Posted: 1 May 2015
When you use our Services, you provide us with things like your files, content, email messages, contacts and so on ("Your Stuff"). Your Stuff is yours. These Terms don't give us any rights to Your Stuff except for the limited rights that enable us to offer the Services.
We need your permission to do things like hosting Your Stuff, backing it up and sharing it when you ask us to. Our Services also provide you with features like photo thumbnails, document previews, email organisation, easy sorting, editing, sharing and searching. These and other features may require our systems to access, store and scan Your Stuff. You give us permission to do those things, and this permission extends to our affiliates and trusted third parties we work with.
Our Services let you share Your Stuff with others, so please think carefully about what you share.
You're responsible for your conduct, Your Stuff and you must comply with our Acceptable Use Policy. Content in the Services may be protected by others' intellectual property rights. Please don't copy, upload, download or share content unless you have the right to do so.
We may review your conduct and content for compliance with these Terms and our Acceptable Use Policy. That said, we have no obligation to do so. We aren't responsible for the content people post and share via the Services.
Please safeguard your password to the Services, make sure that others don't have access to it, and keep your account information current.
Finally, our Services are not intended for and may not be used by people under the age of 13. By using our Services, you are representing to us that you're over 13.
Some of our Services allow you to download client software ("Software") which may be updated automatically. As long as you comply with these Terms, we give you a limited, non-exclusive, non-transferable, revocable licence to use the Software, solely to access the Services. To the extent any component of the Software may be offered under an open source licence, we'll make that licence available to you and the provisions of that licence may expressly override some of these Terms. Unless the following restrictions are prohibited by law, you agree not to reverse engineer or decompile the Services, attempt to do so, or assist anyone in doing so.
The Services are protected by copyright, trademark and other US and foreign laws. These Terms don't grant you any right, title or interest in the Services, others' content in the Services, Dropbox trademarks, logos and other brand features. We welcome feedback, but note that we may use comments or suggestions without any obligation to you.
We respect the intellectual property of others and ask that you do too. We respond to notices of alleged copyright infringement if they comply with the law, and such notices should be reported using our Copyright Policy. We reserve the right to delete or disable content alleged to be infringing and terminate accounts of repeat infringers. Our designated agent for notice of alleged copyright infringement on the Services is:
333 Brannan Street
San Francisco, CA 94107
Billing. You can increase your storage space and add paid features to your account (turning your account into a "Paid Account"). We'll automatically bill you from the date you convert to a Paid Account and on each periodic renewal until cancellation. You're responsible for all applicable taxes, and we'll charge tax when required to do so.
No Refunds. You may cancel your Dropbox Paid Account at any time but you won't be issued a refund unless it's legally required.
Downgrades. Your Paid Account will remain in effect until it's cancelled or terminated under these Terms. If you don't pay for your Paid Account on time, we reserve the right to suspend it or reduce your storage to free space levels.
Changes. We may change the fees in effect but will give you advance notice of these changes via a message to the email address associated with your account.
Email address. If you sign up for a Dropbox account with an email address provisioned by your employer, your employer may be able to block your use of Dropbox until you transition to a Dropbox for Business account or you associate your Dropbox account with a personal email address.
Using Dropbox for Business. If you join a Dropbox for Business account, you must use it in compliance with your employer's terms and policies. Please note that Dropbox for Business accounts are subject to your employer's control. Your administrators may be able to access, disclose, restrict or remove information in or from your Dropbox for Business account. They may also be able to restrict or terminate your access to a Dropbox for Business account. If you convert an existing Dropbox account into a Dropbox for Business account, your administrators may prevent you from later disassociating your account from the Dropbox for Business account.
You're free to stop using our Services at any time. We also reserve the right to suspend or end the Services at any time at our discretion and without notice. For example, we may suspend or terminate your use of the Services if you're not complying with these Terms, or use the Services in a manner that would cause us legal liability, disrupt the Services or disrupt others' use of the Services. Except for Paid Accounts, we reserve the right to terminate and delete your account if you haven't accessed our Services for 12 consecutive months. We'll of course provide you with notice via the email address associated with your account before we do so.
