How does DragDrop for Outlook work and how secure is it?

How does DragDrop for Outlook work and how secure is it?

Our add-in detects when a drag action starts and is dragged outside outlook, it then saves a temp file of the message or attachment to the local temp folder of the user (%temp% – this folder is only accessible for that user by default). We then wireup the windows drag event with a pointer to the file instead of the office item so a browser will accept the drop and recognize it as a file.

On interval (default 30 minutes, but configurable by your sysadmin) and Outlook start / close (depends on the interval and files) the temp files are cleaned up. We do NOT transfer ANY data out of the user computer. The only transfer you will ever see is a web call over https (SSL/TLS) to our licensing system to activate and validate the license.

Other questions we get about security:

• Who has access to data?
  Only the user itself has access to the data.
• Is the temporary file encrypted?
  If you want to encrypt the data, please do so on disk by enabling EFS or similar solutions.
• Where is data stored?
  No storage outside the user’s machine is done, temporary files are saved in the user’s temp folder.