How it works
How Marsdrop works
No marketing language — just the mechanics. Privacy here isn't a promise in a policy; it's how the software is built.
Three steps, one guarantee
1
Encrypted in your browser
When you drop a file, your browser generates a key and encrypts the file with AES-256-GCM — before anything is uploaded. The plaintext never leaves your device.
2
Only ciphertext is uploaded
The encrypted blob goes straight to storage. We never receive the original file, its real name, or your password — just an unreadable blob and a little metadata.
3
The key travels in the link
Your decryption key is placed in the link's # fragment, which browsers never send to servers. Only someone with the full link can decrypt — not us.
What we can and cannot see
What we cannot see
- The contents of your file — it is encrypted before it leaves your browser
- The decryption key — it lives only in the link fragment (#…) and is never sent to us
- Your file's real name — it is stored encrypted
- The password you set — only a one-way hash is stored
What we can see
- When a file was uploaded
- The encrypted file's size
- Your chosen expiration and download limit
- A hashed (not raw) IP address, used only for rate limiting
Don't just trust this page — verify it. Open your browser's network tab during an upload and confirm the # fragment is never sent.