Security guarantees
End-to-end encryption
All file transfers and video calls are protected by WebRTC DTLS/SRTP. File integrity is verified with SHA-256 before the download is offered to the receiver.
Warp Codes
Cryptographically generated Adjective-Noun codes (e.g.
COSMIC-FALCON) establish peer connections. Codes expire in 5 minutes and are single-use.No account required
HashDrop is fully anonymous. There are no emails, usernames, passwords, or sign-up flows. Nothing links a transfer to an identity.
No metadata storage
The signaling server holds zero logs. Connection metadata used to establish a WebRTC handshake is discarded as soon as the peers connect.
No cloud storage
Files stream directly between devices over a WebRTC data channel. They never pass through or rest on HashDrop’s servers.
Single-connection constraint
Only the first peer to enter a Warp Code can connect. This prevents multi-recipient eavesdropping by design.
What HashDrop does not store
| Data type | Stored? |
|---|---|
| File content | No — streams peer-to-peer only |
| Chat messages | No — transient, in-memory only |
| IP addresses | No — seen transiently by the signaling server, never persisted |
| Transfer history or logs | No |
| Personal information | No — no account system exists |
| Tracking or analytics cookies | No |
HashDrop includes a relay fallback for peers that cannot establish a direct WebRTC connection (e.g. due to strict NAT or firewall rules). In relay mode, file chunks are written temporarily to the server’s local filesystem. These entries have a hard expiry of 15 minutes (
TTL_MS = 15 * 60 * 1000) and are purged automatically by the sweep routine. Even in relay mode, no file content is logged or retained beyond that window.