Legal
Transparency Report
Last updated: [DATE — e.g. 1 June 2025]
1. About This Report
droppd is a file exchange service used by individuals and businesses to share files with clients and collaborators. We handle files on behalf of our users and take seriously our responsibility to be transparent about how we interact with authorities and enforce our policies.
This report covers all requests received during the reporting period. Where legally permitted, we publish the nature, number, and outcome of each category of request. Where we are subject to a legal prohibition on disclosure (e.g. a gag order), we note only that such a prohibition exists.
2. Government and Law Enforcement Requests
2.1 Data requests
A data request asks droppd to disclose personal data or metadata about a user (e.g. account information, IP logs, file metadata). We require a valid legal instrument — such as a court order, subpoena, or equivalent national process — before disclosing any user data.
| Requests received | 0 |
| Requests complied with | 0 |
| Requests rejected | 0 |
| Requests narrowed | 0 (scope reduced before compliance) |
| Users notified | 0 |
| Countries of origin | None |
2.2 Preservation requests
A preservation request asks droppd to temporarily retain data pending a formal legal process. We comply with valid preservation requests but do not disclose the preserved data unless a separate lawful order is received.
| Requests received | 0 |
| Requests complied with | 0 |
2.3 Emergency requests
In cases involving imminent risk to life, we may disclose limited data to law enforcement without a formal order, consistent with Art. 6(1)(d) GDPR (vital interests).
| Emergency disclosures made | 0 |
2.4 Our principles for government requests
- We require a valid legal instrument for every non-emergency request.
- We disclose the minimum data necessary to comply.
- We notify affected users unless prohibited by law or doing so would endanger an investigation.
- We push back on requests that are overbroad, lack proper jurisdiction, or do not follow due process.
- We do not provide direct access to our systems or databases to any government or authority.
3. Content Removal Requests
3.1 Copyright and intellectual property
We accept takedown requests under applicable copyright law (including the EU Copyright Directive and the US DMCA). Valid requests must identify the infringing content specifically and be submitted by the rights holder or their authorised representative.
| Requests received | 0 |
| Content removed | 0 |
| Requests rejected (invalid) | 0 |
| Counter-notices received | 0 |
3.2 Illegal content
We act on orders from competent authorities requiring removal of content that is illegal under applicable law (e.g. Digital Services Act Art. 9 orders, national law enforcement orders).
| Orders received | 0 |
| Content removed | 0 |
| Orders contested | 0 |
3.3 Child sexual abuse material (CSAM)
droppd has a zero-tolerance policy for CSAM. Any detected or reported CSAM is removed immediately, reported to the relevant national hotline and law enforcement, and the responsible account is permanently terminated without notice.
| Reports received or detected | 0 |
| Content removed | 0 |
| Reports filed with authorities | 0 |
4. Abuse Reports
Users and third parties can report abuse directly to abuse@droppd.co. We review every report and take action where our Terms of Service have been violated.
| Reports received | 0 |
| Accounts suspended | 0 |
| Accounts terminated | 0 |
| Content removed (non-legal) | 0 |
| Reports dismissed (unfounded) | 0 |
5. Digital Services Act (DSA)
droppd is an intermediary service provider subject to the EU Digital Services Act (Regulation 2022/2065). As a service currently below the thresholds for “very large online platform” status, our obligations are those applicable to smaller providers.
- We maintain a designated point of contact for DSA-related enquiries from authorities: legal@droppd.co.
- We respond to orders from Digital Services Coordinators and other competent authorities.
- We publish this transparency report annually in compliance with Art. 15 DSA.
6. Warrant Canary
As of the date of this report, droppd has not received any national security letters, gag orders, or secret court orders that would prevent us from disclosing the existence of a legal demand. If this statement is removed from a future edition of this report, it should be interpreted as indicating that such an order has been received.
7. Methodology and Publication Schedule
This report is published annually, covering the prior calendar year. We aim to publish within 90 days of the close of the reporting period. All figures are reviewed for accuracy before publication. Where a legal prohibition prevents full disclosure, we note the existence of the restriction without disclosing details.
Data in this report is sourced from internal records maintained by the data controller. We do not round figures or aggregate categories in ways that would obscure meaningful patterns.
8. Contact
For legal requests, DSA-related enquiries, or questions about this report:
For abuse reports: abuse@droppd.co