We strive to provide great Services, but there are certain things that we can't guarantee. TO THE FULLEST EXTENT PERMITTED BY LAW, DROPBOX AND ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE NO WARRANTIES, EITHER EXPRESS OR IMPLIED, ABOUT THE SERVICES. THE SERVICES ARE PROVIDED "AS IS". WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. Some places don't allow the disclaimers in this paragraph, so they may not apply to you.
TO THE FULLEST EXTENT PERMITTED BY LAW, EXCEPT FOR ANY LIABILITY FOR DROPBOX’S OR ITS AFFILIATES’ FRAUD, FRAUDULENT MISREPRESENTATION OR GROSS NEGLIGENCE, IN NO EVENT WILL DROPBOX, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS BE LIABLE FOR:
(A) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR
(B) ANY LOSS OF USE, DATA, BUSINESS OR PROFITS, REGARDLESS OF LEGAL THEORY.
THIS WILL BE REGARDLESS OF WHETHER OR NOT DROPBOX OR ANY OF ITS AFFILIATES HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
ADDITIONALLY, DROPBOX, ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS WILL NOT BE LIABLE FOR AGGREGATE LIABILITY FOR ALL CLAIMS RELATING TO THE SERVICES FOR MORE THAN THE GREATER OF $20 OR THE AMOUNTS PAID BY YOU TO DROPBOX FOR THE PAST 12 MONTHS OF THE SERVICES IN QUESTION.
Some places don't allow the types of limitations in this paragraph, so they may not apply to you.
Let's Try To Sort Things Out First. We want to address your concerns without needing a formal legal case. Before filing a claim against Dropbox, you agree to try to resolve the dispute informally by contacting email@example.com. We'll try to resolve the dispute informally by contacting you via email. If a dispute is not resolved within 15 days of submission, you or Dropbox may bring a formal proceeding.
Judicial forum for disputes. You and Dropbox agree that any judicial proceeding to resolve claims relating to these Terms or the Services will be brought in the federal or state courts of San Francisco County, California, subject to the mandatory arbitration provisions below. Both you and Dropbox consent to venue and personal jurisdiction in such courts.
We Both Agree To Arbitrate. You and Dropbox agree to resolve any claims relating to these Terms or the Services through final and binding arbitration, except as set forth under Exceptions to Agreement to Arbitrate below.
Opt-out of Agreement to Arbitrate. You can decline this agreement to arbitrate by clicking here and submitting the opt-out form within 30 days of first accepting these Terms.
Arbitration Procedures. The American Arbitration Association (AAA) will administer the arbitration under its Commercial Arbitration Rules and the Supplementary Procedures for Consumer Related Disputes. The arbitration will be held in the United States county where you live or work, San Francisco (CA) or any other location we agree to.
Arbitration Fees and Incentives. The AAA rules will govern payment of all arbitration fees. Dropbox will pay all arbitration fees for claims less than $75,000. If you receive an arbitration award that is more favourable than any offer we make to resolve the claim, we will pay you $1,000 in addition to the award. Dropbox will not seek its attorneys' fees and costs in arbitration unless the arbitrator determines that your claim is frivolous.
Exceptions to Agreement to Arbitrate. Either you or Dropbox may assert claims, if they qualify, in a small claims court in San Francisco (CA) or any United States county where you live or work. Either party may bring a lawsuit solely for injunctive relief to stop unauthorised use or abuse of the Services, or intellectual property infringement (for example, trademark, trade secret, copyright or patent rights) without first engaging in arbitration or the informal dispute-resolution process described above. If the agreement to arbitrate is found not to apply to you or your claim, you agree to the exclusive jurisdiction of the state and federal courts in San Francisco County, California to resolve your claim.
