Security at Lokidrop

At Lokidrop we take the security and privacy of your data seriously.


Data Center & Infrastructure

  • Lokidrop hosts its application servers and databases entirely in Finland, within the European Union.
  • Our infrastructure is deployed on cloud infrastructure that meets EU data residency requirements, ensuring your data never leaves the EEA without appropriate safeguards.

Failover & Disaster Recovery

  • We host on Hetzner Cloud in their Helsinki, Finland data center. Hetzner owns and operates their own physical infrastructure with redundant network connectivity and NVMe RAID10 storage. They guarantee 99.9% network uptime.
  • All data is automatically backed up daily. We regularly verify that backups can be successfully restored.

Encryption

  • All traffic between your browser and Lokidrop is encrypted using TLS.
  • User-uploaded images and assets stored on Cloudflare R2 are encrypted at rest.

Application Security

We use third-party tools to continuously scan for vulnerabilities as part of our development pipeline.


PCI & Payments

When you subscribe to a paid Lokidrop plan, your payment card data is never transmitted through or stored on our systems. All payment processing is handled exclusively by Stripe, which is certified to PCI DSS Service Provider Level 1. You can read more about Stripe's security practices at stripe.com/docs/security.


Cookie Consent

We use CookieYes to manage cookie consent on our website, ensuring compliance with GDPR and the ePrivacy Directive. Consent records are stored securely and can be withdrawn at any time.


Sub-processors

To deliver our service, Lokidrop works with a small number of trusted third-party sub-processors. Each sub-processor is bound by data processing agreements and handles data only as necessary to provide their specific function.

Sub-processor Purpose Data Location
Postmark (ActiveCampaign) Transactional email delivery United States (EU SCCs in place)
CookieYes Cookie consent management European Union
Cloudflare R2 Image and asset storage European Union (EU region)
Stripe Subscription payment processing European Union / United States (EU SCCs in place)

Changelog Widget

Lokidrop provides an embeddable changelog widget that you can add to your own product or website. When you use this widget, please note the following:

What Lokidrop collects: We record aggregate, non-personal usage counts — specifically how many times the widget is loaded, how many times it is opened by a visitor, and how many times the full changelog page on Lokidrop is opened. These are simple counters that help you understand engagement with your changelog.

What Lokidrop does not collect: We do not collect any information about the individual visitors who load or interact with the widget. No IP addresses, device identifiers, cookies, or any other personal data about your visitors are stored by us.

What to add to your Privacy Policy or Security page:

We use the Lokidrop changelog widget to communicate product updates. The widget is provided by Lokidrop (lokidrop.com). Lokidrop records aggregate counts of widget loads and interactions for analytics purposes. No personal data about you as a visitor is collected or stored by Lokidrop through this widget.

Responsible Disclosure

If you have discovered a security vulnerability in Lokidrop, please contact us at [email protected]. We review all reports and take a proactive approach to addressing security issues. Please do not publicly disclose the issue until we have had the opportunity to investigate and respond.


Contact

If you have questions about security or how we handle your data, reach out at [email protected].