This translation is provided for convenience only and the English language version will control in the event of any discrepancies.

Dropbox Terms of Service

Posted: 25 July 2019

Effective: 24 September 2019

You can see your previous Terms here.

Thanks for using Dropbox! Our mission is to create a more enlightened way of working by providing an intuitive, unified platform to keep your content safe and accessible while helping you and those you work with stay coordinated and in sync.  These Terms of Service (“Terms”) cover your use of and access to our services, client software and websites ("Services"). If you reside outside the United States of America, Canada and Mexico (“North America”) your agreement is with Dropbox International Unlimited Company. If you reside in North America, your agreement is with Dropbox, Inc. Our Privacy Policy explains how we collect and use your information while our Acceptable Use Policy outlines your responsibilities when using our Services. By using our Services, you’re agreeing to be bound by these Terms, our Privacy Policy, and Acceptable Use Policy.

Your Stuff & Your Permissions

When you use our Services, you provide us with things like your files, content, messages, contacts and so on (“Your Stuff”). Your Stuff is yours. These Terms don’t give us any rights to Your Stuff except for the limited rights that enable us to offer the Services.

We need your permission to do things like hosting Your Stuff, backing it up and sharing it when you ask us to. Our Services also provide you with features such as commenting, sharing, searching, image thumbnails, document previews and personalisation to help reduce time consuming tasks. To provide these and other features, Dropbox accesses, stores and scans Your Stuff. You give us permission to do those things, and this permission extends to our affiliates and trusted third parties we work with.

Your Responsibilities

Your use of our Services must comply with our Acceptable Use Policy. Content in the Services may be protected by others’ intellectual property rights. Please don’t copy, upload, download or share content unless you have the right to do so.

Dropbox may review your conduct and content for compliance with these Terms and our Acceptable Use Policy. We aren’t responsible for the content people post and share via the Services.

Help us keep Your Stuff protected. Safeguard your password to the Services and keep your account information current. Don’t share your account credentials or give others access to your account.

You may use our Services only as permitted by applicable law, including export control laws and regulations. Finally, to use our Services, you must be at least 13 years old (or older, depending on where you live).

Software

Some of our Services allow you to download client software (“Software”) which may be updated automatically. As long as you comply with these Terms, we give you a limited, non-exclusive, non-transferable, revocable licence to use the Software, solely to access the Services. To the extent any component of the Software may be offered under an open source licence, we’ll make that licence available to you and the provisions of that licence may expressly override some of these Terms. Unless the following restrictions are prohibited by law, you agree not to reverse engineer or decompile the Services, attempt to do so or assist anyone to do so.

Beta Services

We sometimes release products and features that we’re still testing and evaluating. (“Beta Services ”). Beta Services are labeled “alpha”, “beta”, “preview”, “early access” or “evaluation” (or words or phrases with similar meanings) and may not be as reliable as Dropbox’s other services. Beta Services are made available so that we can collect user feedback, and by using our Beta Services, you agree that we may contact you to collect such feedback.

Beta Services are confidential until official launch. If you use any Beta Services, you agree not to disclose any information about those Services to anyone else without our permission.

Our Stuff

The Services are protected by copyright, trademark, and other US and foreign laws. These Terms don’t grant you any right, title or interest in the Services, others’ content in the Services, Dropbox trademarks, logos and other brand features. We welcome feedback but please note that we may use comments or suggestions without any obligation to you.

Copyright

We respect the intellectual property of others and ask that you do too. We respond to notices of alleged copyright infringement if they comply with the law, and such notices should be reported using our Copyright Policy. We reserve the right to delete or disable content alleged to be infringing and terminate accounts of repeat infringers. Our designated agent for notice of alleged copyright infringement on the Services is:

Copyright Agent
Dropbox, Inc.
1800 Owens St
San Francisco, CA 94158
copyright@dropbox.com

Paid Accounts

Billing. You can increase your storage space and add paid features to your account (turning your account into a "Paid Account"). We’ll automatically bill you from the date you convert to a Paid Account and on each periodic renewal date until cancellation. If you’re on an annual plan, we’ll send you a notice email reminding you that your plan is about to be renewed within a reasonable period of time prior to the renewal date. You’re responsible for all applicable taxes, and we’ll charge tax when required to do so. Some countries have mandatory local laws regarding your cancellation rights, and this paragraph doesn’t override these laws.