NO CLASS ACTIONS. You may only resolve disputes with us on an individual basis and may not bring a claim as a plaintiff or a class member in a class, consolidated or representative action. Class arbitrations, class actions, private attorney general actions and consolidation with other arbitrations aren't allowed.
These Terms will be governed by California law except for its conflicts of laws principles, unless otherwise required by a mandatory law of any other jurisdiction.
These Terms constitute the entire agreement between you and Dropbox with respect to the subject matter of these Terms, and supersede and replace any other prior or contemporaneous agreements, or terms and conditions applicable to the subject matter of these Terms. These Terms create no third-party beneficiary rights.
Dropbox's failure to enforce a provision is not a waiver of its right to do so later. If a provision is found unenforceable, the remaining provisions of the Terms will remain in full effect and an enforceable term will be substituted reflecting our intent as closely as possible. You may not assign any of your rights under these Terms, and any such attempt will be void. Dropbox may assign its rights to any of its affiliates or subsidiaries, or to any successor in interest of any business associated with the Services.
We may revise these Terms from time to time, and will always post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you (by, for example, sending a message to the email address associated with your account, posting on our blog or on this page). By continuing to use or access the Services after the revisions come into effect, you agree to be bound by the revised Terms.
Posted: 3 October 2016
Thanks for using Dropbox. Here we describe how we collect, use and handle your information when you use our websites, software and services (“Services”).
We collect and use the following information to provide, improve and protect our Services:
Account. We collect, and associate with your account, information like your name, email address, phone number, payment info and physical address. Some of our services let you access your accounts and your information with other service providers.
Services. When you use our Services, we store, process and transmit your files (including stuff like your photos, structured data and emails) and information related to them (for example location tags in photos). If you give us access to your contacts, we'll store those contacts on our servers for you to use. This will make it easy for you to do things like share your stuff, send emails and invite others to use the Services.
Usage. We collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.
Cookies and other technologies. We use technologies like cookies and pixel tags to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services. If our systems receive a DNT:1 signal from your browser, we'll respond to that signal as outlined here.
We may share information as discussed below, but we won't sell it to advertisers or other third parties.
Other users. Our Services display information like your name and email address to other users in places like your user profile and sharing notifications. Certain features let you make additional information available to other users.
Other applications. You can also give third parties access to your information and account - for example, via Dropbox APIs. Just remember that their use of your information will be governed by their privacy policies and terms.
Dropbox Business, Enterprise & Education admins. If you are a Dropbox Business, Dropbox Enterprise or Dropbox Education user, your administrator may have the ability to access and control your Dropbox Business, Enterprise or Education account. Please refer to your organisation's internal policies if you have questions about this. If you are not a Dropbox Business, Enterprise or Education user but interact with a Dropbox Business, Enterprise or Education user (by, for example, joining a shared folder or accessing stuff shared by that user), members of that organisation may be able to view the name, email address and IP address that were associated with your account at the time of that interaction.
Law & Order. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or our users; or (d) protect Dropbox's property rights.
Stewardship of your data is critical to us and is a responsibility that we embrace. We believe that our users' data should receive the same legal protection regardless of whether it's stored on our Services or on their home computer's hard drive. We'll abide by the following Government Request Principles when receiving, scrutinising and responding to government requests (including national security requests) for our users' data:
Security. We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like two-factor authentication, encryption of files at rest, and alerts when new devices and apps are linked to your account.
Retention. We'll retain information you store on our Services for as long as we need to do so to provide you the Services. If you delete your account, we'll also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and backup storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes or enforce our agreements. You can access your personal information by logging in to your Dropbox account. Learn more here.
Around the world. To provide you with the Services, we may store, process and transmit information in the United States and locations around the world - including locations outside your country. Information may also be stored locally on the devices you use to access the Services.
