Effective Date: April 12, 2026
Dead Drop is a geo-encrypted messaging application. We take your privacy seriously. This policy explains what data we collect, why, and how it is handled.
Account Information: When you sign in with Google, we receive your name, email address, and profile picture from Google. This is used solely to identify you within the app.
Location Data: Dead Drop uses your GPS location to enable location-based messaging features. Your location is used to determine which nearby messages are visible to you and to geo-lock encrypted drops. Location data is sent to our servers when you create a message and periodically in the background to check for nearby messages.
Background Location: Dead Drop collects location data to enable proximity notifications even when the app is closed or not in use. Approximately every 15 minutes, the app checks your location in the background to determine if you are near a hidden message and sends you a notification if so. Your background location data is never shared with other users, advertisers, or third parties. You can disable this feature by denying the "Allow all the time" location permission in your device settings.
Messages: Encrypted messages are stored on our servers in encrypted form. We cannot read the contents of your encrypted messages. Unencrypted nearby messages are stored as plaintext on our servers.
Device Identifier: A randomly generated device ID is created locally and used to track message ownership and enforce rate limits. This is not linked to your hardware or advertising identifiers.
We use your data exclusively to provide the Dead Drop service: delivering messages to users within geographic range, enforcing posting limits, and managing your account. We do not sell, rent, or share your personal information with third parties for marketing purposes.
Dead Drop uses the following third-party services:
Google Firebase: For authentication, data storage, cloud functions, and push notifications. Google's privacy policy applies to data processed by Firebase.
Google Sign-In: For account authentication. Only your name and email are accessed.
RevenueCat: For subscription management. RevenueCat processes purchase data according to their privacy policy.
Messages with self-destruct timers are automatically deleted when they expire. Your account data is retained as long as you use the service. You may request deletion of your account and associated data by contacting us.
Encrypted messages use AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations). Encryption and decryption occur entirely on your device. We never have access to your passwords or decrypted message content.
Dead Drop is not intended for children under 13. We do not knowingly collect personal information from children under 13.
We may update this privacy policy from time to time. Changes will be posted within the app and on this page.
For questions about this privacy policy or to request data deletion, contact us at: deaddropapps@gmail.com