Built to keep your files yours
Security isn’t a feature we bolted on — it’s the reason Tooldrop runs in your browser in the first place.
Most tools never transmit your files at all. The safest data is the data that never travels — so we keep processing on your device wherever possible.
For the few server-backed features and for account data, all traffic is protected with HTTPS/TLS, end to end.
Authentication is handled by Supabase with industry-standard password hashing and session management. We never store passwords ourselves.
We collect as little as possible and keep it only as long as needed. Files processed by any server tool are deleted promptly after processing.
Responsible disclosure
We welcome reports from security researchers. If you believe you’ve found a vulnerability, please email security@tooldrop.app with the details and steps to reproduce. Give us a reasonable window to investigate and fix the issue before any public disclosure, and we’ll keep you updated throughout.
Our commitments
- We’ll acknowledge valid reports promptly.
- We won’t pursue legal action for good-faith research.
- We’ll credit researchers who help us improve (with your permission).