DropVault U.S.
Cincinnati,Ohio
DropVault Ireland
Dublin ,Ireland
Email:
info@dropvault.appPRIVACY
DropVault is committed to protecting the privacy of the data that we collect from you as you use this Web site (the “Site”).
Some definitions
Site Refers to this (dropvault.app) site or the Dropvault service
Business An organization that subscribes (or free trial) to Dropvault to share or connect with it's team, customers or contacts
Contact A user who is an employee of the business or a customer or external contact with whoem the business is sharing or collaborating with
Some fundamentals
Dropvault does not have access to any user content (Messages, comments and documents) uploaded or shared by you or your customers. All user content is encrypted before saving with encryption keys unique and private to your business.
DropVault does not sell or make available any data stored in our database to third parties. The information or data you add to DropVault is your data and we will take all steps necessary to secure and keep it safe
We use industry leading 256 bit data encryption to protect your data and we constantly validate our security layers to ensure they are sufficient to protect your data at all times.
If you subscribe to DropVault (free or paid account) we will only communicate with you as the owner of the account. If you add additional users or contacts , DropVault will never communicate directly with your contacts unless they contact us using our email or support channels.
DropVault is ad free. We do not serve any ads and do not implement any tracking cookies.
The scope of DropVault’s commitment is detailed in this Privacy Policy.
By submitting information, you agree to DropVault’s use of such information as described herein. Please see our Terms of Use for more information about our on-line policies in general. What data is collected? DropVault collects information and other information (“Data”) on certain areas of the site when users register, requests information or a response, signs up for an account, participates in user posting areas, such as channels, discussion forums. The data collected may include, without limitation, your access ID/password, company or organization affiliations, and contact information (names, mailing and e-mail addresses, phone/ fax numbers).
What personal information does DropVault collect?
Depending on the action you take on the site, we collect different information to provide you with the service or a response.
| Source | Data | Why |
|---|---|---|
| Contact us | Name, email address, business/organization (optional) and your message. | To respond to your enquiry and provide you with the information requested. |
| Free trial signup | Name, email address, business/organization , country, IP address | To create the account/free trial on DropVault, provide you with a login and communicate with you about the service and features. |
| Email into us | Name, email address, business/organization (possible) | To respond to your enquiry and provide you with the information requested. |
| IP Address | Your IP address of the device you are connecting to the site | For internal security use only and never shared with any 3rd party |
| Browser Type/capabilities | The ID of your browser, it's type and capabilities | For delivering the correct mobile/desktop page and for security to ensure that your authentication token has not been copied from another browser. |
How may my Personal data be used?
DropVault uses your personal data (email, name & business) to fulfill your requests for information, to create your account on DropVault and to communicate with you on our services and operations.
DropVault may also send marketing information to you on DropVault on your request, it's features and "how to" guides but only if you have chosen to receive these messages.
Are cookies and IP addresses used?
Dropvault uses cookies to identify you and your session, and to track usage and access to the site. Cookies are small pieces of text stored on your computer that help us know which browser you are using and where you have been on the Site and on Web sites to which you may link in order to use some of our features. Cookies also let us know whether you have registered with us and otherwise enable us to relate your current usage of the site to prior usage of this or other sites of DropVault.
Are Cookies required?
Some cookies are required to provide the service to a business or the contacts of a business. These cookies identify you after you sign in to use the service and to maintain context and access to the service. No cookies are required for the public (this) site.
