your privacy,
our promise.
droomy is built on a radical idea — share files without sharing yourself. no accounts. no tracking. no drama. this page explains exactly what little data we touch and why.
last updated: march 2026
1. who we are
droomy is an ephemeral file-sharing app that lets you create temporary pods to share files with anyone nearby or remotely — with zero sign-up required. we are committed to keeping your experience private and your data minimal.
for any privacy-related questions, reach us at privacy@droomy.app.
2. data we collect
what we actually touch
📱 device identity
on first launch, droomy auto-generates a random anonymous nickname and color avatar (e.g. "void tiger 🐅"). this identity is stored only on your device using local storage (sharedpreferences). we never see your real name, email, or phone number.
📁 files you drop
files you upload are stored temporarily on cloudflare r2 storage, accessible to anyone with the pod link during the pod's active lifetime (1 hour, 24 hours, or 7 days). once the pod expires, all files are permanently and automatically deleted. we do not back them up.
💬 chat messages
pod chat messages are stored temporarily in our supabase database, tied to your anonymous nickname. they are hard-deleted alongside the pod when the ttl expires. we do not read or analyze chat content.
🔔 push notification tokens
when you join a pod, your device subscribes to an fcm (firebase cloud messaging) topic for that pod to receive file-drop alerts. the subscription is automatically removed when the pod expires or you leave. no personal data is attached to these tokens.
🚩 moderation reports
if you report a file or nickname, we log your anonymous device id alongside the report reason (nsfw / spam / offensive name) to prevent abuse. this data is used solely for moderation and rate limiting (max 3 reports/hour per device).
🌐 server logs & ip addresses
like all web services, our infrastructure (cloudflare, supabase) may log standard request data such as ip addresses, user agents, and timestamps for security and abuse prevention. these are governed by cloudflare's and supabase's own privacy policies.
3. what we do NOT collect
your name or email
phone number
location data
device contacts
camera or mic access
persistent accounts
browsing history
behavioral tracking
4. advertising (google admob)
applies to the droomy mobile app only
the droomy app displays ads served by google admob, a third-party advertising platform operated by google llc. these ads help keep droomy free for everyone.
data admob may collect: to serve relevant ads, google admob may collect and use data such as your device's advertising id (gaid on android / idfa on ios), ip address, general location (country/region), device type and os version, app usage and interaction data, and other non-personally-identifiable information.
personalized vs. non-personalized ads: by default, droomy may show personalized ads based on your interests as inferred by google. you can opt out of personalized ads at any time through your device settings — on android via settings → google → ads → opt out of ads personalization, and on ios via settings → privacy → apple advertising.
📍 google's consent & privacy
admob's data collection and use is governed entirely by google's privacy policy. droomy has no control over what admob collects. you can review google's privacy practices at policies.google.com/privacy and manage your ad preferences at adssettings.google.com.
droomy does not pass any personally identifiable information to admob. since droomy has no user accounts, there is no user id, email, or name ever shared with the ad network.
children & admob: if droomy is used by children under 13, we are committed to configuring admob to serve non-personalized, child-appropriate ads only, in compliance with coppa and google's families policy.
5. how long we keep your data
pod files & metadata: auto-deleted when the pod's ttl expires (1 hour, 24 hours, or 7 days). deletion is permanent and irreversible.
chat messages: deleted alongside the pod at ttl expiry.
moderation reports: retained for up to 30 days for abuse prevention, then purged.
device identity: stored locally on your phone only. uninstalling the app clears it permanently.
6. data sharing & third parties
we do not sell, trade, or rent your data to any third party — ever.
droomy uses cloudflare r2 for file storage, supabase for database and realtime syncing, firebase cloud messaging for push notifications, and google admob for in-app advertising. each provider operates under their own privacy policies and data agreements.
7. cookies & tracking
the droomy mobile app does not use cookies. the web viewer at droomy.app does not set any first-party tracking cookies.
the mobile app may use the device advertising id (gaid / idfa) via google admob for ad purposes only. you can reset or disable this id via your device's privacy settings at any time.
8. children's privacy
droomy is not directed at children under 13. we do not knowingly collect personal information from children. since droomy requires no registration, there is no mechanism to verify age. if you believe a child has uploaded content inappropriately, please contact us at privacy@droomy.app and we will take immediate action.
9. your rights
since droomy holds no personal data linked to a real identity, most traditional "right to erasure" requests are not applicable — your data disappears automatically when pods expire or when you uninstall the app.
if you are in the eu/eea (gdpr) or california (ccpa) and have specific concerns, contact privacy@droomy.app. because droomy is designed to be anonymous, there is typically no personal data to provide or delete on request.
10. security
pod files are served via cloudflare's global cdn over https. supabase edge functions validate pod expiry before returning any file urls. pod ids are 12-character alphanumeric strings — practically impossible to guess by brute force.
while we take security seriously, no system is 100% breach-proof. avoid sharing sensitive documents via droomy pods — especially in longer-lived pods (7-day ttl).
11. changes to this policy
we may update this privacy policy as droomy evolves. changes will be reflected with a new "last updated" date at the top. since droomy has no user accounts, we cannot notify you directly — so check back occasionally.