OTDrop
Answers

Frequently asked questions

If your question is not here, check the security page or the privacy policy.

Who is OTDrop for?

Anybody who needs to hand a single file to a single other person over the internet and wants the handoff to be sealed and ephemeral. Professionals sharing a document with a client, a parent sending a scan to an adult child abroad, a small business sending a contract to a supplier — any case where an email attachment feels too loose and a shared folder feels like overkill.

Is OTDrop end-to-end encrypted?

OTDrop uses client-side encryption with server-held key wrapping. File contents are encrypted in the sender's browser before upload and decrypted in the recipient's browser; we cannot read the plaintext at rest.

What happens if the recipient never claims the file?

The file is deleted seven days after the transfer is created, whether the recipient claimed it or not. After deletion, no party — including us — can recover it.

What is the maximum file size?

The current limit is shown live on the sender page based on your account and recent usage. OTDrop is sized for everyday documents, images, archives, and short videos — not for multi-gigabyte datasets.

Can I send the same file to multiple recipients?

No. OTDrop sends one file to one recipient. For multi-recipient workflows, create multiple transfers or use a service designed for broadcast delivery.

Can I revoke a transfer after sending it?

Yes. As the sender you can revoke any transfer you created before it is claimed. Revocation makes the pickup link unusable and schedules immediate ciphertext deletion.

Does the recipient need to create an account?

No. Recipients open a pickup link and download. If the sender set a passphrase, the recipient enters it before the file unlocks. Either way, they never register, never set a password, and never see your account.

How does OTDrop verify the recipient?

When you send a transfer you can set a passphrase that the recipient must enter before the file unlocks. Your browser converts the passphrase to a salted one-way hash before sending it to us — we never see the original text. At claim time the recipient enters the passphrase; we compare it against the hash using a constant-time equality check. If it matches, access is granted. If you skip the passphrase, the recipient can claim the file with just the pickup link.

What if my recipient forgets the passphrase?

Revoke the transfer from your dashboard and send a new one with a fresh passphrase. There is no way to recover or reset a passphrase because we store only a one-way hash of it.

Can I send a file without signing in?

No. Senders must sign in with an established identity provider so we can enforce abuse limits and let you manage and revoke what you have sent.

Is there a public API?

No. OTDrop is a hosted web application for individual senders. There is no published public API at this time.

Where is OTDrop operated?

OTDrop is operated from the United States. If you use the service from outside the United States, your information is transferred to, stored, and processed in the United States.

How does OTDrop make money?

It doesn't make money. In fact, it costs us to provide this service for free. We're probably crazy.

Who builds OTDrop?

OTDrop is a product of NuSecuritas, LLC — a small team in Michigan focused on practical privacy and security tools ordinary people can actually use.

OTDrop
  1. 01ChoosePick a file up to 100 MB.
  2. 02AddressEmail + mobile for the recipient.
  3. 03DeliverThey verify, download, done.

Files are sealed in your browser before they leave your device. Each transfer is single-use and self-destructs after one download or seven days — whichever comes first.

FAQSecurityAboutTermsPrivacy© 2026 OTDrop. All rights reserved.