At Droplr we are fully committed to providing our clients with the highest level of security and compliance with GDPR and all other privacy and security best practices.
1) Storage of Client data
We currently store all client data on Amazon S3 and are able to offer you all your own private S3 bucket if that is of interest.
2) Team only view of Drops
This is a new feature that we released a few months ago that allows a team to restrict viewing of its drops to team members logged into the team account. For example, if you were to take a screenshot and send it to me, I would not be able to view unless i was logged into the team’s Droplr account. A user can manually opt out of this setting on a per drop basis if something needs to be sent externally. This gives a default layer of protection against drops containing PII getting outside of your company.
3) Default password protection
We also have a global setting that any drop created by a team member would automatically be given a password so anyone viewing would either need to be provided the password in the URL or they wouldn't be able to view the content.
a) E X:https://d.pr/i/vt5DuC/pMD3rID1iZ VS https://d.pr/i/vt5DuC/
4) Global self destruct setting
We offer the admin the ability to set a default destruction period for all company drops to ensure you don't have anything out there longer than a certain period of time.
5) Global Admin access to monitor activity and delete drops.
6) Reminder notification to users to obscure PII We are working on a feature that would notify or remind a user to obscure any PII that is contained in a screenshot.
7) Two Factor authentication for login to user accounts.
8) Update to our DPA and end user agreement on our website
9) Implementing features to comply with 'right to be forgotten' and complete erasure of a user's data upon request
10) Commitment to ongoing review and implementation of best practices.
11) Appointment of a Data Privacy Officer.
12) Opt in consent from viewers of drop pages in Europe.