SecretDrop
Features
Encryption
Policies
File Bundles
Analytics
Resources
Guide
Blog
Knowledge Base
Pricing About FAQ
Get Started

Frequently Asked Questions

Everything you need to know about SecretDrop. Can't find what you're looking for? Feel free to reach out to our support team.

Getting Started

How do I get started with SecretDrop?
Create an account at secretdrop.dev, verify your email, and you can create your first encrypted bundle right away. Upload files from your device or create new ones on the fly by pasting content directly in the browser. Set a password and expiry, and share the generated link. No credit card required for the free tier.
What are the system requirements?
SecretDrop runs entirely in the browser. You need a modern web browser with Web Crypto API support (Chrome, Firefox, Safari, or Edge). No software installation or browser extensions are required.
Is there a free tier available?
Yes. The free tier includes 1 active bundle, up to 5MB per file, and a maximum 7-day expiry window. You can upgrade to a paid plan at any time to increase limits and unlock additional features.
How long does it take to create a bundle?
Under a minute. Upload your files or create them inline by pasting content, set a password and expiry, and SecretDrop generates a shareable link immediately. Encryption happens client-side, so there is no waiting on server processing.

Product & Features

What features does SecretDrop include?
SecretDrop provides client-side AES-256 encryption, password protection, configurable expiry dates, download limits, inline file creation, and basic download analytics. You can upload existing files or create new ones by typing a filename and pasting content — ideal for .env files deep in your repo. All files are encrypted before they leave your browser.
Can I integrate SecretDrop with other tools?
A REST API for programmatic bundle creation is on the roadmap. This will allow you to create and manage encrypted bundles from CI/CD pipelines, scripts, and other developer workflows.
Is my data secure?
Security is fundamental to SecretDrop. Files are encrypted client-side using AES-256 before upload. The server never sees your unencrypted data or your password. Bundles automatically expire and are permanently deleted after their configured expiry date.

E2E Direct Transfer

What is E2E Direct Transfer?
E2E Direct Transfer lets you send encrypted files directly to a registered SecretDrop user by email. Files are encrypted in your browser using the recipient's public key (ECIES with P-256 ECDH and AES-256-GCM). Only the recipient's private key can decrypt them — no shared password required.
How is Direct Transfer different from password-protected bundles?
Password-protected bundles use a shared password for encryption and can be accessed by anyone with the link and password. Direct Transfer uses public-key cryptography — files are encrypted for a specific recipient and only they can decrypt them. Direct Transfer requires both sender and recipient to have SecretDrop accounts.
Where is my private key stored?
Your private key is encrypted with a passphrase derived from your account password (or a separate passphrase for OAuth users) and stored on the server in encrypted form. The server never has access to your unencrypted private key. During a session, decrypted keys are held in sessionStorage and cleared when you close the tab.
What happens if I lose my encryption passphrase?
During key pair setup, you receive 8 one-time recovery codes. Use any one of these codes to recover your encrypted private keys. Store your recovery codes in a password manager or other secure location — they are shown only once.
Can I send a Direct Transfer to someone who isn't registered?
No. Direct Transfer requires the recipient to have a SecretDrop account with a key pair. If the recipient is not registered, you will see a warning when entering their email. You can still use a password-protected bundle to share files with anyone.
Is Direct Transfer available on the free plan?
No. E2E Direct Transfer is a premium feature available on the Premium and Lifetime plans. The free tier supports password-protected bundles with client-side AES-256 encryption.

Billing & Plans

What payment methods do you accept?
We accept all major credit cards (Visa, Mastercard, American Express) as well as PayPal. For enterprise plans, we can also accommodate invoicing and bank transfers.
Can I change my plan at any time?
Yes, you can upgrade or downgrade your plan at any time from your account settings. Changes take effect immediately, and billing is prorated for the remaining period.
Do you offer discounts for annual billing?
Yes, you can save up to 20% by choosing annual billing instead of monthly. The discount is applied automatically when you select the annual plan option during checkout.

Helpful Resources

Explore these resources for more detailed information.

Getting Started Guide

Learn how to create your first encrypted bundle and share it securely.

Learn more

Blog & Updates

Stay up to date with the latest news, tips, and product updates from the team.

Learn more

Documentation

Browse setup guides and learn how to get the most out of SecretDrop.

Learn more

Still have questions?

Our team is here to help. Reach out and we will get back to you as soon as possible.

Contact Support Read the guide