How Juno Drop protects your files and devices.
Your files travel directly between your devices over your local Wi-Fi network or hotspot. Junoway servers never receive the contents of any file you transfer. We do not proxy, cache, or store file payloads.
All peer-to-peer connections use TLS 1.3. Each device generates an Ed25519 key pair on first launch. After pairing, devices authenticate using their pinned public keys — no certificate authority required.
Before two devices can exchange files, a user must confirm a 6-digit pairing code displayed on both screens. This prevents a rogue device on the same network from silently pairing with yours. Pairing sessions expire after 2 minutes.
Private keys and session tokens are stored in OS-provided secure storage: Windows Credential Manager, macOS Keychain, Android Keystore, and iOS Keychain. They are never written to plain-text config files.
Junoway accounts use email/password authentication via Supabase Auth with bcrypt password hashing. All API communication uses HTTPS. Device activation tokens are short-lived and rotated on each license check.
We do not claim Juno Drop is "unhackable" or impenetrable. All software has risk. What we can accurately say: file payloads transfer locally, transfers are TLS-encrypted, devices must be explicitly paired, and credentials live in OS secure storage.
If you discover a security issue, please email security@junoway.com. We take all reports seriously and aim to respond within 48 hours.