QrystalDrop

Privacy Policy

Last updated: April 1, 2026

1. Overview

QrystalDrop is designed to minimize plaintext exposure. We collect the account, workspace, security, and billing data required to operate the service, but we do not claim that every workspace runs in the same trust mode or with identical visibility guarantees.

2. Information We Collect

  • Account data: name, email address, password hash, MFA state, and device registrations.
  • Workspace data: membership, roles, plans, domains, policy settings, room activity, and billing state.
  • Security telemetry: session activity, failed login events, IP addresses, user agents, and audit logs.
  • Asset metadata: encrypted sizes, activation state, checksums, timestamps, retention settings, and download counts.

3. Information We Do Not Normally Store In Plaintext

  • Readable asset contents for strict zero-knowledge rooms.
  • Client-side wrapped room keys intended for participant devices only.
  • Original asset names where the workflow encrypts them before activation.

4. Recovery-Enabled Rooms

Some rooms enable recovery-controlled workflows so a workspace can support review queues, audit export, and governed operational controls. Those rooms are not identical to strict zero-knowledge rooms, and their administrators are responsible for choosing that mode.

5. How We Use Data

  • Operate secure rooms, invites, asset activation, downloads, and account access.
  • Prevent abuse, enforce policies, and investigate suspicious activity.
  • Bill customers, manage subscriptions, and support workspace administration.
  • Send transactional messages such as verification, invite, and reset emails.

6. Service Providers

We use third-party providers for infrastructure and payments, including object storage, email delivery, and Stripe for billing. Those providers process only the data required to perform their role.

7. Retention

Retention depends on workspace policy, room expiration, legal obligations, and security integrity requirements. Audit and billing records may outlive a room or asset when needed for compliance or abuse response.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export certain personal data. Requests can be sent to privacy@qrystaldrop.com.

9. Security

We use layered controls including encryption, session management, policy enforcement, logging, and access controls. No internet-connected system is perfect, and security also depends on endpoint hygiene and customer configuration choices.

10. Changes

We may update this policy from time to time. Material changes will be reflected by an updated effective date and, where appropriate, direct notice.