Privacy Policy

Last updated: March 2026

1. What We Collect

We collect only what is necessary to provide the service:

• Account data: email address, name, and hashed password
• Usage data: request counts, plan information, and audit logs
• Credentials: encrypted with AES-256-GCM — we cannot read them

2. How We Use Your Data

• To provide and maintain the KeyDrop service
• To process billing through Payplus
• To send service-related communications
• To maintain audit logs for security

3. Encryption

All credentials submitted through KeyDrop are encrypted with AES-256-GCM before being stored in the database. Encryption keys are managed server-side and never exposed to clients. We cannot decrypt or access your stored credentials without the master key.

4. Data Retention

• Active requests: stored until retrieved or expired
• Expired/revoked requests: credential data is purged
• Account data: retained while your account is active
• Audit logs: retained for 90 days

5. Third Parties

We share data only with:

• Payplus: payment processing (email, plan info)
• Hosting provider: encrypted data at rest

We do not sell your data. We do not use your data for advertising.

6. Your Rights

You may request deletion of your account and all associated data at any time by contacting us.

7. Contact

Privacy questions? Email royearguan@gmail.com.