EU-US Privacy Shield and US-Swiss Safe Harbor. When transferring data from the European Union, the European Economic Area and Switzerland, Dropbox relies on a variety of legal mechanisms, including contracts with our users. Dropbox complies with the US-Swiss Safe Harbor (“Safe Harbor”) framework and its principles. We also participate in the EU-US Privacy Shield Program (“Privacy Shield”) and comply with its framework and principles. You can find Dropbox's Safe Harbor certification here and our Privacy Shield certification here. You can also learn more about Privacy Shield at https://www.privacyshield.gov and Safe Harbor at http://2016.export.gov/safeharbor/swiss/.
Dropbox is overseen by the US Federal Trade Commission. JAMS is the US-based independent organisation responsible for reviewing and resolving complaints about our Privacy Shield and Safe Harbor compliance – free of charge to you. We ask that you first submit any such complaints directly to us at firstname.lastname@example.org. If you aren't satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still isn't addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
If we are involved in a reorganisation, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.
Have questions or concerns about Dropbox, our Services and privacy? Contact us at email@example.com.
Posted: 14 September 2016
This Dropbox Business Agreement (the "Agreement") is between Dropbox International Unlimited Company if your organisation is based outside the United States, Canada and Mexico ("North America") or, if your organisation is based in North America, with Dropbox, Inc., a Delaware corporation (each, "Dropbox") and the organisation agreeing to these terms ("Customer"). This Agreement governs access to and use of the Dropbox Business client software and services (together, "Dropbox Business"), as well as the Beta Services that are made available to you (together, with Dropbox Business, the "Services"). By clicking "I agree", signing your contract for the Services or using the Services, you agree to this Agreement as a Customer.
To the extent that Dropbox, Inc. is, on behalf of the Customer, processing Customer Data that is subject to national laws implementing EU Data Protection Directive (95/46/EC) ("EU Data Protection Laws"), by clicking "I agree", you are also agreeing to the EU Standard Contractual Clauses with Dropbox, Inc. for the transfer of personal data to processors set forth in Schedule 1.
If you are agreeing to this Agreement and Schedule 1 (if applicable) for use of the Services by an organisation, you are agreeing on behalf of that organisation. You must have the authority to bind that organisation to these terms, otherwise you must not sign up for the Services.
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Name of the data exporting organisation: The Customer that is a party to the Dropbox Business Agreement with Dropbox International Unlimited Company
(the data exporter)
Name of the data importing organisation: Dropbox, Inc.
Address: 333 Brannan Street, San Francisco, CA 94107, USA
(the data importer)
each a "party"; together "the parties",
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
The details of the transfer and, in particular, the special categories of personal data where applicable, are specified in Appendix 1, which forms an integral part of the Clauses.
The data exporter agrees and warrants:
The data importer agrees and warrants:
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business-related issues where required, as long as they do not contradict the Clause.
Obligation after the termination of personal data processing services
Capitalised terms used in Sections A to C and the Appendices but not defined in the Clauses shall have the meaning provided in the Dropbox Business Agreement between the data exporter and Dropbox International Unlimited Company.
Security audit. The data importer maintains ISO/IEC 27001:2013 and ISO/IEC 27018:2014 certifications, which are issued by an independent third-party auditor. The data importer will continue to undergo regular ISO/IEC 27001:2013 and ISO/IEC 27018 audits necessary for maintaining such certifications for the Services during the Term. The data importer also regularly undergoes Service Organization Control 2 (SOC 2) Type II audits. Subject to the data importer's confidentiality obligations, and no more than once a year, the data importer will provide the data exporter with a copy of the SOC 2 Type II Report upon written request. The data importer will make new SOC 2 reports available as they are completed, subject to the data importer's confidentiality requirements. The data importer regularly reviews its third-party sub-service organisations, which undergo Standards for Attestation Engagements No.16 (SSAE 16) / International Standard on Assurance Engagements No.3402 (ISAE 3402) Service Organization Control 1 (SOC 1) Type II or Service Organization Control 2 (SOC 2) Type II audits that evaluate the design and effectiveness of their security policies, procedures and controls.
