Security

Encryption

All sensitive data in Dropie is protected with industry-standard encryption. Data is encrypted both at rest and during transmission.

Encryption at Rest

All stored data is encrypted before being written to disk:

Aspect	Value	Description
Algorithm	AES-256-CBC	Advanced Encryption Standard with 256-bit keys
Scope	Full field encryption	All form submissions and sensitive data encrypted
Key Management	Laravel key rotation	Support for key rotation without data loss
Integrity	SHA-256 hashing	Document integrity verification

All data transmitted to and from Dropie is encrypted:

Aspect	Value	Description
Protocol	TLS 1.2+	Transport Layer Security version 1.2 or higher
HSTS	Enabled	HTTP Strict Transport Security prevents downgrade attacks
Perfect Forward Secrecy	Supported	Compromised keys don't affect past sessions
Certificate	Valid SSL/TLS	Regularly renewed certificates

For highest security requirements, Dropie supports additional encryption:

Data encrypted in browser before transmission using Web Crypto API

RSA-4096 + AES-256-GCM for key exchange and data encryption

HMAC-SHA256 verification prevents tampering

Note: End-to-end encryption means data is encrypted before leaving your browser and only decrypted by authorized recipients.

Secure handling of encryption keys:

Support for rotating encryption keys without data loss

Keys stored securely separate from encrypted data

Strict access controls on key material

Uploaded files are protected with multiple layers:

Files encrypted before upload to cloud storage

Storage bucket-level encryption enabled

Secure signed URLs with expiration for downloads

CloudFront CDN with HTTPS delivery

Database security measures:

Connection encryption (SSL/TLS)

Field-level encryption for sensitive columns

Encrypted backups

IP-based access restrictions

Encryption implementation supports regulatory requirements: