Dropvault UK:152 City Road,
United Kingdom, EC1V 2NX
Dropvault Ireland:34 Christchurch Place,
DropVault is committed to protecting the privacy of the data that we collect from you as you use this Web site (the “Site”).
DropVault does not sell or make available any data stored in our database to third parties. The information or data you add to DropVault is your data and we will take all steps necessary to secure and keep it safe
We use industry leading 256 bit data encryption to protect your data and we constantly validate our security layers to ensure they are sufficient to protect your data at all times.
If you subscribe to DropVault (free or paid account) we will only communicate with you as the owner of the account. If you add additional users or contacts , DropVault will never communicate directly with these users, unless they contact us using our email or support channels.
DropVault is ad free. We do not serve any ads and do not implement any tracking cookies.
What personal information does DropVault collect?
Depending on the action you take on the site, we collect different information to provide you with the service or a response.
|Contact us||Name, email address, business/organization (optional) and your message.||To respond to your enquiry and provide you with the information requested.|
|Free trial signup||Name, email address, business/organization , country, IP address||To create the account/free trial on DropVault, provide you with a login and communicate with you about the service and features.|
|Email into us||Name, email address, business/organization (possible)||To respond to your enquiry and provide you with the information requested.|
How may my Personal Info be used?
DropVault uses your personal Info to fulfill your requests for information, to create your account on DropVault and to communicate with you on our services and operations.
DropVault may also send marketing information to you on DropVault on your request, it's features and "how to" guides but only if you have chosen to receive these messages.
Are cookies and IP addresses used?
Are Cookies required?
By accepting our required cookies, you will be permitted access to certain pages of the site without having to log in each time you visit. A user who does not accept the required cookies from the Site may not be able to access certain areas of the site.
|Dropvault app||DROPVAULT||Yes||Used to track your authorization on our site/app and give you access to the correct channels|
|Dropvault App||DVTOKEN||Yes||Used to maintain your context when accessing Dropvault channels|
|Our servers||Asp.Net_SessionID||Yes||No longer used|
|Our servers||ARRAfinity||Yes||Used to manage your connection to our servers and connection to our server farm|
|Our servers||_requestverificationtoken||Yes||Used in cross site scripting protection|
|Google Firebase||CONSENT||Optional||For optional push messages to your browser|
Changing Cookie preferences For optional cookies, You can change your cookie preferences at any time by choosing cookie consent at the end of every page.
DropVault also logs IP addresses, or the location of computers on the Internet, to help diagnose problems with our server and to administer the Site and to implement security features. This audit log is available to you, as the owner of your site on Dropvault via your Settings dashboard.
In addition to cookies, we also use local storage in your browser depending on the options you choose.
|IndexedDB||DVDB||E2EE key storage||If you create or access any E2EE channels we will create and store encryption keys in the Indexdb|
|IndexedDB||Firebase-installations||Firebase setup||Only if you choose to use Firebase messaging|
|IndexedDB||Firebase-messaging||Firebase browser access||Only if you choose to use Firebase messaging|
|Browser Cache||CacheFirstStorage||Cache storage for selected items||Used if you choose to install Dropvault as an app|
Is my information disclosed to third parties?
Short version - DropVault does not sell or provide information to ANY third parties unless it's in direct relation to the service you requested (when you want to send a message from your DropVault account to a 3rd party)
DropVault will not intentionally disclose (and will take commercially reasonable steps to prevent the accidental disclosure of) your Personal Info to third parties (i.e., persons or entities ), whether for such third parties’ marketing purposes or otherwise, subject only to the following four exceptions:
DropVault may disclose your Personal Info to third parties as required or permitted by the laws, rules, and regulations of any nation, state, or other applicable jurisdiction;
DropVault may disclose your personal information to third parties who deliver information from us to you for the purpose of performing such delivery;
DropVault may disclose your personal information if, in connection with submitting the information, you consent to such disclosure;
DropVault may disclose contact information for you in response to inquiries by bona-fide rights owners in connection with allegations of infringement of copyright or other proprietary rights arising from information you have posted on the Site or otherwise provided to DropVault. We will always contact you first before sharing any personal information with such a 3rd party.
How can I access, change, and/or delete information?
You may access, correct, update, and/or delete any personal information that you submitted to the Site.
You may also un-subscribe from mailing lists or any registrations on the Site. To do so, please either follow instructions on the page of the Site on which you have provided such information or subscribed or registered, or send us an e-mail at firstname.lastname@example.org
To submit an SAR (subject access request) please fill in an SAR . In order to process any SAR we may require documentation to verify your identity.
3rd party services we use
Dropvault may use the following 3rd parties to manage this service and provide features to you
|Microsoft Azure||We use Microsoft Azure to host our web sites and store your data in a shared database. Note that all data (including attachments) are stored in the EU only (Ireland and Netherlands) and every message and document is encrypted before storing on our servers. Microsoft does not have access to any of your data or to the encryption keys used to secure it.|
|Sendgrid||We use Sendgrid to send you, your team or your contacts email notifications. These notifications are only sent when you or your team post or reply or add something to your account that generates a notification.|
|Google Messaging||If you choose to use push notifications we will use the Google GCM (Firebase) push notification to deliver these messages. This feature is optional and not a requirement.|
All data is stored in the EU (Ireland and Netherlands) including backups. In addition every message and document added by you, your team or your clients are encrypted before storing on our servers.
We use AES256 encryption on every message and document and our keys are stored either in our default external key vault, or in a key vault of your choice. Every channel created has a unique encryption key so that in the event of accidental leak of a channel key, no other channel is compromised. Neither Microsoft or any other 3rd party has access to these keys. We have also designed Dropvault so that in the event of the key being disclosed it is still not sufficient to decrypt your data (Doe's not apply to channels using end to end encryption (E2EE))
Dropvault has implemented generally accepted standards of technology and operational security (such as two factor authentication, IP scanning, trusted locations and more) in order to protect your data from loss, misuse, alteration, or destruction. DropVault personnel have access to administration dashboards to monitor security and access to our services, but can only access your data in encrypted form and can not decrypt your data at any stage. These employees are required to treat all client data as confidential. Despite these precautions, DropVault cannot guarantee that unauthorized persons will not obtain access to your data.
Processing according to instructions
Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions, as described in our current data processing agreements.
Should you no longer require your DropVault account you may choose to end your subscription and request that all your data to be removed from our systems. We will communicate with you on the deletion request, verify you and agree a time and date for deletion. We will remove all your team members, your customer lists, your messages, channels and any documents added to your space on DropVault.
To secure data and provide our customers with an audit of access to their data, DropVault keeps log files of logins - Data such as IP address, browser type, time of access etc are logged and stored for 6 months. After that time the data is removed from the log files.
Transborder hosting and transfer of information
Data stored and collected on the site is stored on severs located only in the European Economic Area (EEA), but the Site may be viewed and hosted anywhere in the world, including countries (such as the United States) that may not have laws regulating the use and transfer of your data.
Children’s on-line privacy protection
DropVault understands the importance of protecting children’s privacy, especially in an on-line environment. The Site is not intentionally designed for or directed at children 13 years of age or younger, and DropVault will not intentionally collect or maintain information about anyone under the age of 13.
Version 1.4 Updated Oct 7th 2020