Privacy

Last updated: 2026-05-14

zz-drop is a command-line program that runs entirely on your machine. The only hosted service we operate is this website. There is no OAuth callback server — the CLI talks to each provider's API directly. This page describes what zz-drop and zz-drop.net do and don't collect.

What we don't collect

What stays on your device

Cloud provider data

zz-drop integrates with four cloud providers — Google Drive, Microsoft OneDrive, Dropbox, and Nextcloud. Each section below documents how zz-drop accesses, uses, shares, stores, retains, and deletes data at that provider. The structure of each section mirrors the categories required by the Google API Services User Data Policy and the equivalent disclosure expectations of Microsoft Entra and Dropbox app review.

File content encryption (applies to all providers)

In v1, file content is uploaded to the configured provider as-is. The provider sees the file the same way it would if you used the provider's own client. zz-drop does not add an additional encryption layer on file content in v1; client-side end-to-end encryption is on the v1.1 roadmap. For sensitive content today, encrypt the file before passing it to zz-drop.

Authentication flow (applies to all providers)

For Google Drive and OneDrive, zz-drop uses the OAuth 2.0 Device Authorization Grant (RFC 8628): the browser is sent to the provider's authorization page, the user approves there, and the CLI polls the provider directly for the resulting tokens. For Dropbox, zz-drop uses the OAuth 2.0 Authorization Code + PKCE flow without a redirect_uri: the provider shows a code, the user pastes it into the CLI. For Nextcloud there are two paths: (a) app password — the user generates an app password in their Nextcloud security settings and pastes server URL, username, and that app password into the CLI; or (b) Login Flow v2 — the user enters only the server URL in the CLI, opens the browser link the CLI prints, signs in and approves on their Nextcloud server, and the server returns both the login name and a scoped app password to zz-drop over its polling endpoint (the user never types their Nextcloud username or password into the CLI). None of these flows redirects through a host operated by zz-drop — there is no OAuth callback server in the data or authentication path. Tokens, app passwords, and Login Flow v2 tokens are written only to the local encrypted profile and are never seen by any zz-drop-operated server.

Google Drive

Data accessed

zz-drop requests a single Google OAuth scope: https://www.googleapis.com/auth/drive.file (the drive.file scope). This is a non-sensitive, per-file scope: it grants zz-drop access only to files zz-drop itself creates in the user's Google Drive. zz-drop does not integrate with Google's file picker, so it cannot gain access to files the user created previously with other applications. The Google user data zz-drop accesses under this scope is:

zz-drop does not request userinfo.email, userinfo.profile, or any Google Workspace scope. zz-drop does not access Gmail, Calendar, Contacts, Google Photos, files in the user's Drive created by other applications, or any Google service or Drive content beyond what is described above.

Data usage

Google user data is used solely to perform the user-facing upload, download, list, and delete actions the user explicitly initiates from the zz-drop CLI. The account email address is used solely as a display label. Every action is started by a CLI command typed by the user — there is no background sync, no automatic upload, no scheduled job. zz-drop does not use Google user data for advertising, profiling, behavioral analytics, training or developing AI or machine-learning models, or any purpose other than the user-facing file transfer feature.

Data sharing

zz-drop does not share Google user data with any third party for any purpose. File content and metadata transit directly from the user's device to Google's Drive API over TLS — no zz-drop-operated server sits in the data path. zz-drop does not sell, rent, lease, license, or otherwise transfer Google user data to any party. zz-drop has no subprocessors and no affiliates that receive Google user data, and does not produce or share any aggregated, anonymized, or derived datasets from Google user data.

Data storage and protection

zz-drop operates no server-side storage of Google user data. Google user data lives only at Google itself (in the user's own Google Drive) and on the user's local device. On the local device, the OAuth refresh token issued by Google and the account email address (label) are stored inside the encrypted profile file profiles-local.zz in the local zz-drop configuration directory (for example ~/.config/zz-drop/ on Linux, ~/Library/Application Support/zz-drop/ on macOS). The file is sealed with XChaCha20-Poly1305 using a key derived from the user's passphrase via Argon2id. The passphrase never leaves the device and is never transmitted to any server. During a transfer, file content is held in memory: uploads read from the user's source path and stream the bytes to Google; downloads write the bytes received from Google to the destination path the user specified. zz-drop does not create additional temporary or cache copies of file content.

