Security You Can Trust
July 31, 2025
You're in safe hands π
We built CipherDrop to give you a simple, secure way to share sensitive information. Security isn't just a feature for usβit's the foundation of everything we do. If you have questions or find something that concerns you, reach out to our team.
security@cipherdrop.app
How we keep your secrets safe
We believe in defense-in-depthβmultiple layers of protection working together so that even if one fails, your data stays secure.
π‘οΈ Zero-access encryption
- We literally can't read your messages. Everything is encrypted on your device before it ever reaches our servers
- Your encryption keys never leave your browser. They're embedded in the share link and never sent to us
- Even CipherDrop can't access your content. It's cryptographically impossible
π Strong encryption standards
- AES-256-GCM encryption - the same standard used by governments and banks
- 600,000 PBKDF2 iterations - exceeds industry recommendations for key strengthening
- Authenticated encryption - tamper detection built right in
β° Self-destructing by design
- Messages disappear automatically - after someone reads them or time runs out
- No permanent storage - we don't keep copies or backups
- True deletion - when it's gone, it's really gone
Security standards
Web application security
- π« XSS protection - Multiple layers prevent script injection attacks
- π HTTPS everywhere - All traffic encrypted in transit
- π‘οΈ Content Security Policy - Blocks malicious content injection
- β‘ Rate limiting - Prevents automated attacks and abuse
Privacy by design
- π Minimal data collection - We only store what's absolutely necessary
- π IP address protection - Anonymized and minimally retained
- ποΈ Right to be forgotten - Manual destruction available anytime
Infrastructure security
Where your data lives
- π Edge network deployment - Distributed globally for speed and resilience
- π Automatic security updates - Always running the latest security patches
- π‘οΈ DDoS protection - Built-in protection against denial-of-service attacks
- π No traditional database - Redis key-value store with parameterized operations
The technical details (for the curious)
Encryption implementation
Algorithm: AES-256-GCM
Key derivation: PBKDF2 (600k iterations)
Entropy sources: Web Crypto API (getRandomValues, randomUUID, generateKey)
Authentication: Built-in AEAD
ββ Detects any tampering or corruption automatically
ββ Prevents message cloning or modification attacks
Forward secrecy: Unique keys per note
Attack resistance
- β
Server compromise: Messages remain encrypted
- β
Database breach: Only ciphertext stored
- β
Network interception: End-to-end protection
- β
Insider threats: CipherDrop can't access the raw content
- β
Man-in-the-middle: Multiple protection layers
Why this matters
Most "secure" messaging relies on trusting the service provider. We eliminated that trust requirement entirely. Even if someone compromised our entire infrastructure, your messages would still be protected by encryption keys that only you control.
We built CipherDrop for the real world. Security that's too complex doesn't get used. Our zero-access approach gives you real protection with consumer-level simplicity.
Questions? Concerns? Found something?
We believe security works best when it's transparent. If you have questions about how something works, want to report a potential issue, or just want to chat, we're here.
Email us: security@cipherdrop.app
Response time: Usually within 24 hours
Security is a journey, not a destination. We're constantly improving and would love to hear from you.