How secure is Dropoff?

All files are transferred across the network securely encrypted.

If you are sending personal or confidential data, tick "Encrypt every file" when creating a new drop-off. Then the passphrase you enter must be used when downloading the drop-off. The passphrase is not stored on Dropoff, and cannot be recovered if lost. No one can access the files without it.

All files uploaded and temporarily stored on Dropoff are held on equipment owned and operated at the University's own Data Centre.

All data is subject to the Data Protection regulations and laws of the University and the country.

Dropoff is in no way a "cloud" service. Everything is stored (even temporarily) on equipment directly owned by the University, and managed by its own IT staff.

All access to data is very tightly and strictly controlled by the University. All accesses to data on Dropoff are logged and can be easily checked if you are ever concerned that a 3rd party might have gained access to your data.

Furthermore, uploaded data is only held on Dropoff for a maximum of 14 days, after which time it is automatically deleted. There is no "undelete" facility available at all. No backups are taken of the uploaded data (it's only a transitory stopping point), so no uploaded data ever moves off Dropoff itself onto other equipment or media such as backup tapes. After an uploaded file has been deleted, there is no way of recovering the file.

Retrieval of a drop-off by a recipient can only be done with both the drop-off's Claim ID and Passcode.
When dropping off files, you can choose not to send either or both of these to the recipient automatically: you would then need to send that information by hand yourself.