Back to Home

SECURITY

Our commitment to keeping your data safe and secure as we build and grow

Security Features

Null Drop implements enterprise-grade security features including secure file storage, API authentication, and optional enhanced security through Null Pass integration for premium users.

DATA ENCRYPTION

Encryption measures implemented in Null Drop:

  • TLS 1.3 for all web communications
  • Secure file storage with access controls
  • bcrypt password hashing with 12 rounds
  • JWT token-based authentication with 7-day expiry
  • API key encryption and rate limiting
  • Secure share token generation using CUID
  • PCI DSS compliant payment processing via Stripe

ACCESS CONTROLS

Access control measures in Null Drop:

  • Secure user authentication and session management
  • API key-based authentication for developers (40-character keys)
  • File-level access controls (public/private sharing)
  • User-specific storage quotas and rate limiting
  • Advanced email validation with MX record verification
  • Subscription-based access control for premium features
  • Null Pass integration: Enhanced security for premium users

What is Null Pass?

Null Pass is our login processor that allows you to use only one account for all Null applications. By deleting your account, you will delete your account on all Null applications.

MONITORING & DETECTION

Security monitoring as we scale our services:

  • Real-time server monitoring and alerts
  • API usage tracking and anomaly detection
  • Failed login attempt monitoring
  • Payment fraud detection via Stripe
  • Automated security scanning and updates
  • Incident response and recovery procedures

COMPLIANCE & CERTIFICATIONS

Compliance standards we're working towards:

  • GDPR compliance for EU user data protection
  • PCI DSS compliance via Stripe payment processing
  • Regular security assessments and penetration testing
  • SOC 2 Type II certification (in progress)
  • Data encryption in transit and at rest

INFRASTRUCTURE SECURITY

Infrastructure security measures we're building:

  • Enterprise-grade cloud hosting with security hardening
  • Advanced firewall and DDoS protection
  • Automated security updates and patch management
  • Encrypted database backups with point-in-time recovery
  • Load balancing and redundancy for high availability
  • Regular security audits and vulnerability assessments

REPORTING SECURITY ISSUES

If you discover a security vulnerability, please report it responsibly:

Email: security@nulldrop.xyz

Response time: We aim to respond within 24 hours

Disclosure: We follow coordinated disclosure practices

SECURITY BEST PRACTICES

Help us keep your account secure by following these practices:

  • Use strong, unique passwords for your account
  • Enable two-factor authentication when available
  • Keep your API keys secure and rotate them regularly
  • Monitor your billing statements for unauthorized charges
  • Keep your software and browsers updated
  • Be cautious with public Wi-Fi networks
  • Log out from shared devices
  • Review file sharing settings before uploading sensitive content