Privacy Policy

Last updated: 7 May 2026

Who we are

KEIBIDROP is developed by KEIBISOFT S.R.L., registered in Romania (CIF: RO48339304, Reg. Com.: J22/1888/2023). Contact: marius@keibisoft.com.

Our position on data collection

We do not want to collect information about people. We collect the absolute minimum required for the software to function and for the servers to operate. Nothing else.

What KEIBIDROP does

KEIBIDROP transfers files directly between two devices over an encrypted peer-to-peer connection. Files never touch a server. The encryption key is negotiated between the two peers using ML-KEM-1024 + X25519 hybrid key exchange. No third party, including KEIBISOFT, can decrypt the transfer.

Data we collect

The application itself collects no personal data. No accounts, no sign-up, no email addresses, no analytics, no tracking, no telemetry. No cookies on this website.

Server logs

Our web servers and relay servers produce standard access logs (nginx) that may contain IP addresses and timestamps. These logs exist for anti-abuse prevention and infrastructure operation. They are periodically rotated and deleted. We do not use these logs to identify or track users.

Relay server

When two peers cannot connect directly, KEIBIDROP uses a relay for signaling and optionally a bridge for data forwarding.

• Signaling relay: Stores encrypted blobs indexed by a cryptographic token. The relay cannot read the contents, correlate users, or recover fingerprints. Blobs expire after 10 minutes. Nothing is persisted to disk.
• Bridge relay: Forwards encrypted TCP streams between peers. The bridge sees IP addresses and byte counts but cannot decrypt the data.

Diagnostic logs (user-initiated)

The mobile apps include a "Send Logs" button that lets users share application logs with us for troubleshooting. This is entirely optional and user-initiated. Logs are never sent automatically. Before export, logs are sanitized to remove file paths, home directory names, and other personally identifiable information.

On-device storage

Users may opt into persistent identity and contacts. Both are stored encrypted on the device using keys from the OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service, iOS Keychain, or Android Keystore). No identity or contact data is ever sent to KEIBISOFT or any third party.

Presence

When persistent identity is enabled, KEIBIDROP sends periodic heartbeats to the relay to indicate online status. The heartbeat contains a cryptographic token derived from the contact fingerprint. The relay cannot reverse the token to a fingerprint or identify the user. Presence data expires after 60 seconds.

Children

KEIBIDROP is not directed at children under 13. We do not knowingly collect data from children.

Third-party services

KEIBIDROP does not integrate with any third-party analytics, advertising, or tracking services.

Your rights (GDPR)

Since the application does not collect personal data, there is no personal data to access, correct, or delete. Server logs containing IP addresses are covered by our legitimate interest in operating the infrastructure and preventing abuse (GDPR Art. 6(1)(f)). If you have questions or requests, contact marius@keibisoft.com.

Changes

We may update this policy when adding new features. The date at the top of this page indicates the last revision.

Contact

KEIBISOFT S.R.L.
Strada Costache Negri, Nr. 60, Bloc C1, Scara B, Et. 7, Ap. 25
Iași, Romania
CIF: RO48339304 | Reg. Com.: J22/1888/2023
Email: marius@keibisoft.com