We provide this overview so that you can better understand the security measures we’ve put in place to protect the information that you store using Dropbox.

Secure Storage We encrypt the files that you store on Dropbox using the AES-256 standard, which is the same encryption standard used by banks to secure customer data. Encryption for storage is applied after files are uploaded, and we manage the encryption keys.

Dropbox uses Amazon S3 for data storage. Amazon stores data over several large-scale data centers. According to Amazon, they use military grade perimeter control berms, video surveillance, and professional security staff to keep their data centers physically secure.

You can find more information about Amazon’s security at the Amazon Web Services’ website.

Amazon and Dropbox also employ significant protection against network security issues such as Distributed Denial of Service (DDoS) attacks, Man in the Middle (MITM) attacks, and packet sniffing.

Secure Transfers Your files are sent between Dropbox’s desktop clients and our servers over a secure channel using 256-bit SSL (Secure Sockets Layer) encryption, the standard for secure Internet network connections.

Your files are sent between Dropbox’s mobile apps and our servers over a secure channel using 256-bit SSL encryption where supported. Not all mobile media players support encrypted streaming, so media files streamed from our servers are not always encrypted.

Your Data is Backed Up Dropbox and Amazon keep redundant backups of all data over multiple locations to prevent the remote possibility of data loss. In the unlikely event that this redundancy were to fail, Dropbox folders linked to a desktop computer client will still contain copies of your files (except files you’ve chosen not to sync using Selective Sync).

Privacy A copy of our full privacy policy can be found at: https://www.dropbox.com/privacy.

We guard your privacy to the best of our ability and work hard to protect your information from unauthorized access.

Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that’s the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.

Third-party Apps If you choose to access Dropbox using third-party applications (“apps”), be aware that those apps utilize their own security protocols and have their own privacy policies. If you’re not comfortable with the privacy and security features of those apps, you shouldn’t use them to access Dropbox. For example, third-party apps might not employ encryption when transmitting data, might collect information that Dropbox does not, and might use information differently than Dropbox does.

Compliance with Laws and Law Enforcement As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox. In these cases, Dropbox will remove Dropbox’s encryption from the files before providing them to law enforcement.

How to Add Your Own Layer of Encryption to Dropbox Dropbox applies encryption to your files after they have been uploaded, and we manage the encryption keys. Users who wish to manage their own encryption keys can apply encryption before placing files in their Dropbox. Please note that if you encrypt files before uploading them, some features will not be available, such as creating public links. Doing so will also make it impossible for us to recover your data if you lose your encryption key.

I think I’ve found a security exploit. Where do I report security concerns? We take a number of measures to ensure that the data you store on Dropbox is safe and secure. While we’re very confident in our technology, we recognize that no system can guarantee data security with 100% certainty. For that reason, we will continue to innovate to make sure that our security measures are state of the art, and we will investigate any and all reported security issues concerning Dropbox’s services or software. For a direct line to our security experts, report security issues to [email protected].

We’ll fully credit anybody whose reports lead to the improvement of Dropbox security. A list of those who have contributed reports leading to a bug or security issue can be found on our special thanks page.

ul#the_list > li { padding: 4px; } Dropbox Acceptable Use Policy Dropbox is used by millions of people, and we are proud of the trust placed in us. In exchange, we trust you to use our services responsibly.

You agree not to misuse the Dropbox services. For example, you must not, and must not attempt to, use the services to do the following things.

• probe, scan, or test the vulnerability of any system or network;
• breach or otherwise circumvent any security or authentication measures;
• access, tamper with, or use non-public areas of the Service, shared areas of the Service you have not been invited to, Dropbox (or our service providers’) computer systems;
• interfere with or disrupt any user, host, or network, for example by sending a virus, overloading, flooding, spamming, or mail-bombing any part of the Services;
• plant malware or otherwise use the Services to distribute malware;
• access or search the Services by any means other than our publicly supported interfaces (for example, “scraping”);
• send unsolicited communications, promotions or advertisements, or spam;
• send altered, deceptive or false source-identifying information, including “spoofing” or “phishing”;
• publish anything that is fraudulent, misleading, or infringes another’s rights;
• promote or advertise products or services other than your own without appropriate authorization;
• impersonate or misrepresent your affiliation with any person or entity;
• abuse Dropbox referrals to get more credit for referrals than deserved;
• publish or share materials that are unlawfully pornographic or indecent, or that advocate bigotry, religious, racial or ethnic hatred;
• violate the law in any way, or to violate the privacy of others, or to defame others.