No refunds. You can cancel your Dropbox Paid Account at any time. Refunds are only issued if required by law. For example, users living in the European Union have the right to cancel their Paid Account subscriptions within 14 days of signing up for, upgrading to or renewing a Paid Account.

Downgrades. Your Paid Account will remain in effect until it's cancelled or terminated under these Terms. If you don’t pay for your Paid Account on time, we reserve the right to suspend it or  remove Paid Account features.

Changes. We may change the fees in effect but will give you advance notice of these changes via a message to the email address associated with your account.

Dropbox Business Teams

Email address. If you sign up for a Dropbox account with an email address provisioned by your organisation, your organisation may be able to block your use of Dropbox until you transition to an account on a Dropbox Business or Education team (Dropbox Business Team”) or associate your Dropbox account with a personal email address.

Using Dropbox Business teams. If you join a Dropbox Business Team, you must use it in compliance with your organisation's terms and policies. Please note that Dropbox Business Team accounts are subject to your organisation's control. Your administrators may be able to access, disclose, restrict or remove information in or from your Dropbox Business Team account. They may also be able to restrict or terminate your access to a Dropbox Business Team account. If you convert an existing Dropbox account to part of a Dropbox Business Team, your administrators can prevent you from later disassociating your account from the Dropbox Business Team.

Termination

You’re free to stop using our Services at any time. We reserve the right to suspend or terminate your access to the Services with notice to you if:

(a) you’re in breach of these Terms,

(b) your use of the Services in a manner that would cause a real risk of harm or loss to us or other users, or

(c) you don’t have a Paid Account and haven't accessed our Services for 12 consecutive months.

We’ll provide you with reasonable advance notice via the email address associated with your account to remedy the activity that prompted us to contact you and give you the opportunity to export Your Stuff from our Services. If after such notice you fail to take the steps we ask of you, we’ll terminate or suspend your access to the Services.

We won’t provide notice before termination where:

(a) you’re in material breach of these Terms,

(b) doing so would cause us legal liability or compromise our ability to provide the Services to our other users, or

(c) we're prohibited from doing so by law.

Discontinuation of Services

We may decide to discontinue the Services in response to unforeseen circumstances beyond Dropbox’s control or to comply with a legal requirement. If we do so, we’ll give you reasonable prior notice so that you can export Your Stuff from our systems. If we discontinue the Services in this way before the end of any fixed or minimum term you have paid us for, we’ll refund the portion of the fees you have pre-paid but haven't received Services for.

Services “AS IS”

We strive to provide great Services, but there are certain things that we can't guarantee. TO THE FULLEST EXTENT PERMITTED BY LAW, DROPBOX AND ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE NO WARRANTIES, EITHER EXPRESS OR IMPLIED, ABOUT THE SERVICES. THE SERVICES ARE PROVIDED "AS IS". WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. Some places don’t allow the disclaimers in this paragraph, so they may not apply to you.

Limitation of Liability

WE DON’T EXCLUDE OR LIMIT OUR LIABILITY TO YOU WHERE IT WOULD BE ILLEGAL TO DO SO – THIS INCLUDES ANY LIABILITY FOR DROPBOX’S OR ITS AFFILIATES’ FRAUD OR FRAUDULENT MISREPRESENTATION IN PROVIDING THE SERVICES. IN COUNTRIES WHERE THE FOLLOWING TYPES OF EXCLUSION AREN’T ALLOWED, WE'RE RESPONSIBLE TO YOU ONLY FOR LOSSES AND DAMAGES THAT ARE A REASONABLY FORESEEABLE RESULT OF OUR FAILURE TO USE REASONABLE CARE AND SKILL OR OUR BREACH OF OUR CONTRACT WITH YOU. THIS PARAGRAPH DOESN’T AFFECT CONSUMER RIGHTS THAT CAN'T BE WAIVED OR LIMITED BY ANY CONTRACT OR AGREEMENT.

