Privacy policy

Edits

• 8/27/2012: Added section on credentials & security tokens, updated section on logging wrt conflicted filenames.
• 5/13/2012: Updated section on personal data stored in the browser
• 5/21/2012: Added info about sessionStorage in Personal data section
• 5/5/2012: Added section on referrer and .textdrop file
• 4/23/2012: Added section on cookies

We will store this information about you, keyed by a one-way cryptographic hash (the "user hash") uniquely identifying your Dropbox user ID:

• Date and time you first signed up
• Date and time of your most recent payment
• How much you paid
• Date and time your membership will expire
• Dates of each visit you have made

The one-way cryptographic hash means that nobody can easily link any of these records back to your Dropbox account ID or email address.

Cookies

We store 1 cookie in your browser to maintain your session with TextDrop. We send no cookies from ad networks, Google, or any other nosy people!

Personal data stored in the browser

Your preferences are stored using the LocalStorage API. This includes data such as sort order and sort-by field. No sensitive information is stored here except possibly the names of files or directories which may have preferences. (E.g., if you set the sort order on a directory, it will be stored under that directory's name). (As of v3.4.5)

Potentially sensitive file contents are stored temporarily in the browser using the SessionStorage API. This is used to hold data in case the app gets disconnected from the internet. This data is maintained between reloads, but is cleared when you close the browser window. (As of v3.4.8)

Referrer

The referrer URL (the URL of the site that you came from) is recorded temporarily in your browser when you first arrive to this site. It is automatically entered into the credit card payment form, but you may opt to remove it if you don't want to submit it to me.

If submitted, the referrer URL will be recorded anonymously (not linked to your user ID).

Referrer is not recorded in my records if Do-Not-Track is enabled in your browser.

Logging

Our hosting platform logs these items:

• Your IP address. I do not use this.
• The names of directories and files you open in TextDrop. I do not use this; Added 8/27: however, you should be aware that if you have a file conflict, Dropbox will add your name to the filename. E.g., "readme.txt (John Doe's conflicted copy)" might show up in my web server logs.
• User agent (web browser and OS information). I may use this in the future.

Credit card info

Your credit card information is not seen or stored by us, it is handled out-of-band by a third-party payment provider (Stripe).

Directory and file contents

We have access to, but do not store in our servers:

• Your Dropbox email address (to send you receipts)
• Directories and files you open in TextDrop (to show them in the application)

Once you grant TextDrop access to your Dropbox, it theoretically has access to all your files when you are logged in, but on my honor I will never, ever, ever read them, store them, or use them in any way except to deliver them into your active TextDrop session.

Credentials and security tokens

Added 8/27/2012: If you use the password login feature, we will store your hashed password in our database as well as your Dropbox OAuth token.

We do not store your OAuth token secret. However, the OAuth token secret is encoded, but not encrypted, in your password login URL.

Legal stuff

WAIVER OF LIABILITY - We cannot be held liable if someone breaks into our server and steals your data, or if our service corrupts your data. If you do lose data, you can log into Dropbox and revert to an older version of your file.

We cannot be held liable for emotional, monetary or bodily damages incurred due to the usage of this application or lack of application uptime.