DropVault Required Cookies
Cookies that are required for the operation of our site or app. These are 1st party cookies managed by dropvault to maintain context across your activity on this site and are not shared with any 3rd party.
| What | Cookie | Why |
|---|---|---|
| Dropvault app | DROPVAULT | Used to track your authorization on our site/app and give you access to the correct channels (after you sign in) |
| Dropvault App | DVTOKEN | Used to maintain your context when accessing Dropvault channels (after you sign in) |
| Our servers | _requestverificationtoken | Used in cross site scripting protection |
Optional Cookies
These cookies are only used and added to your browser ONLY if you choose to activate this option and are not required for the operation of our site or app.
| What | Cookie | Type | Why |
|---|---|---|---|
| Dropvault | Aspnet.externalCookie | Optional | If you choose and sign in with any external authentication provider |
| Dropvault | OpenIDConnect.nonce... | Optional | If you choose and sign in with any external authentication provider |
| The following are only present during an external sign in and are removed once the sign in process is completed | |||
| Google Sign in | .Aspnet.CorrelationGoogle | Optional and only during sign in process | Session cookie add after you choose to sign in with your Google account |
| Google Sign in | OTZ | Optional and only during sign in process | After you choose to sign in your Google account |
| Google Sign in | Secure-ENID | Optional and only during sign in process | After you choose to sign in with your Google account |
| Google Sign in | _Host-gaps | Optional and only during sign in process | After you choose to sign in with your Google account |
| Microsoft Authentication | MSPRequ | Optional and only during sign in process | Session cookie add after you choose to sign in with your Microsoft account |
| Microsoft Authentication | UAID | Optional and only during sign in process | Session cookie add after you choose to sign in with your Microsoft account |
| Microsoft Authentication | MC1 | Optional and only during sign in process | Added after you choose to sign in with your Microsoft account |
| Microsoft Authentication | MS0 | Optional and only during sign in process | Added after you choose to sign in with your Microsoft account |
IP Address/Browser type
DropVault also logs IP addresses, or the location of computers on the Internet, the browser type and signature to help diagnose problems with our server and to administer the Site and to implement security features and device authentication. This audit log is available to you, as the owner of your site on Dropvault via your Settings dashboard.
Device/Browser/IP address information is shared only with the business subscribing to Dropvault, the contact signing in and to the Dropvault security dashboard and activity log. It is never shared with any 3rd party.
Browser Storage
In addition to cookies, we also use local storage in your browser depending on the options you choose.
| What | Name | Used for | Details |
|---|---|---|---|
| IndexedDB | Firebase-installations | Firebase setup | Only if you choose to use Firebase messaging |
| IndexedDB | Firebase-messaging | Firebase browser access | Only if you choose to use Firebase messaging |
| Browser Cache | CacheFirstStorage | Cache storage for selected items | Used if you choose to install Dropvault as an app |
Is my information disclosed to third parties?
Short version - DropVault does not sell or provide information to ANY third parties unless it's in direct relation to the service you requested (when you want to send a message from your DropVault account to a 3rd party)
DropVault will not intentionally disclose (and will take commercially reasonable steps to prevent the accidental disclosure of) your Personal Info to third parties (i.e., persons or entities ), whether for such third parties’ marketing purposes or otherwise, subject only to the following four exceptions:
DropVault may disclose your Personal Info to third parties as required or permitted by the laws, rules, and regulations of any nation, state, or other applicable jurisdiction;
DropVault may disclose your personal information to third parties who deliver information from us to you for the purpose of performing such delivery;
DropVault may disclose your personal information if, in connection with submitting the information, you consent to such disclosure;
DropVault may disclose contact information for you in response to inquiries by bona-fide rights owners in connection with allegations of infringement of copyright or other proprietary rights arising from information you have posted on the Site or otherwise provided to DropVault. We will always contact you first before sharing any personal information with such a 3rd party.
How can I access, change, and/or delete information?
You may access, correct, update, and/or delete any personal information that you submitted to the Site.
You may also un-subscribe from mailing lists or any registrations on the Site. To do so, please either follow instructions on the page of the Site on which you have provided such information or subscribed or registered, or send us an e-mail at help@dropvault.app
To submit an SAR (subject access request) please fill in an SAR . In order to process any SAR we may require documentation to verify your identity. If your request is in relation to one of our customers and you are their contact/client, please submit the SAR directly to that business.
