frequently asked questions


Overview

Sending safedrops

Contact

Overview


Is safedrop more secure than email?

Loads more secure. For a start, your internal IT staff can’t see your messages, and copies aren’t left lying on mail servers and PC’s all over the internet.

How is my data protected?

All communications with safedrop take place over an encrypted channel (HTTPS). Additionally, every file that is uploaded to safedrop is encrypted (AES) before being saved.

Who has access to the data on the safedrop servers?

Our expert team of 3 admins, David, Olly & Mark. They’re all security cleared to BS7858:2006 and have been working with us for ages. If you need to see copies of their individual NDA’s get in touch.

What backup routines are in place?

All data is redundantly stored on multiple devices across multiple datacenters (realtime cross geographic redundancy). There are no tape or other media backups, so once files are deleted, they are non recoverable. Database and other servers are snapshotted daily.

Can you send me a security whitepaper please?

Sure, please email and ask for one.

Do I have to use a web interface?

You can use a web browser or a desktop tool. An outlook plugin will launch later this year. See addons.

Is there an API?

You can control all elements of safedrop through an easy to use API. safedrop has already been integrated with a document management system, and several desktop applications.

A full API reference is online here.

Do you have an affiliate or reseller program?

Yes, safedrop offers full sales and marketing assistance and generous reseller commission.

Sending safedrops


What do the safedrop security levels mean?

Level 1 - secure link

When you send a safedrop, we'll notify each of the recipients of the message by email that you've sent them a message. The email will contain a unique link that they can click on to collect the message.

The link is generated using cryptographic algorithms, from a range of approximately 1038 possibilities, making it virtually impossible to guess one.

Level 2 - email verification

Like level 1, recipients of level 2 safedrops will also receive a notification in an email message. However, when they click the link, they'll also be forced to verify their email address with a security code that we send to them. Recipients who have signed up for a safedrop account will be required to login with their email address and password instead of entering a security code.

This extra bit of verification stops your recipients from forwarding links to third parties and sharing access to the message.

Level 3 - SMS verification

This is like level 2, except we send the security code to the recipient's mobile phone using an SMS message (you'll be asked to enter the telephone numbers of your recipients when you hit the 'send' button).

Using the SMS code instead of email protects your message from anyone who might be able to access your recipients' email accounts. If you need to get an ultra-sensitive document to someone, and you don't want their IT department or ISP to be able to intercept the message, this is the option to use!

How does self-destruct work?

With the self-destruct option enabled, recipients of your safedrop will only be allowed to download files once, and as soon as all of your recipients have downloaded the files, they will be immediately wiped from our servers. This is a very effective option for minimising the exposure of your confidential information.

Can I password-protect my messages?

With the password option enabled, your recipients will have to enter a password that you supply every time they want to access the message. We won't send password via email or SMS, you have to let them know what it is.

This is useful when you and your recipients have some kind of secret information that you can be relatively sure that only the two of you know and can use as the password, like a reference code or a passport number.

Can the recipients of my safedrops send me replies?

Yes, using the 'allow secure replies' option. Your recipients can leave replies on the page where they collect the message. They'll go directly to our secure server, not by email, so they're totally protected from prying eyes.

Using the secure replies system on safedrop, you can hold entire conversations with multiple parties in complete security and all on one easy-to-use page.

What happens when my safedrop expires?

When your safedrop expires, we'll wipe all of the file data from our server, and all of your recipients will no longer have access to collect any files or view messages.

We will keep logs of all of the replies and all of the activity on the safedrop, and you will still be able to access all of this information from your 'my safedrops' page.

How do I get maximum security for my safedrop?

Plus and Enterprise accounts: Level 3 (SMS verification) is the highest security level we offer. Combined with the self-destruct option, your confidential messages will be as safe as they possibly could be on safedrop.

Free and Basic accounts: Level 3 isn't available on our lower-tier accounts, so use level 2 (email verification) combined with the self-destruct option instead.

What does SHA-1 mean?

A SHA-1 hash is a cryptographic algorithm that can be used to generate a unique 'fingerprint' for a piece of data (see wikipedia for more information).

safedrop calculates a SHA-1 hash for every file you send. The hashes are stored in the audit trail for your safedrops, so even after all your files have been wiped from our servers you can still uniquely identify each file that was sent.

For help with calculating your own SHA-1 hashes, take a look at the following articles:

How can I format the text of my safedrop?

We support the Markdown format for safedrop messages. This means you can apply simple styles and formatting rules to greatly improve how your messages appear to recipients.

For example:

  • surrounding text with double stars makes text bold:
    **this text appears bold**
    
  • similarly, single stars can be used to give text emphasis:
    *this is important*
    
  • links to other sites can be included like so:
    [highlighted link](http://site.to.link.to.com)
    

For a more thorough explanation of all the features offered, take a look at the following articles:

Contact


I have a question that's not answered here. How can I contact you?

Our email address for safedrop support is . If you have a question, please feel free to email us and our team of technical experts will do their best to help you.