IN COUNTRIES WHERE EXCLUSIONS OR LIMITATIONS OF LIABILITY ARE ALLOWED, DROPBOX, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WON’T BE LIABLE FOR:

i. ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR

ii. ANY LOSS OF USE, DATA, BUSINESS OR PROFITS, REGARDLESS OF LEGAL THEORY.

THESE EXCLUSIONS OR LIMITATIONS WILL APPLY REGARDLESS OF WHETHER OR NOT DROPBOX OR ANY OF ITS AFFILIATES HAVE BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES.

IF YOU USE THE SERVICES FOR ANY COMMERCIAL, BUSINESS OR RE-SALE PURPOSE, DROPBOX, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WILL HAVE NO LIABILITY TO YOU FOR ANY LOSS OF PROFIT, LOSS OF BUSINESS, BUSINESS INTERRUPTION OR LOSS OF BUSINESS OPPORTUNITY. DROPBOX AND ITS AFFILIATES AREN’T RESPONSIBLE FOR THE CONDUCT, WHETHER ONLINE OR OFFLINE, OF ANY USERS OF THE SERVICES.

OTHER THAN FOR THE TYPES OF LIABILITY WE CANNOT LIMIT BY LAW (AS DESCRIBED IN THIS SECTION), WE LIMIT OUR LIABILITY TO YOU TO THE GREATER OF $20 USD OR 100% OF ANY AMOUNT YOU'VE PAID UNDER YOUR CURRENT SERVICE PLAN WITH DROPBOX.

Resolving Disputes

Let’s try to sort things out first. We want to address your concerns without needing a formal legal case. Before filing a claim against Dropbox, you agree to try to resolve the dispute informally by contacting dispute-notice@dropbox.com. We’ll try to resolve the dispute informally by contacting you via email. If a dispute is not resolved within 15 days of submission, you or Dropbox may bring a formal proceeding.

Judicial Forum for Disputes. You and Dropbox agree that any judicial proceeding to resolve claims relating to these Terms or the Services will be brought in the federal or state courts of San Francisco County, California, subject to the mandatory arbitration provisions below. Both you and Dropbox consent to venue and personal jurisdiction in such courts. If you reside in a country (for example, a member state of the European Union) with laws that give consumers the right to bring disputes in their local courts, this paragraph doesn’t affect those requirements.

IF YOU’RE A US RESIDENT, YOU ALSO AGREE TO THE FOLLOWING MANDATORY ARBITRATION PROVISIONS:

We both agree to arbitrate. You and Dropbox agree to resolve any claims relating to these Terms or the Services through final and binding arbitration by a single arbitrator, except as set forth under 'Exceptions to agreement to arbitrate' below. This includes disputes arising out of or relating to interpretation or application of this 'Mandatory arbitration provisions' section, including its enforceability, revocability or validity.

Opt-out of agreement to arbitrate. You can decline this agreement to arbitrate by clicking here and submitting the opt-out form within 30 days of first registering your account. However, if you agreed to a previous version of these Terms that allowed you to opt out of arbitration, your previous choice to opt out or not opt out remains binding.

Arbitration procedures. The American Arbitration Association (AAA) will administer the arbitration under its Commercial Arbitration Rules and the Supplementary Procedures for Consumer Related Disputes. The arbitration will be held in the United States county where you live or work, in San Francisco (CA) or in any other location we agree to.