Data retention and deletion

Server-side retention of Google user data is zero: zz-drop operates no server that receives or holds Google user data. On-device retention persists only until the user removes the credentials:

Google API Services — Limited Use

zz-drop's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. zz-drop uses Google user data only to provide the user-facing upload, download, list, and delete features described above and to label which Google account granted consent. zz-drop does not use Google user data for serving advertisements. zz-drop does not transfer Google user data to third parties — the only data transfer is the user-initiated transfer between the user's device and Google's own API. zz-drop does not allow humans to read Google user data; because zz-drop operates no server that receives Google user data, the standard Limited Use exceptions (user's affirmative agreement to view specific files, security investigations, legal compliance, or aggregated internal operations) do not apply in practice. zz-drop does not use Google user data for training or developing AI or machine-learning models.

Microsoft OneDrive

Data accessed

zz-drop requests three Microsoft Graph OAuth scopes: Files.ReadWrite, offline_access, and User.Read. The Microsoft user data zz-drop accesses under these scopes is:

zz-drop does not access Outlook, Teams, Calendar, SharePoint, OneNote, or any other Microsoft 365 service.

Data usage

Microsoft user data is used solely to perform the user-facing upload, download, list, and delete actions the user explicitly initiates from the zz-drop CLI, and to display the account's email address in the CLI and TUI so multiple accounts can be distinguished. Every action is started by a CLI command typed by the user — there is no background sync, no automatic upload, no scheduled job. zz-drop does not use Microsoft user data for advertising, profiling, behavioral analytics, training or developing AI or machine-learning models, or any purpose other than the user-facing file transfer feature.

Data sharing

zz-drop does not share Microsoft user data with any third party for any purpose. File content and metadata transit directly from the user's device to Microsoft's Graph API over TLS — no zz-drop-operated server sits in the data path. zz-drop does not sell, rent, lease, license, or otherwise transfer Microsoft user data to any party. zz-drop has no subprocessors and no affiliates that receive Microsoft user data, and does not produce or share any aggregated, anonymized, or derived datasets from Microsoft user data.

Data storage and protection

zz-drop operates no server-side storage of Microsoft user data. Microsoft user data lives only at Microsoft itself (in the user's own OneDrive) and on the user's local device. On the local device, the OAuth refresh token issued by Microsoft and the account email address (label) are stored inside the encrypted profile file profiles-local.zz in the local zz-drop configuration directory (for example ~/.config/zz-drop/ on Linux, ~/Library/Application Support/zz-drop/ on macOS). The file is sealed with XChaCha20-Poly1305 using a key derived from the user's passphrase via Argon2id. The passphrase never leaves the device and is never transmitted to any server. During a transfer, file content is held in memory: uploads read from the user's source path and stream the bytes to Microsoft; downloads write the bytes received from Microsoft to the destination path the user specified. zz-drop does not create additional temporary or cache copies of file content.

Data retention and deletion

Server-side retention of Microsoft user data is zero: zz-drop operates no server that receives or holds Microsoft user data. On-device retention persists only until the user removes the credentials:

Dropbox

Data accessed

zz-drop requests four Dropbox OAuth scopes: files.content.write, files.content.read, files.metadata.read, and account_info.read. The Dropbox application is registered as an "App folder" application, which sandboxes all access to a single dedicated App folder Dropbox creates in the user's account for zz-drop — zz-drop cannot read, write, list, or even see anything outside that folder. The Dropbox user data zz-drop accesses under these scopes is:

Data usage

Dropbox user data is used solely to perform the user-facing upload, download, list, and delete actions the user explicitly initiates from the zz-drop CLI, all confined to the App folder, and to display the account's email address in the CLI and TUI so multiple accounts can be distinguished. Every action is started by a CLI command typed by the user — there is no background sync, no automatic upload, no scheduled job. zz-drop does not use Dropbox user data for advertising, profiling, behavioral analytics, training or developing AI or machine-learning models, or any purpose other than the user-facing file transfer feature.