3rd party services we use
Dropvault or the customer may use the following 3rd parties to manage this service and provide features to you
| Who | Why |
|---|---|
| Microsoft Azure | We use Microsoft Azure to host our web sites and store your data in a shared database. Note that all data (including attachments) are stored in the EU only (Ireland and Netherlands) and every message and document is encrypted before storing on our servers. Neither Dropvault or Microsoft have access to any of your data or to the encryption keys used to secure it. |
| Microsoft Azure (Customer Specific) | If the business chooses to store documents on their corporate Azure storage we will connect to and store encrypted documents on this service. |
| AWS document storage (Customer Specific) | If the business chooses to store documents on their corporate Azure storage we will connect to and store encrypted documents on this service. |
| Email server (Customer Specific) | For email notifications we can connect and use a customer specific email server (instead of Dropvault email server). |
| Sendgrid | We use Sendgrid to provide users with the ability to email messages and documents into their B2B channels. Sendgrid is only activated if you enable this option on your channels. |
| Google Firebase Messaging | If your business/organization choose to use push notifications we will use the Google GCM (Firebase) push notification to deliver these messages. This feature is optional and not a requirement. |
| Google Authentication | If a business (customer) or contact chooses to sign in with their Google credentials. This is optional. |
| Microsoft Authentication | If a business (customer) or contact chooses to sign in with their Microsoft credentials. This is optional. |
| Microsoft Office 365 | For communications with the business team at Dropvault via email or teams. This is not a requirement for accessing or using the Dropvault app. |
Data Location
All data is stored in the EU (Ireland and Netherlands) including backups. In addition every message and document added by you, your team or your clients are encrypted before storing on our servers.
Encryption
We use AES256 encryption on every message and document and our keys are stored either in our default external key vault, or in a key vault of the customers choice. Every channel created has a unique encryption key so that in the event of accidental leak of a channel key, no other channel is compromised. Neither Microsoft or any other 3rd party has access to these keys. We have also designed Dropvault so that in the event of the key being disclosed it is still not sufficient to decrypt your data
Security
Dropvault has implemented generally accepted standards of technology and operational security (such as two factor authentication, IP scanning, trusted locations and more) in order to protect your data from loss, misuse, alteration, or destruction. DropVault personnel have access to administration dashboards to monitor security and access to our services, but can only access your data in encrypted form and can not decrypt your data at any stage. These employees are required to treat all client data as confidential. Despite these precautions, DropVault cannot guarantee that unauthorized persons will not obtain access to your data.
Processing according to instructions
Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions, as described in our current data processing agreements.
Data Deletion
As a Business
Should you no longer require your DropVault account you may choose to end your subscription and request that all your data to be removed from our systems. We will communicate with you on the deletion request, verify you and agree a time and date for deletion. We will remove all your team members, your customer lists, your messages, channels and any documents added to your space on DropVault.
As a contact of a business
Businesses using the Dropvault service and collaborating with you (the contact) may have legal and compliance requirements to maintain and store all data for extended periods. Please contact the business directly if you wish to remove any of your user content.
Log Files
To secure data and provide our customers with an audit of access to their data, DropVault keeps log files of logins - Data such as IP address, browser type, time of access etc are logged and stored for 6 months. After that time the data is removed from the log files.
Transborder hosting and transfer of information
Data stored and collected on the site is stored on severs located only in the European Economic Area (EEA), but the Site may be viewed and hosted anywhere in the world, including countries (such as the United States) that may not have laws regulating the use and transfer of your data.
Children’s on-line privacy protection
DropVault understands the importance of protecting children’s privacy, especially in an on-line environment. The Site is not intentionally designed for or directed at children 13 years of age or younger, and DropVault will not intentionally collect or maintain information about anyone under the age of 13.
Any Questions?
Contact our Privacy Department If you have any questions about our Privacy Policy, please e-mail us at help@dropvault.app
Version 1.6 Updated Jan 26th 2025