Arbitration fees and incentives. The AAA rules will govern payment of all arbitration fees. Dropbox will pay all arbitration fees for individual arbitration for claims less than $75,000. If you receive an arbitration award that is more favourable than any offer we make to resolve the claim, we will pay you $1,000 in addition to the award. Dropbox will not seek its legal fees and costs in arbitration unless the arbitrator determines that your claim is frivolous.

Exceptions to agreement to arbitrate. Either you or Dropbox may assert claims, if they qualify, in a small claims court in San Francisco (CA) or any United States county where you live or work. Either party may bring a lawsuit solely for injunctive relief to stop unauthorised use or abuse of the Services, or intellectual property infringement (for example, trademark, trade secret, copyright or patent rights) without first engaging in arbitration or the informal dispute resolution process described above. If the agreement to arbitrate is found not to apply to you or your claim, you agree to the exclusive jurisdiction of the state and federal courts in San Francisco County, California, USA to resolve your claim.

NO CLASS ACTIONS. You may only resolve disputes with us on an individual basis and may not bring a claim as a plaintiff or a class member in a class, consolidated or representative action. Class arbitrations, class actions, private attorney general actions and consolidation with other arbitrations aren’t allowed. If this specific paragraph is held unenforceable, the entirety of this 'Mandatory arbitration provisions' section will be deemed void.

Controlling Law

These Terms will be governed by California law except for its conflicts of laws principles. However, some countries (including those in the European Union) have laws that require agreements to be governed by the local laws of the consumer's country. This paragraph doesn’t override those laws.

Entire Agreement

These Terms constitute the entire agreement between you and Dropbox with respect to the subject matter of these Terms, and supersede and replace any other prior or contemporaneous agreements, or terms and conditions applicable to the subject matter of these Terms. These Terms create no third-party beneficiary rights.

Waiver, Severability & Assignment

Dropbox’s failure to enforce a provision is not a waiver of its right to do so later. If a provision is found to be unenforceable, the remaining provisions of the Terms will remain in full effect and an enforceable term will be substituted reflecting our intent as closely as possible. You may not assign any of your rights under these Terms, and any such attempt will be void. Dropbox may assign its rights to any of its affiliates or subsidiaries, or to any successor in the interest of any business associated with the Services.

Modifications

We may revise these Terms from time to time to better reflect:

(a) changes to the law,

(b) new regulatory requirements, or

(c) improvements or enhancements made to our Services.

If an update affects your use of the Services or your legal rights as a user of our Services, we’ll notify you prior to the update's effective date by sending an email to the email address associated with your account or via an in-product notification. These updated terms will be effective no less than 30 days from when we notify you.

If you don’t agree to the updates we make, please cancel your account before they become effective. Where applicable, we’ll offer you a pro rata refund based on the amounts you have prepaid for Services and your account cancellation date. By continuing to use or access the Services after the updates come into effect, you agree to be bound by the revised Terms.

This translation is provided for convenience only and the English language version will control in the event of any discrepancies.

Dropbox Privacy Policy

Posted: 17 December 2019

Effective: 1 January 2020

You can see the previous Privacy Policy here.

Thank you for using Dropbox! Here we describe how we collect, use and handle your personal data when you use our websites, software and services (“Services”). For more information and details, please see our Frequently Asked Questions page.

What & Why

We collect and use the following information to provide, improve, protect and promote our Services.

Account information. We collect, and associate with your account, the information you provide to us when you do things such as sign up for your account, upgrade to a paid plan and set up two-factor authentication (such as your name, email address, phone number, payment info and physical address).

Your Stuff. Our Services are designed as a simple and personalised way for you to store your files, documents, photos, comments, messages and so on (“Your Stuff”), collaborate with others, and work across multiple devices and services. To make that possible, we store, process and transmit Your Stuff as well as information related to it. This related information includes your profile information, which makes it easier to collaborate and share Your Stuff with others, as well as things like the size of the file, the time it was uploaded, collaborators and usage activity.

Contacts. You can choose to give us access to your contacts to make it easy for you to do things like share and collaborate on Your Stuff, send messages and invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use.