Data sharing

zz-drop does not share Dropbox user data with any third party for any purpose. File content and metadata transit directly from the user's device to Dropbox's API over TLS — no zz-drop-operated server sits in the data path. zz-drop does not sell, rent, lease, license, or otherwise transfer Dropbox user data to any party. zz-drop has no subprocessors and no affiliates that receive Dropbox user data, and does not produce or share any aggregated, anonymized, or derived datasets from Dropbox user data.

Data storage and protection

zz-drop operates no server-side storage of Dropbox user data. Dropbox user data lives only at Dropbox itself (in the user's own App folder) and on the user's local device. On the local device, the OAuth refresh token issued by Dropbox and the account email address (label) are stored inside the encrypted profile file profiles-local.zz in the local zz-drop configuration directory (for example ~/.config/zz-drop/ on Linux, ~/Library/Application Support/zz-drop/ on macOS). The file is sealed with XChaCha20-Poly1305 using a key derived from the user's passphrase via Argon2id. The passphrase never leaves the device and is never transmitted to any server. During a transfer, file content is held in memory: uploads read from the user's source path and stream the bytes to Dropbox; downloads write the bytes received from Dropbox to the destination path the user specified. zz-drop does not create additional temporary or cache copies of file content.

Data retention and deletion

Server-side retention of Dropbox user data is zero: zz-drop operates no server that receives or holds Dropbox user data. On-device retention persists only until the user removes the credentials:

Nextcloud

Data accessed

zz-drop authenticates to the user's Nextcloud server over WebDAV (HTTPS) with HTTP Basic authentication. The credential is provisioned in one of two ways during setup:

In both paths the credential is an app-scoped secret distinct from the user's main account password, and can be revoked independently from the Nextcloud security settings. zz-drop never sees the user's main Nextcloud login password. The Nextcloud user data zz-drop accesses is:

Data usage

Nextcloud user data is used solely to perform the user-facing upload, download, list, and delete actions the user explicitly initiates from the zz-drop CLI. Every action is started by a CLI command typed by the user — there is no background sync, no automatic upload, no scheduled job. zz-drop does not use Nextcloud user data for advertising, profiling, behavioral analytics, training or developing AI or machine-learning models, or any purpose other than the user-facing file transfer feature.

Data sharing

zz-drop does not share Nextcloud user data with any third party for any purpose. File content, metadata, and the Authorization header bearing the app password / token transit directly from the user's device to the user's own Nextcloud server over TLS — no zz-drop-operated server sits in the data path. zz-drop does not sell, rent, lease, license, or otherwise transfer Nextcloud user data to any party. zz-drop has no subprocessors and no affiliates that receive Nextcloud user data.

Data storage and protection

zz-drop operates no server-side storage of Nextcloud user data. Nextcloud user data lives only at the user's Nextcloud server and on the user's local device. On the local device, the username, server URL, and Nextcloud credential (app password or Login Flow v2 token) are stored inside the encrypted profile file profiles-local.zz in the local zz-drop configuration directory (for example ~/.config/zz-drop/ on Linux, ~/Library/Application Support/zz-drop/ on macOS). The file is sealed with XChaCha20-Poly1305 using a key derived from the user's passphrase via Argon2id. The passphrase never leaves the device and is never transmitted to any server. During a transfer, file content is held in memory: uploads read from the user's source path and stream the bytes to the user's Nextcloud server; downloads write the bytes received from the server to the destination path the user specified. zz-drop does not create additional temporary or cache copies of file content.

Data retention and deletion

Server-side retention of Nextcloud user data on zz-drop infrastructure is zero: zz-drop operates no server that receives or holds Nextcloud user data. (The user's own Nextcloud server's retention policy is set by the user or their administrator and is outside zz-drop's scope.) On-device retention persists only until the user removes the credentials:

Changes to this policy

If zz-drop changes how it accesses, uses, stores, shares, or retains user data, this page is updated and the "Last updated" date at the top is revised. Material changes to how Google user data is handled also require resubmission to Google for verification under the Google API Services User Data Policy.

This website

The site is static HTML and CSS, served from an OVH VPS. No JavaScript is required to read any page. No fonts, scripts, or images are loaded from third-party CDNs.

Contact

Questions, corrections, requests: privacy@zz-drop.net.