Effective Date December 21, 2025

Privacy Policy for OpenDrop

This Privacy Policy explains how OpenDrop collects, uses, and safeguards information when you use the OpenDrop mobile application and associated desktop server software.

  1. Introduction

    OpenDrop ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how our self-hosted, distributed file access system collects, uses, and safeguards your information when you use our mobile application ("App") and associated desktop server software.

  2. Information We Collect

    • Google Account Information: When you choose to sign in with Google to use our Cloud Sync features, we collect your email address and Google User ID. This is used exclusively to authenticate you and securely link your mobile device to your personal desktop server.
    • Connection Data: To facilitate the connection between your devices, we temporarily store your Tunnel URL and a hashed version of your connection credentials in our secure Key-Value store.
    • Purchase Information: If you subscribe to OpenDrop Pro, our payment processors (RevenueCat, Google Play, Stripe) handle your financial transaction. We do not store your credit card details. We only receive a confirmation of your subscription status and expiration date linked to your User ID.
    • File Data (End-to-End): OpenDrop facilitates the transfer of files between your own devices. We do not store your files on our cloud servers. Your files are transferred directly between your desktop and mobile device via a secure tunnel.

  3. How We Use Your Information

    We use the collected information for the following specific purposes:

    • Device Pairing: To discover and connect your devices automatically without manual IP entry.
    • Authentication: To ensure that only you can access the files on your personal desktop server.
    • Subscription Management: To verify your "Pro" status across platforms (e.g., unlocking features on Desktop after purchasing on Android).

  4. Data Sharing and Third-Party Services

    We utilize trusted third-party services to operate our infrastructure. These partners have access to limited data necessary to perform their functions:

    • Cloudflare: We use Cloudflare Tunnels and Workers to securely route traffic between your devices. They may process your IP address and connection metadata to provide security and DDoS protection.
    • RevenueCat: Used to manage subscription status and sync purchase history between your Android device and Desktop.
    • Google Firebase / OAuth: Used for secure user authentication.

  5. Data Security

    • Secure Tunnels: All file transfers occur over an encrypted HTTPS connection using Cloudflare Tunnels.
    • Access Control: Access to your desktop server is protected by a generated "Shared Secret" (API Key) and/or Google Authentication tokens. You are responsible for keeping your Shared Secret confidential.

  6. Data Retention

    • Ephemeral Connection Data: The connection details (Tunnel URL) stored in our cloud are temporary and are set to expire automatically (e.g., every 20 minutes) when not in use.
    • User Files: Your files remain on your local devices. We have no access to them.

  7. Children's Privacy

    Our Service is not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13.

  8. Changes to This Privacy Policy

    We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

  9. Contact Us

    If you have any questions about this Privacy Policy, please contact us at:

    spot4nickgaming@gmail.com

Last updated: December 21, 2025

```