SecureDrop does NOT collect ANY personal data for Premium users under normal operation. For Free users, only IP addresses are temporarily collected for rate limiting and are deleted after 24 hours. Files are encrypted end-to-end on the client side before upload and stored in a decentralized manner on IPFS. No information is stored on our servers for Premium users. LEGAL EXCEPTION: In case of illegal content detection (CSAM, terrorism), IP addresses may be collected and reported to competent authorities, in accordance with legal obligations. This exception also applies to Premium users to enable legal reporting.
SecureDrop uses Zero-Knowledge (ZK) proofs to anonymize downloads. For Free users: the recipient is anonymized via commitments. For Premium/OG users: the sender AND recipient are anonymized via ZK proofs, ensuring complete anonymity on the Base blockchain.
No personal data is collected for Premium users. For Free users, only IP addresses are temporarily used for rate limiting. SecureDrop operates entirely in a decentralized manner. Optional metadata (such as expiration dates) is stored only on the Base blockchain if you choose to use this feature.
SecureDrop does not use any tracking cookies. Only technical cookies necessary for your wallet to function (RainbowKit/Wagmi) may be used, but these are managed by your wallet and not by SecureDrop.
Since we do not collect any data for Premium, there is no data to delete. You can delete your files at any time using the auto-destruction feature or by deleting the file from IPFS. For Free users, IP addresses are automatically deleted after 24 hours.
Your files are stored on IPFS, a decentralized network. We do not have access to the files and cannot read them, even if we wanted to, as they are encrypted end-to-end.
SecureDrop uses smart contracts deployed on Base Mainnet (Chain ID: 8453). Free, Premium, and Subscription contracts are publicly verifiable on Basescan. Contract addresses are available in the application settings.