Usage information. We collect information relating to how you use the Services, including actions you take in your account (such as sharing, editing, viewing, creating and moving files or folders). We use this information to provide, improve and promote our Services, and protect Dropbox users. Please refer to our FAQ for more information about how we use this usage information.

Device information. We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services. For example, we use device information to detect abuse and identify and troubleshoot bugs.

Cookies and other technologies. We use technologies such as cookies and pixel tags to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services. If our systems receive a DNT:1 signal from your browser, we’ll respond to that signal as outlined here. We may also use third-party service providers that set cookies and similar technologies to promote Dropbox services. You can find out more about how cookies and similar technologies work, as well as how to opt out of the use of them for advertising purposes, here.

Marketing. We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our Services, we will, from time to time, send you information about upgrades when permissible. Users who receive these marketing materials can opt out at any time. If you don’t want to receive a particular type of marketing material from us, click the ‘unsubscribe’ link in the corresponding emails, or update your preferences in the Notifications section of your personal account.

We sometimes contact people who don’t have a Dropbox account. For recipients in the EU, we or a third party will obtain consent before getting in touch. If you receive an email and no longer wish to be contacted by Dropbox, you can unsubscribe and remove yourself from our contact list via the message itself.

Bases for processing your data. We collect and use the personal data described above in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent that we process your personal data for other purposes, we ask for your consent in advance or require our partners to obtain such consent. For more information on the lawful bases for processing your data, please see our FAQ.

For more details on the categories of personal information that are included in the information above, please see our FAQ.

With whom

We may share information as discussed below, but we won’t sell it to advertisers or other third parties.

Others working for and with Dropbox. Dropbox uses certain trusted third parties (for example, providers of customer support and IT services) for the business purposes of helping us provide, improve, protect and promote our Services. These third parties will access your information to perform tasks on our behalf, and we’ll remain responsible for their handling of your information per our instructions. For a list of trusted third parties that we use to process your personal data and more details on the categories of personal information that we’ve disclosed, please see our FAQ.

Other Dropbox Companies. Dropbox shares infrastructure, systems and technology with other Dropbox Companies to provide, improve, protect and promote Dropbox Company Services. We process your information across the Dropbox Companies for these purposes, as permitted by applicable law and in accordance with their terms and policies. For more information on Dropbox Companies, Dropbox Company Services and how your data is used, please see our FAQ.

Other users. Our Services display information such as your name, profile picture, device, email address and usage information to other users you collaborate with or choose to share with. When you register your Dropbox account with an email address on a domain owned by your employer or organisation, we may help collaborators and administrators find you and your team by making some of your basic information – such as your name, team name, profile picture and email address – visible to other users in the same domain. This helps you sync up with teams you can join and helps other users share files and folders with you.

Certain features let you make additional information available to others.

Other applications. You can choose to connect your Dropbox account with third-party services – for example, via Dropbox APIs. By doing so, you’re enabling Dropbox and those third parties to exchange information about you and data in your account so that Dropbox and those third parties can provide, improve, protect and promote their services. Please remember that third parties’ use of your information will be governed by their own privacy policies and terms of service.

Business Team admins. If you are a user of a Dropbox Business team (collectively “Dropbox Business Team”), your administrator may have the ability to access and control your Dropbox Business Team account. Please refer to your organisation’s internal policies if you have questions about this. If you aren’t a Dropbox Business Team user but interact with a Dropbox Business Team user (for example, by joining a shared folder or accessing stuff shared by that user), members of that organisation may be able to view the name, email address, profile picture and IP address that was associated with your account at the time of that interaction. If you share Your Stuff with a Dropbox team user, the administrator of the team account may have the ability to access and edit what you share.

Law & order and the public interest. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process or appropriate government request; (b) protect any person from death or serious bodily harm; (c) prevent fraud or abuse of Dropbox or our users; (d) protect Dropbox’s rights, property, safety or interest; or (e) perform a task carried out in the public interest.

