How it stays private
Every message you send is encrypted on your device using a key that only you and your phone possess. Dropr's servers never see your content — they only relay sealed data between your devices.
The encryption key never touches any server. It travels directly — from your laptop screen to your phone camera.
Your computer
Generates a unique key
Using your browser's cryptography
key in QR
QR code
Key embedded in URL
Never sent to any server
camera scan
Your phone
Receives the same key
Both devices are paired
Your computer
Generates a unique key in your browser
QR code
Key embedded, never sent to a server
Your phone
Receives the same key via camera scan
Your message “Hello!”
a7f2c1…9e3b
Decrypted “Hello!”
Every session uses AES-256-GCM — a trusted standard used by financial institutions and governments worldwide. It guarantees both confidentiality and message integrity. No configuration needed.
The encryption key exists only in your browser's memory. It's embedded in the QR code URL as a fragment — a part of the address that browsers never include in network requests. It never leaves your device.
Only the devices in your session can read what you share. The key never touches any server.
Every message carries a cryptographic tag. Any alteration in transit is detected and rejected.
Keys live only in browser memory. Close the tab and they're gone — nothing is ever stored.
Dropr's servers relay encrypted data but can never read it. Your key is yours alone.
You don't need to configure anything. Every session is private from the first message.