and never sent to us.

The practical result: we cannot open your files, read your messages, listen to your voice notes, see your shared location, or reveal a password you sent — even if we were asked to. We only ever hold encrypted data and the routing details above.

5. How long we keep things

• When the transfer is done or the room is closed, the encrypted content and its transfer details are deleted from our storage.
• If you set a timer (up to 24 hours), the room and everything in it are deleted when the timer ends.
• If a room is left open without a timer, it remains only until it is closed or routinely cleared by our system.
• Support emails are kept only as long as needed to deal with your enquiry.

We do not keep backups of your transfers, and we do not archive content after a room ends.

6. Where your data is processed, and international transfers

We are based in the UAE. To run the Service, encrypted content and room metadata are processed using Google's cloud infrastructure (see Section 7), which may store or process data in locations outside your country, including outside the UAE and the European Economic Area (EEA).

Where personal data of EEA or UK individuals is transferred internationally, those transfers are covered by appropriate safeguards such as the Standard Contractual Clauses offered by our infrastructure provider. Given the data is encrypted and minimal, the privacy risk of these transfers is low.

7. Who we work with (sub-processors)

We keep our list of third parties deliberately short:

• Google (Firebase Realtime Database & Google Cloud Storage): stores the encrypted transfer and its routing details for the short life of the room.
• Our cloud hosting / content-delivery provider: serves the website and the app to your browser.

We do not use analytics, advertising, email-marketing, or customer-tracking services.

8. Your privacy rights

Depending on where you live, you have rights over your personal data. Because JustDrop holds almost no information that identifies you — no account, no stored IP, and content we can't read — there is usually very little for us to act on, and we may be unable to connect a given transfer to you. We will still help wherever we can. To make a request, email support@justdrop.ai.

United Arab Emirates (PDPL)

Under UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, you may request access to, correction of, or deletion of your personal data, object to or restrict certain processing, and ask about cross-border transfers, subject to the law's conditions.

European Economic Area & United Kingdom (GDPR / UK GDPR)

You have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. You also have the right to lodge a complaint with your local data protection authority. Where we cannot identify you from the data we hold, we may ask for more information or, if we still cannot identify you, may be unable to action the request (Article 11, GDPR).

California (CCPA / CPRA)

California residents may request to know, delete, or correct personal information, and may opt out of its sale or sharing. To be clear: we do not sell or share personal information, and we will not discriminate against you for exercising your rights. You may use an authorised agent to make a request.

9. Legal bases for processing (GDPR)

Where the GDPR applies, we rely on:

• Performing the service you ask for — processing the room and encrypted content so your transfer actually reaches the other person.
• Our legitimate interests — keeping the Service secure, preventing abuse, and operating it reliably, balanced against your rights.

10. Children's privacy

JustDrop is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will address it.

11. Security

Connections to JustDrop are encrypted in transit (HTTPS), and your content is additionally end-to-end encrypted as described above. No method of transmission or storage is ever completely secure, but holding almost nothing — and nothing we can read — is the strongest protection we can offer.

12. Cookies and tracking

We don't use tracking cookies, advertising cookies, or web analytics. The full details (and the one small, purely functional exception) are in our Cookie Notice.

13. Changes to this policy

If we update this policy, we'll change the date at the top and, for significant changes, highlight them on the site. Continuing to use JustDrop after an update means you accept the revised policy.

14. Governing law

This policy is governed by the laws of the United Arab Emirates and the applicable regulations of Meydan Free Zone, Dubai, without affecting any mandatory data-protection rights you have under the laws of your own country.

15. Contact & complaints

Questions, requests, or complaints: support@justdrop.ai. If you are in the EEA or UK and aren't satisfied with our response, you may also complain to your local data protection authority.