Legal
Privacy policy
Effective July 2, 2026
This policy describes what information RoverDrop collects, how it is used, and the choices you have. RoverDrop is operated from Illinois, United States. Questions go to support@roverdrop.com.
What we collect
- Account information:your name, email address, role, and firm, provided by you or your firm's administrator. Passwords are stored only as salted hashes.
- Customer content: the packets your firm submits, including files, titles, cover sheets, comments, and job numbers. This content belongs to your firm.
- Activity records: the audit trail of packet events (submitted, viewed, downloaded, accepted, filed, and related actions) with the acting user and timestamp. This record is a core feature of the product.
- Technical logs: standard server logs (IP address, request time, user agent) used for security and troubleshooting, including rate limiting of sign-in attempts.
How we use it
- To provide the service: storing files, routing notifications, keeping the audit trail.
- To secure the service: authentication, rate limiting, and abuse prevention.
- To communicate with you: transactional email such as receipts, reminders, and password resets, and replies to your support requests.
We do not sell your information. We do not use your content for advertising. We do not use your content to train machine-learning models.
Who can see your firm's data
Content is scoped to your firm. Users in other firms cannot see it. Within your firm, visibility follows the roles your administrator assigns. A small number of RoverDrop operations staff can access production systems for maintenance and support; that access is limited and not used to browse customer content.
Service providers
RoverDrop runs on third-party infrastructure: cloud hosting, a managed database, object storage for files, and an email delivery provider. These providers process data on our behalf under their own security commitments. We do not share your information with anyone else except as required by law.
Retention and deletion
- Packet content and the audit trail are retained for as long as your firm's account is active, because durable records are the purpose of the product.
- Your firm's administrator can configure storage retention for working copies of filed packets. Archive copies are retained.
- When a firm's account is closed, its content is deleted from production systems within 30 days and from backups on the backup rotation schedule — except archive copies, which live on write-once storage with a fixed retention window that nobody, including us, can shorten. Those are purged when the window lapses and are not accessed in the meantime except as required by law.
Security
Data is encrypted in transit. Files are transferred directly between your browser and object storage over TLS and verified after upload. Passwords are hashed with bcrypt. Sessions expire when idle. No system is perfectly secure; if we learn of a breach affecting your data, we will notify affected firms without undue delay.
Your choices
- You can view and update your name and password from your account page.
- Email address and role changes go through your firm's administrator.
- To request a copy or deletion of your personal information, contact support@roverdrop.com. Note that packet history is your firm's business record; requests that affect it are coordinated with your firm.
Children
RoverDrop is a workplace tool and is not directed to children under 16.
Changes
If this policy changes materially, we will notify firm administrators by email before the change takes effect. The effective date above always reflects the current version.