Omnidrop

Privacy Policy

Effective as of 24 April 2026

Omnidrop (“we”, “us”, “our”) is operated by HUMMIFY LTD, a company registered in England and Wales (company number 16826424) with a registered office at 82a James Carter Road, Mildenhall, England, IP28 7DE. This Privacy Policy explains how we collect, use, store, and share personal data when you use the Omnidrop website and file transfer service (the “Service”).

For your account and our operation of the Service we act as a data controller. For the files you upload and deliver through the Service we act as a data processor on behalf of the sender, and we only retain that content for the time needed to make it available to the recipient.

1. Information we collect

We limit collection to what is needed to run the Service. Depending on how you use Omnidrop we may collect:

  • Account data: your email address and an internal user identifier created when you first sign in.
  • Transfer metadata: an optional title, an optional message, the transfer slug, the transfer mode (link or email), status, size, creation and expiry timestamps, and, for email-mode transfers, the recipient email address you provide.
  • File content and file metadata: the files you upload, together with file names, relative paths, and sizes, until the transfer expires or is deleted.
  • Technical data: IP address, user agent, request logs, and basic diagnostic information generated when you access the Service.
  • Authentication tokens: a session cookie set after successful sign-in so you stay signed in between visits.

We do not collect special-category personal data, payment card details, profile avatars, or third-party social identifiers.

2. How we use your data

  • Provide the Service: authenticate you, create transfers, store and serve files, and deliver them to the recipient you choose.
  • Send transactional email: one-time verification codes during sign-in and, for email-mode transfers, a notification to the recipient with a download link.
  • Enforce limits and prevent abuse: apply rate limits, the 20 transfers per calendar month cap per signed-in user, and automated cleanup of expired content.
  • Keep the Service secure and reliable: monitor for errors, detect misuse, and maintain the availability and integrity of the Service.
  • Comply with law: meet our legal, accounting, and regulatory obligations, and respond to lawful requests.

3. Legal grounds for processing

Where UK GDPR or EU GDPR applies we rely on the following legal bases:

  • Contract: to provide the Service you request.
  • Legitimate interests: to secure, operate, and improve the Service, balanced against your rights and expectations.
  • Legal obligation: to meet accounting, tax, and other statutory requirements.

We do not run optional analytics or tracking, so we do not rely on consent as a legal basis.

4. Cookies and similar technologies

Omnidrop uses only the cookies and tokens needed to sign you in and keep your session secure. We do not use analytics cookies, session replay, advertising pixels, or third-party trackers.

5. Sharing your information

We share personal data only where necessary to run and protect the Service:

  • Service providers: we use third parties to support hosting, storage, email delivery, and similar operational needs. They process personal data only on our instructions and under contracts that include appropriate safeguards.
  • Professional advisers: legal, accounting, and technical advisers where needed.
  • Legal requests: where required by law or to protect the rights, safety, and security of our users or the Service.
  • Business transfers: if we undergo a merger, acquisition, or sale of assets, personal data may transfer as part of that transaction, subject to continued protection consistent with this policy.

We do not sell personal data and we do not share it for advertising purposes.

6. Data retention

  • Files and transfer records: the sender chooses an expiry of 1, 3, or 7 days when creating a transfer. Once the expiry has passed, an automated hourly job deletes the files from our storage and removes the related transfer records.
  • Download links: each signed download URL is valid for approximately five minutes.
  • Account data: retained while your account remains in use. You can ask us to delete it at any time by contacting us.
  • Operational logs: retained for a limited period for security, debugging, and abuse prevention, then deleted or aggregated.

7. International transfers

Some of our service providers may process data outside the UK or EEA. Where personal data is transferred to a country that does not have an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses and the UK International Data Transfer Addendum.

8. Security

We use technical and organisational measures designed to protect personal data, including:

  • Encryption in transit and at rest.
  • Access controls and role-based permissions.
  • Signed, time-limited links for file uploads and downloads, with file size limits enforced server-side.
  • Deny-by-default access to our data stores, with changes routed through authenticated server-side functions.

No system is perfectly secure, but we work to reduce risk and improve controls over time.

9. Your rights

Depending on where you live, you may have rights in relation to your personal data, including the right to:

  • Access a copy of the data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion (subject to legal or operational requirements).
  • Restrict or object to certain kinds of processing.
  • Receive your data in a portable, machine-readable format.

To exercise any of these rights, contact us at contact@hummify.app. We may need to verify your identity before we respond.

10. Children

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can review and, where appropriate, remove it.

11. Third-party services

Omnidrop relies on a small number of service providers acting as processors to help us deliver the Service. Where these providers act on our instructions, we remain responsible for how personal data is handled. Where you interact directly with third parties outside of Omnidrop, those activities are governed by the third party’s own terms and privacy policies.

12. Changes, contact, and complaints

We may update this Privacy Policy from time to time to reflect changes in the Service or applicable law. When we make material changes we will update the effective date above and, where appropriate, notify you through the Service.

Controller: HUMMIFY LTD, 82a James Carter Road, Mildenhall, England, IP28 7DE. Company number 16826424.
Email: contact@hummify.app

If you are in the UK you have the right to lodge a complaint with the Information Commissioner’s Office. If you are in the EEA you can contact your local supervisory authority.