Clearer privacy language for how Zerodrop actually works.

What stays local

• Files are sent directly between browsers over the WebRTC data channel.
• Zerodrop does not upload file contents to a cloud storage bucket as part of the core transfer flow.
• The room secret used for the secure room link is carried in the URL fragment and is not sent to the server as a normal query parameter.

What the server handles

• Room creation and room lookup
• WebSocket signaling messages needed to establish the peer connection
• QR generation for the room share URL
• Developer metrics for product health and usage summaries

Metrics collected

Zerodrop records lightweight analytics for daily unique browsers/devices, rooms created, participants joined, and successful or failed transfers. The unique browser/device count is based on a browser-generated ID stored in local storage, not a MAC address.

What is not claimed

Zerodrop uses encrypted browser transfer, but privacy claims should still match the deployed build and operating environment. If you add new logs, diagnostics, reverse proxies, or support tooling later, update this page to match the real system behavior.