HeyDropHeyDrop
Trust Center

Security you can verify

Security, privacy, and compliance are foundational to how we build and operate HeyDrop. Your data is encrypted, protected, and under your control.

AES-256 encryption
US data centers
GDPR & CCPA compliant
No user analytics or tracking

Compliance

Certifications & Standards

Compliant

GDPR Compliant

General Data Protection Regulation (EU) - HeyDrop is fully GDPR compliant with robust data protection practices and user rights implementation.

In Progress

SOC 2 Type II Readiness

System and Organization Controls - HeyDrop is in SOC 2 readiness phase, with security controls and evidence collection in place ahead of formal certification.

AES-256 + TLS 1.2+

Data Encryption

All data is encrypted at rest using AES-256 via AWS Key Management Service and in transit using TLS 1.2+. Secrets are managed with AWS Secrets Manager.

us-east-1 / us-west-2

US Data Centers (AWS)

All customer data is stored in AWS data centers in the United States with multi-AZ redundancy. AWS is certified under the EU-US Data Privacy Framework, enabling lawful international data transfers.

By design

Zero User Analytics

HeyDrop does not provide analytics dashboards for individual or team users. We do not surface who viewed your card, when, or where. Your contacts and shares stay private.

Compliant

CCPA Compliant

California Consumer Privacy Act - HeyDrop respects all CCPA requirements including data access, deletion, and opt-out rights.

Active

Consent Management

CookieYes consent platform - We provide transparent cookie and data collection consent options for all users.

Documentation

Resources & Policies

Security Practices

Infrastructure, encryption, authentication, and monitoring.

Read more

Data Processing Agreement

DPA for organizations processing customer data.

Read more

Subprocessor List

Third-party vendors that process data on our behalf.

Read more

Privacy Policy

How we collect, use, and protect your personal data.

Read more

Terms of Service

Legal terms governing your use of HeyDrop.

Read more

Data Deletion

Account deletion and permanent data removal.

Read more

Questions? Get in Touch

Our security and privacy teams are available to answer your questions and provide documentation.

Data Protection Officer

dpo@heydrop.app

HeyDrop P.S.A. | ul. Cegielniana 4A/15, 30-404 Kraków, Poland | KRS: 0001089398 | NIP: PL6793273746

Last updated: March 2026