Privacy Policy
Our core promise
Kordrop was built on a simple principle: you should be able to share a file without leaving a permanent record that you ever did. We collect no personal data, set no cookies, and run no analytics. The moment your file expires or you delete it, every trace of your interaction with Kordrop is gone — from our servers and everywhere else we control.
What we do NOT collect
What we temporarily store — and for how long
To provide the download-link service, Kordrop must temporarily hold:
- The uploaded file itself — stored on-disk for up to one (1) hour from the time of upload, then permanently and irreversibly deleted. No backups are made.
- File metadata — the original filename, file size, MIME type, upload timestamp, and expiry timestamp are stored in a local database record for the same one-hour lifetime. This record is deleted simultaneously with the file.
- A randomly generated link ID — a UUID (Universally Unique Identifier) that forms the download URL. It is also deleted after one hour.
No file content, filename, or metadata persists on our servers after the one-hour window closes or after the uploader manually deletes the file, whichever comes first.
Session identifier
When you first visit Kordrop, your browser generates a random UUID and stores it in localStorage under the key kdSessionId. This identifier:
- Never leaves your browser except as a request header when you upload a file or fetch your own file list.
- Is stored on our server only in association with the file metadata described above — and only for the lifetime of that file.
- Is not linked to any personal identity and cannot be used to re-identify you.
- Is deleted from our servers at the same time as the file and its metadata.
After all your files have expired or been deleted, no record of your session identifier exists on our end. You can also clear it from your own browser at any time by clearing localStorage for this site.
Advertising
Kordrop displays a brief interstitial advertisement before each file upload. If you paste third-party ad code into your own deployment of this software, that ad network's own privacy policy applies to any data it may collect through its scripts. Kordrop itself does not receive or process any data from ad network interactions.
Third parties
Kordrop does not share any data with third parties, does not sell data, and does not integrate any third-party analytics, CRM, marketing, or data-enrichment services.
Discord loading GIF
When the Discord embed feature is enabled, the Open Graph image tag in the link-preview page references a GIF hosted on Tenor's CDN. When Discord's bot fetches that image, Tenor's own privacy policy governs that request. Kordrop has no control over and receives no data from that interaction.
Data retention summary
- Uploaded files: deleted after 1 hour, or immediately on manual deletion.
- File metadata and session IDs: deleted at the same time as the associated file.
- Everything else: not collected and therefore not retained.
Your rights
You may delete any of your uploaded files at any time via the dashboard on the homepage. Deletion is immediate and permanent. Because we collect no personal data, there is nothing further to request access to, rectify, or erase.
Children's privacy
Kordrop is not directed at children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect information from children. If you believe a child has used the Service to share harmful content, please contact us immediately.
Changes to this policy
We may update this Privacy Policy from time to time. Changes will be posted at this URL with a revised effective date. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.
See also our Terms of Service.