The data exporter agrees that the data importer's obligations set forth in this Section A fully satisfy the audit rights under Clause 5(f) and Clause 12 (2) of the Clauses.
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
The data exporter is (please specify briefly your activities relevant to the transfer):
The Customer of the Dropbox Business Agreement with Dropbox International Unlimited Company.
The data importer is (please specify briefly activities relevant to the transfer):
Dropbox, Inc., a global provider of cloud services for individuals and businesses. Dropbox, Inc. and its affiliates provide a website, software and mobile applications that allow people to store files, synchronise files across multiple devices and collaborate with others. Dropbox, Inc.'s service may also be accessed by Application Programming Interfaces (APIs).
The personal data transferred concerns the following categories of data subjects (please specify):
The data exporter and data exporter's affiliates' end users including employees, consultants and contractors of the data exporter, as well as any individuals collaborating or sharing with these end users using the services provided by the data importer.
The personal data transferred concerns the following categories of data (please specify):
End user-identifying information and organisation data (both online and offline) as well as documents, images and other content or data in electronic form stored or transmitted by end users via the data importer's services.
The personal data transferred will be subject to the following basic processing activities (please specify):
The data importer or its sub-processors will use and process personal data, and the data exporter instructs the data importer to use and process personal data in order to provide the Services under the Dropbox Business Agreement.
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
The data privacy officer of the data importer can be reached at firstname.lastname@example.org
The data importer has implemented and will maintain appropriate administrative, technical and physical safeguards to protect personal data as further described in the Dropbox Business security white paper (available as of the effective date at: https://www.dropbox.com/…/Security_Whitepaper.pdf) and additionally set forth below. The data importer may update these security measures from time to time, with the most recent version available at the above URL (or other URL as communicated by the data importer), provided however that the data importer will notify the data exporter if the data importer updates the security measures in a manner that materially diminishes the administrative, technical or physical security features described therein or in this Appendix 2.
Dropbox (“Dropbox”) respects the intellectual property rights of others and expects its users to do the same. In accordance with the Digital Millennium Copyright Act of 1998, the text of which may be found on the U.S. Copyright Office website at http://www.copyright.gov/legislation/dmca.pdf, Dropbox will respond expeditiously to claims of copyright infringement committed using the Dropbox service and/or the Dropbox website (the “Site”) if such claims are reported to Dropbox’s Designated Copyright Agent identified in the sample notice below.
If you are a copyright owner, authorized to act on behalf of one, or authorized to act under any exclusive right under copyright, please report alleged copyright infringements taking place on or through the Site by completing the following DMCA Notice of Alleged Infringement and delivering it to Dropbox’s Designated Copyright Agent. Upon receipt of Notice as described below, Dropbox will take whatever action, in its sole discretion, it deems appropriate, including removal of the challenged content from the Site.
DMCA Notice of Alleged Infringement (“Notice”)
Identify the copyrighted work that you claim has been infringed, or - if multiple copyrighted works are covered by this Notice - you may provide a representative list of the copyrighted works that you claim have been infringed.
Identify the material or link you claim is infringing (or the subject of infringing activity) and to which access is to be disabled, including at a minimum, if applicable, the URL of the link shown on the Site or the exact location where such material may be found.
Provide your company affiliation (if applicable), mailing address, telephone number, and, if available, email address.
“I hereby state that I have a good faith belief that the disputed use of the copyrighted material is not authorized by the copyright owner, its agent, or the law (e.g., as a fair use).”
“I hereby state that the information in this Notice is accurate and, under penalty of perjury, that I am the owner, or authorized to act on behalf of, the owner, of the copyright or of an exclusive right under the copyright that is allegedly infringed.”
Provide your full legal name and your electronic or physical signature.
Dropbox is used by millions of people, and we're proud of the trust placed in us. In exchange, we trust you to use our services responsibly.
You agree not to misuse the Dropbox services ("Services") or help anyone else to do so. For example, you must not even try to do any of the following in connection with the Services: