We started in encryption nearly 40 years ago, protecting governments, global financial networks, and military communications from the most determined attackers.

And all that experience can be found in every decision we make about security.

Many solutions claim they’re encrypted but what they really mean is they rely on basic encryption by their cloud provider to secure your data. But they can still see every document and message uploaded by your clients. That means that any attacker who gains access to their systems will probably have the same access. That’s just not smart security.

We set out to build one of the most secure and private platforms where security is built in at every level so that your data is protected at every step. When it comes to privacy we don’t need to see your content or any documents you upload but just encrypt and store them so they are protected even from our team.

Unlike most sharing apps and even email where you share a simple link, we authenticate every access in so that you know which contact has signed in, when they accessed your content, and from where.

Authentication is critical for sharing anything sensitive and provides a level of security unmatched by apps using simple email links.

DropVault uses App level encryption which means the encryption of your data is managed by the DropVault app and not by our servers or cloud provider. This ensures that your data remains secure even from our IT team or cloud provider. A breach of our servers will never compromise encrypted data and never expose the original content.

The DropVault app also creates and manages your encryption keys and are only accessible via the app and not by any external user.

We don’t reply on standard basic security to protect user data. Instead we encrypt all user content before saving on our servers. Every message, reply, and document is encrypted for both privacy and security before it even reaches our servers. This is real security by design.

Data sitting at rest (where it is stored) is the biggest security risk and is where 95% of breaches occur. Encrypting before storing secures this data even in the event of a breach of our servers (or your servers if we are storing documents on your cloud storage).

Internal management portals are a common weak point for many application providers. If compromised, these portals can provide attackers with direct access to customer data.

DropVault is designed with zero visibility into your data from our management portal. Channels, portals, messages, and documents are completely inaccessible to us, which means they cannot be exposed—even in the event of a portal compromise.

Documents stored in DropVault are virtually ransomware safe. They are not accessible to the internet, are not visible to DropVault (except via the app), and are never mapped as a file or folder. This means that ransomware will never have any visibility to our storage and your documents remain secure.

Security can’t bring too much friction so we support single sign on (SSO) for your team members and external contacts. Use your Gmail, Microsoft, Outlook and soon Apple ID to access your dashboard or for any contact to sign into any channel or portal.

Session hijacking is a growing threat where attackers steal your session identifier to impersonate you and access your account. To protect you, DropVault includes built-in detection mechanisms that identify stolen sessions and automatically take action to secure your account.

DropVault uses industry standard symmetrical AES GCM encryption on all messages, replies and documents with strong 256 bit keys. This ensures your data stays secure even from quantum computing attacks. At no time is your key shared with any team member or contact and it is never shared or stored unencrypted in the client device.

When you create a new channel we generate a randon, unique and stong key specific to that channel and we then store this key in the key vault. This ensures that each channel is segregated from any other which adds protection and security for your converations and documents in your channel

The accepted best practice for any encryption is to store the encryption key as far away as possible from the data it is securing. So we store all keys in an external key vault/HSM.

DropVault supports our own key vault (HSM) but enterprise customers can provide their own key vault (bring your own key). When the 256 bit key is generated we copy it to the HSM and store it with an identifier for the channel it belongs to. All access to this vault is tightly controlled and can only be read by the DropVault app.

Each key in the vault is enabled as a soft delete. This ensures that if a key is accidentally deleted it will remain in the “soft delete” archive for 90 days so it can be retrieved if the key was found to have been deleted in error.

If required, you can easily store and manage all your encryption keys in your own corporate key vault (HSM).

Business controlled key vaults allow a business to create, rotate, expire and manage their own keys separately from DropVault and provide additonal control and compliance.

DropVault enforces strong password policies for every team member accessing your portal, with no user selectable passwords allowed. Any attempts by any member to change a password will trigger an instant alert.

As phishing attacks increase and become more sophisticated, leading authentication providers are moving to passkeys instead of passwords. For any users or contacts that authenticate on DropVault with any of these providers they will automatically gain advantage of passkeys and more phishing protection.

For our local authentication we are working on supporting local passkeys in Autumn 2025.

As an additional security measure a business can add channel specific passwords to group channels that store highly sensitive data. This provides a second layer of security in addition to their usual authentication.

A team member is only required to enter this password once during any session.

Multi-factor authentication is enabled on by default , including the option to authenticate users using an authenticator app on their phone. This greatly enhances security as it provides a second layer of security in addition to the password

Once your computer, device, or location have been registered with your SafeRoom, DropVault will now allow access to your SafeRoom from any other device or location unless you add them. A simple but powerful way to keep intruders out.

Support for native Passkey (FIDO) authentication allows for facial and fingerprint biometrics access to both sign in and channels, providing enhanced security and less friction for businesses and contacts.

If all your clients are in the US, there’s no need to allow login access attempts from other countries. Flexible IP blocking makes it easy to decide what access requests are blocked by default.

Allowed locatons allow a business to control how and from where their team members can access their DropVault dashboard

Your own dedicated security dashboard makes it easy to view, monitor, and track your user and contact logins, their access locations, any MFA failures or discrepancies, and any unusual behavior.

Using the dashboard you can also instantly suspend any access for a team member or external contact or block all external access.

Our system continuously monitors every connection and every attempt at access and takes immediate action to limit access if any suspicious activity is detected.

This security feature analyzes user activity patterns to identify potentially suspicious behavior. If suspicious access is detected, the system automatically suspends the affected user or group and notifies the designated business owner.

To enhance security, session timeouts can be easily be set and modified based on your business needs and security requirements. Adjust the timeout from 15 minutes up to 7 days

Customize how the app responds to changing user locations, session timeout etc. The security posture can be set to match any business needs and allows or prevents access based on the users location, session length and other factors.