Privacy Policy
of the Near Drop app
Status: 18.07.2025
Version: 1.0.0
1. Controller in the sense of the GDPR
Simon Schnitker
Billhorner Kanalstraße 49, 20539 Hamburg
Germany
E-Mail: privacy@neardrop.app
2. General Information on Data Processing
The protection of your personal data is very important to us. We process your data on the basis of legal regulations, in particular the General Data Protection Regulation (GDPR). In this Privacy Policy, we inform you about the nature, scope, and purpose of the personal data we process. When this Privacy Policy refers to "we" or "us", it refers to the developers of the Near Drop app as the controller. "You" refers to you as the user of our application.
3. Backend Infrastructure / Hosting
We use the open-source software Supabase as the backend for our application. This service provides us with database, authentication, and storage functions, such as user authentication and account management. The Supabase service is operated on a dedicated server located in a data center in Germany. For the provision of this server infrastructure, we use the services of Hostinger International Ltd. Hostinger acts as our processor and provides us with the technical infrastructure (hosting) on which we operate our software.
Legal Basis: The processing of your data for the provision of the app's functions (user management, database) is based on Art. 6 (1) (b) GDPR, as it is necessary for the performance of the user agreement with you.
Server Log Files: To ensure the security and functionality of our services, technical log data (log files) are created when the Supabase service is accessed. These may include your IP address, the time of the request, and other technical information. The storage of this data is based on our legitimate interest in maintaining system security, error analysis, and defending against potential attacks in accordance with Art. 6 (1) (f) GDPR.
4. Type and Purpose of the Processed Data
When you use Near Drop and create a profile, we process the following information:
A unique account ID: This is used for the unique assignment of your user account. The legal basis is the performance of a contract (Art. 6 (1) (b) GDPR).
Time of account creation: This is used for documentation and administrative purposes. The legal basis is the fulfillment of our legal documentation obligations (Art. 6 (1) (c) GDPR).
Time of the last account update: This serves to track changes. The legal basis is the performance of a contract (Art. 6 (1) (b) GDPR).
Time of the last login: This serves account security. The legal basis is our legitimate interest in the security of our systems (Art. 6 (1) (f) GDPR).
IP address: This is necessary for security measures such as detecting attacks on our server. The legal basis is our legitimate interest in the security of our systems (Art. 6 (1) (f) GDPR).
A unique device identifier (UUID): This is required for the unique identification of your device and for finding nearby devices. The legal basis is the performance of a contract (Art. 6 (1) (b) GDPR).
Which version of the Privacy Policy and the Terms of Use you accepted and at what time: The legal basis is the fulfillment of our legal documentation obligations (Art. 6 (1) (c) GDPR).
5. Device Discovery
As soon as you actively start Near Drop on your device, the app sends the following data via Bluetooth and in the local network to other devices that also have Near Drop open:
A unique device identifier (UUID)
A first name chosen by you
Technical device name
Device type (e.g., Phone, PC, Tablet, Laptop)
Name of the operating system
Version of the Near Drop app
Legal Basis: The transmission of this data is technically necessary to provide the app's function of sending and receiving files and is therefore carried out for the performance of a contract (Art. 6 (1) (b) GDPR).
6. Connection Establishment and Data Exchange
When you send or receive files, we use a STUN/TURN server to establish a direct peer-to-peer connection between the devices. This server is the same as described in Chapter 3.
Data processing on the STUN/TURN server: To establish the connection, your IP address must be processed by our STUN/TURN server. Requests to the server (including IP address, time, technical client information) are logged. This is for logging purposes to identify subsequent errors and to detect potential attackers.
Data transfer: After a successful connection has been established, file information (number, size, file names) and the file content are encrypted and exchanged directly (peer-to-peer), possibly over the internet, between the connected devices. This data is not stored on any server. If a peer-to-peer connection is not possible due to special network configurations, the file transfer takes place via our STUN/TURN server. The data is end-to-end encrypted in this case.
Legal Basis: The use of the STUN/TURN server and the exchange of the necessary information for it (such as the IP address) is technically necessary for the connection you requested and is therefore carried out for the performance of a contract (Art. 6 (1) (b) GDPR).
7. Data Deletion and Storage Duration
7.1. Data on our Server
You can select the account data we store on our server deleted at any time directly in the app. Upon deletion of your account, this data will be permanently removed.
7.2. Transferred Files and Data to Other Devices
Once files and data have been transferred to other devices, we can no longer delete them, as we have no access to the data on third-party devices. The responsibility for deleting this data lies with the recipient of the files on their device.
7.3. Log Files
Technical log files on our server are stored only as long as necessary for security and analysis purposes and are then regularly deleted.
8. Your Rights as a Data Subject
Under the GDPR, you have the following rights:
Right of access (Art. 15 GDPR): You have the right to request information about whether and which personal data we process about you. You can view your data stored on our server yourself in the app under "My Profile → Saved Data".
Right to rectification (Art. 16 GDPR): You have the right to request the immediate correction of inaccurate personal data or its completion.
Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims. You can delete the data yourself in the app under "My Profile → Delete all data".
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data if the accuracy of the data is contested, the processing is unlawful, we no longer need the data, but you require it for the establishment, exercise or defense of legal claims, or you have objected to the processing.
Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller.
Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on legitimate interests (Art. 6(1)(e) or (f) GDPR).
For all other concerns regarding your rights or data processing, please send us an email to privacy@neardrop.app
9. Up-to-dateness and Changes to this Privacy Policy
Due to the further development of our app or due to changed legal or official requirements, it may become necessary to change this Privacy Policy. We will inform you about changes in an appropriate manner or we will tell you to update the app.