We don’t ask or require you to provide any personally identifying
information when you submit materials through SecureDrop. However,
please keep in mind that the actual messages you send and receive
through SecureDrop may include personally identifying information
included by you or the journalist.
The system does not record your IP address, information about your
browser, computer, or operating system.
The server will only store the date and time of the newest message
sent from each source. Once you send a new message, the time and
date of your previous message is automatically deleted.
Journalists decrypt and read each message offline. Journalists will
delete messages and any materials submitted through SecureDrop from
the server on a regular basis. The date and time of any message will
be securely deleted from the server when the message is deleted.
Once you read a journalist’s message, we recommend you delete it. It
will then be securely deleted from the file system.
Also please note that when you submit certain types of files through
SecureDrop, you may be sending us metadata associated with that
For example, if you submit a photo through SecureDrop in JPEG
format, the file may include information about the date, time, and
the GPS location of where it was taken, and the type of device used
to take the photo. Similarly, if you submit a Word file (.doc or
.docx) through SecureDrop, it may include the identity of the
document’s author, the author’s operating system, GPS data about the
author’s location, and the date and time when the document was
Our policy is to scrub metadata from the files we receive through
SecureDrop before publication. If you don’t want to send us metadata,
please use the Metadata Anonymization Toolkit to scrub the file before
you submit it.
However, no one can truly guarantee 100% security of any system. Like
all software, SecureDrop may contain bugs. Ultimately, you use the
SecureDrop service at your own risk.