Encryption measures implemented in Null Drop:

• TLS 1.3 encryption for all web communications and data transmission
• Secure file storage with access controls and user-specific directories
• bcrypt password hashing with 12 rounds for secure password storage
• JWT token-based authentication with 7-day expiry and secure session management
• API key encryption and rate limiting to prevent abuse
• Secure share token generation using cryptographically secure random identifiers (CUID)
• PCI DSS compliant payment processing via Polar - we never store credit card information
• Encrypted API responses for sensitive operations using AES encryption

Access control measures in Null Drop:

• Secure user authentication through Null Pass unified authentication system
• Two-factor authentication (2FA) using TOTP (Time-based One-Time Password) with authenticator apps
• Session management with automatic expiration and secure token storage
• API key-based authentication for developers (40-character cryptographically secure keys)
• File-level access controls with public/private sharing options and secure share tokens
• User-specific storage quotas and rate limiting based on subscription tier
• Advanced email validation with MX record verification and disposable email detection
• Subscription-based access control for premium features and enhanced limits
• Failed login attempt monitoring and account protection mechanisms

Security monitoring and detection systems:

• Real-time server monitoring and automated alerting for security incidents
• API usage tracking and anomaly detection to identify suspicious activity
• Failed login attempt monitoring and account lockout mechanisms
• Payment fraud detection via Polar's secure payment processing infrastructure
• Automated security scanning and dependency updates
• Security incident response procedures and recovery protocols
• Session expiration management with automatic cleanup of expired sessions

INFRASTRUCTURE SECURITY

Infrastructure security measures:

• Cloudflare protection - DDoS protection, Web Application Firewall (WAF), and CDN services
• Secure database hosting via Neon (Neon.tech) with encrypted connections
• Vercel hosting with automatic security updates and SSL/TLS certificates
• Encrypted database backups with point-in-time recovery capabilities
• Load balancing and redundancy for high availability and fault tolerance
• Automated security updates and patch management
• Environment variable security with secure secret management
• Secure file storage with user-specific directories and access controls

COMPLIANCE & CERTIFICATIONS

Compliance standards and security practices:

• GDPR compliance - We follow GDPR principles for EU user data protection
• PCI DSS compliance - All payment processing is handled by Polar, a PCI DSS compliant payment processor
• Data encryption in transit - All data transmitted over TLS 1.3
• Data encryption at rest - Secure file storage with access controls
• Regular security assessments and code reviews
• Privacy by design - Security considerations integrated into development process

TWO-FACTOR AUTHENTICATION (2FA)

Null Drop supports two-factor authentication to add an extra layer of security to your account:

• TOTP-based 2FA - Compatible with authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator
• QR code setup - Easy setup process with QR code scanning
• Manual entry option - Alternative setup method using secret key
• Required for sensitive operations - 2FA verification required for password changes when enabled
• Secure secret storage - 2FA secrets are stored securely in encrypted format

Note: Enabling 2FA is highly recommended for all users, especially those with premium subscriptions or sensitive data. You can enable 2FA in your account settings.

If you discover a security vulnerability, please report it responsibly:

SECURITY BEST PRACTICES

Help us keep your account secure by following these practices:

• Use strong, unique passwords - Use a password manager to generate and store secure passwords
• Enable two-factor authentication (2FA) - Add an extra layer of security to your account
• Keep your API keys secure - Rotate API keys regularly and never share them publicly
• Monitor your account activity - Review your file uploads and API usage regularly
• Check your billing statements - Monitor for unauthorized charges or subscription changes
• Keep your software updated - Use the latest versions of your browser and operating system
• Be cautious with public Wi-Fi - Avoid accessing sensitive accounts on unsecured networks
• Log out from shared devices - Always log out when using public or shared computers
• Review file sharing settings - Check file visibility (public/private) before uploading sensitive content
• Use secure share links - Share links use cryptographically secure tokens, but only share them with trusted parties

DATA RETENTION & DELETION

Our data retention and deletion policies:

• Account deletion - You can delete your account at any time, which will permanently delete all your data from Null Drop and all Null applications (via Null Pass)
• File deletion - Files are permanently deleted when you delete them or when your account is deleted
• Session expiration - Authentication sessions expire after 7 days of inactivity
• API key revocation - You can revoke API keys at any time, which immediately invalidates them
• Subscription cancellation - Canceling your subscription takes effect immediately. Your subscription and premium features will end right away, and you will be downgraded to the free tier. Canceling your subscription does not delete your account or files