Security & Privacy

Zero-Knowledge Architecture

We cannot read your files. We don't want to. CloudDrop is designed so that the server only facilitates the connection setup (Signaling), but the data transfer happens directly between devices (Peer-to-Peer).

End-to-End Encryption

Every file is encrypted in the browser before it is sent and decrypted only after it is received. We use standard, audit-proven cryptographic algorithms:

• Algorithm: AES-256-GCM (Galois/Counter Mode)
• Key Exchange: ECDH via WebRTC DTLS
• Integrity: Authenticated encryption ensures data hasn't been tampered with.

Peer-to-Peer (WebRTC)

CloudDrop utilizes WebRTC to create a direct data channel between peers. This means in most cases, your file data never touches a server, even in encrypted form. It flows directly from your device to the recipient's device through the shortest network path.