Security

Built to keep your files yours

Security isn’t a feature we bolted on — it’s the reason Tooldrop runs in your browser in the first place.

On-device processing

Most tools never transmit your files at all. The safest data is the data that never travels — so we keep processing on your device wherever possible.

Encrypted in transit

For the few server-backed features and for account data, all traffic is protected with HTTPS/TLS, end to end.

Secure accounts

Authentication is handled by Supabase with industry-standard password hashing and session management. We never store passwords ourselves.

Minimal retention

We collect as little as possible and keep it only as long as needed. Files processed by any server tool are deleted promptly after processing.

Responsible disclosure

We welcome reports from security researchers. If you believe you’ve found a vulnerability, please email security@tooldrop.app with the details and steps to reproduce. Give us a reasonable window to investigate and fix the issue before any public disclosure, and we’ll keep you updated throughout.

Our commitments

  • We’ll acknowledge valid reports promptly.
  • We won’t pursue legal action for good-faith research.
  • We’ll credit researchers who help us improve (with your permission).
Read how we handle data
Our privacy policy explains exactly what we do and don’t collect.
Privacy policy