Dead Drop Privacy Policy¶
Ultra Horizon is committed to protecting your privacy. We want you to understand what information we collect, what we don’t collect, and how we collect, use, and store information.
We do not collect logs relating to an organisation or user’s activity, including no logging of file/message content and associated metadata. We also never store connection logs, meaning no logs of your IP address, your outgoing Dead Drop IP address or connection timestamp. This is fundamentally because the Dead Drop communication platform is end to end encrypted between Dead Drop users.
Our guiding principle towards data collection is to only collect the minimal data required to operate a world-class secure messaging service at scale. We designed our systems to not have sensitive data about our customers; even when compelled we cannot provide data that we do not possess.
This privacy policy will help you understand how Ultra Horizon Ltd. collects, uses, and stores information.
Parties¶
In this privacy policy (up to and past this section), Ultra Horizon Ltd. will be referred to as “Ultra Horizon”, or the English first person plural: “we”, “us”, “our”, “ours”, or “ourselves”
Dead Drop is a service that is provided to third party entities, which will be referred to as the “entity”, “organisation”, “enterprise”, or (unless otherwise specified) English third person plural: “they”, “them”, “their”, “theirs”, or “themselves”.
The service provided by Dead Drop to the organisation is for use by whoever they wish be it clients, employees or other relations. These users will be referred to as the users, or (unless otherwise specified) English second person plural: “you”, “your”, “yours”, or “yourselves”.
Table of contents¶
Information stored about the users¶
This section is only applicable to the users of the Dead Drop native applications, be it on any mobile or desktop platform, and marks the return of the second person plural (“you”, “your”, “yours”, or “yourselves”) referring to the users.
The users of the native platforms are given a self-generated set of identity keys comprised of the concatenation of a X25519 and Ed25519 private key. Identity verification with the centralised API is performed via a cryptographically signed token (JWT) generated ephemerally on the users device.
No information is collected by Ultra Horizon about the app users.
At regular intervals, the secure token is used to request from the Dead Drop API any updates pertaining to the new messages, or request for a message to be sent to another peer or external user..
Aggregate information stored¶
For users of our Dead Drop applications, we collect practically no metadata on usage..
We’ve engineered our systems to categorically eliminate storage of sensitive data. We stand by our firm commitment to our customers’ privacy by not possessing any data related to a user’s online activities.
App Data Collection¶
We do not add any of our own telemetry or tracking to any Dead Drop web or native apps. Telemetry information including but not limited to installation/reviews/crash reports may be collected out of our control by third party app distribution platforms or operating systems.
In the rare event that you experience a problem with a native Dead Drop app, you may be asked if you wish to submit a bug report. Pre-populated reports contain information about the platform that the app is on, the time of the crash, along with minimal critical debugging information that will allow us to identify the issue quickly. No reports are ever sent automatically, and you can preview all information before it is sent.
Jurisdiction and Applicable Law¶
Ultra Horizon’s core mission is to keep your information private. We are a registered company in the United Kingdom.
Should we receive a valid legal order from the United Kingdom High Court to release information pertaining to a user, it is important to note that Ultra Horizon does not collect any IP addresses, browsing history, encryption keys, traffic data, or DNS queries that could be used to identify any specific user.
Security Measures¶
Ultra Horizon uses best-in-class physical, procedural, and technical security with respect to our offices and information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of information. Access to user information is restricted to staff who require such access to perform their job functions.
Any keys stored on a user’s device are also encrypted and stored in the best means possible for the respective platform.
While we believe these systems are robust, it is important to understand that no data security measures in the world can offer 100% protection.
Even if a government were to physically seize a Dead Drop server from us, there would be no logs or information that would reveal any message or file content that was end-to-end encrypted.
Third-party Websites¶
The websites operated by Ultra Horizon may contain links to external websites that do not fall under Ultra Horizon’s domain. Ultra Horizon is not responsible for the privacy practices or content of such external websites.
Consent and Age Restrictions¶
By using the Website, Content, Apps, Software, or Services, you agree to have your information handled as described in our [Terms of Service](/terms) and this Privacy Policy.
The Services are intended for adults aged 18 and above. If you believe your child has provided information to us, please let us know immediately.
Changes to the Privacy Policy¶
We may change our Privacy Policy from time to time, without prior notice to you, consistent with applicable privacy laws and principles. Your continued use of the Website or Services constitutes your acceptance of our Privacy Policy.
Contacting Ultra Horizon¶
If you have any questions regarding our Privacy Policy and how we handle your information, please feel free to contact Ultra Horizon on the contact page of the website or get in touch via enquiries@ultra-horizon.com.