Effective date: February 26, 2026 · Last updated: February 26, 2026 · Published by: Superhuman Intelligence LLC
Short version: telemetry is on by default and fully anonymous. You can opt out any time in Settings. Your credentials never leave your Mac.
TL;DR — The short version
- Anonymous usage telemetry is on by default via PostHog. No personal data, file contents, or credentials are ever sent. You can opt out in Settings.
- Your Cloudflare API credentials are stored only in macOS Keychain — never on our servers.
- Your files go directly from your Mac to your own Cloudflare R2 bucket. We never see them.
- R2Drop is open-source. You can verify all of this at github.com/superhumancorp/r2drop.
1. Who We Are
R2Drop is developed and maintained by Superhuman Intelligence LLC, operating under the GitHub organization superhumancorp. For privacy-related inquiries, contact us at [email protected] or open an issue on GitHub.
2. Anonymous Telemetry (On by Default, Opt-Out)
R2Drop sends anonymous usage telemetry via PostHog to help improve the app. This is on by default and can be turned off at any time in Settings → General → “Share anonymous usage data.”
What is sent: feature usage events (e.g. “upload started”), error types, app version, macOS version, and a random anonymous identifier generated at install time.
What is never sent: file names, file contents, file paths, upload URLs, bucket names, account names, API credentials, or any personal information. Bucket and account names are one-way hashed before transmission.
3. Your Cloudflare API Credentials
R2Drop requires a Cloudflare API token to upload files to your R2 bucket. This token is:
- Stored exclusively in macOS Keychain under the service identifier
com.superhumancorp.r2drop. - Never written to disk in plaintext, config files, environment variables, or shell history.
- Never transmitted to Superhuman Intelligence LLC or any third party other than Cloudflare's own API endpoints.
You are responsible for creating a least-privilege API token scoped only to the R2 buckets you intend to use. We recommend following Cloudflare's token guidance.
4. Your Files and Uploads
Files you upload with R2Drop travel directly from your Mac to Cloudflare's infrastructure. We do not proxy, store, inspect, or have access to your uploaded files in any way.
The URL generated after upload is the public URL of your Cloudflare R2 object. Managing access controls on your bucket (public vs. private) is your responsibility through the Cloudflare dashboard.
5. Upload History and Queue
R2Drop maintains a local SQLite database at ~/.r2drop/queue.db and ~/.r2drop/history.db that stores upload queue state and history. This data:
- Exists only on your Mac — never synced to our servers.
- Contains file paths, public URLs, and timestamps of past uploads.
- Can be deleted at any time by removing the files at
~/.r2drop/.
6. This Website (r2drop.com)
The R2Drop marketing website uses Google Analytics to understand aggregate traffic patterns. Google Analytics uses cookies. We do not use Meta Pixel or other advertising trackers. You can opt out of Google Analytics via your browser settings or the Google Analytics opt-out extension.
7. Third-Party Services
R2Drop interacts with the following third-party services:
- Cloudflare, Inc. — R2/S3-compatible API for file uploads. Subject to Cloudflare's Privacy Policy.
- PostHog, Inc. — Anonymous usage telemetry in the macOS app (opt-out). Subject to PostHog's Privacy Policy.
- Google LLC — Google Analytics on this website only (not in the app). Subject to Google's Privacy Policy.
- Sparkle — Open-source update framework. Checks GitHub Releases for new versions. No data is sent to Sparkle.
We are not affiliated with Cloudflare, PostHog, or Google.
8. Children's Privacy
R2Drop is a developer tool not directed at children under 13. We do not knowingly collect information from children.
9. Open Source Verification
R2Drop is fully open source under the MIT License. You can audit every network call the app makes at github.com/superhumancorp/r2drop. We encourage security researchers to review and report issues.
10. Changes to This Policy
We may update this Privacy Policy. When we do, we will post the updated policy at this URL with a revised effective date. Because we collect no personal data, changes are unlikely to affect your privacy in practice.
11. Contact
Privacy questions or concerns? Email [email protected] or open an issue on GitHub.