Stewardship of your data is critical to us and a responsibility that we embrace. We believe that your data should receive the same legal protections regardless of whether it’s stored on our Services or on your home computer’s hard drive. We’ll abide by the following Government Request Principles when receiving, scrutinising and responding to government requests (including national security requests) for your data:

  • Be transparent
  • Fight blanket requests
  • Protect all users and
  • Provide trusted services.

We publish a Transparency Report as part of our commitment to informing you about when and how governments ask us for information. This report details the types and numbers of requests we receive from law enforcement. We encourage you to review our Government Request Principles and Transparency Report for more detailed information on our approach and response to government requests.

How

Security. We have a team dedicated to keeping your information secure and testing for vulnerabilities. We continue to work on features to keep your information safe in addition to things like two-factor authentication, encryption of files at rest, and alerts when new devices and apps are linked to your account. We deploy automated technologies to detect abusive behaviour and content that may harm our Services, you or other users.

User controls. You can access, amend, download and delete your personal information by logging in to your Dropbox account and going to your account settings page. Find out more here about managing your account information generally, or click here to see how to change your profile information.

Retention. When you sign up for an account with us, we’ll retain information you store on our Services for as long as your account exists or for as long as we need it to provide you the Services. If you delete your account, we’ll initiate deletion of this information after 30 days. Find out more here. Please note: (1) there might be some latency in deleting this information from our servers and backup storage, and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes or enforce our agreements.

Where

Around the world. To provide you with the Services, we may store, process and transmit data in the United States and locations around the world – including those outside your country. Data may also be stored locally on the devices you use to access the Services.

EU-US Privacy Shield and Swiss-US Privacy Shield. When transferring data from the European Union, the European Economic Area, the United Kingdom and Switzerland, Dropbox relies on a variety of legal mechanisms, including contracts with our customers and affiliates. Dropbox complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union, the European Economic Area, the United Kingdom and Switzerland to the United States. Dropbox has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. You can find Dropbox’s Privacy Shield certification here. You can also find out more about Privacy Shield at https://www.privacyshield.gov.

Dropbox is overseen by the US Federal Trade Commission. JAMS is the US-based independent organisation responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. Please submit any such complaints directly to us first of all via privacy@dropbox.com. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.

Your control of and access to your data

You have control over your personal data and how it’s collected, used and shared. For example, you can:

  • Delete Your Stuff in your Dropbox account. You can find out more about how to delete files saved on Dropbox here.
  • Change or correct personal data. You can manage your account and the content contained in it, as well as edit some of your personal data, through your account settings page.
  • Access and take your data elsewhere. You can access your personal data from your Dropbox account and you can download a copy of Your Stuff in a machine-readable format as outlined here. You can also ask us for a copy of personal data you provided to us or that we’ve collected, the business or commercial purpose for collecting it, the types of sources we got it from, and types of third parties we’ve shared it with.
  • Object to the processing of your personal data. Depending on the processing activity, you can request that we stop or limit processing of your personal data.

If you would like to submit a data access request, ask for your personal data to be deleted or object to the processing of your personal data, please email us at privacy@dropbox.com. For more information on how to control and access your personal data, please see our FAQ.

Dropbox as controller or processor. If you reside in North America (the United States, Canada and Mexico), Dropbox, Inc. acts as your service provider. For all other users, Dropbox International Unlimited Company acts as a controller of your personal data. If you are a Dropbox Business or Education customer outside North America, Dropbox acts as a processor of your data.

Changes

If we’re involved in a reorganisation, merger, acquisition or sale of our assets, your data may be transferred as part of that deal. We’ll notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.

Contact

Do you have questions or concerns about Dropbox, our Services and privacy? Contact our Data Protection Officer at privacy@dropbox.com. If they can’t answer your question, you have the right to contact your local data protection supervisory authority.

This translation is provided for convenience only and the English language version will control in the event of any discrepancies.

Dropbox Business Agreement

Posted: 20th July 2020

Effective: 19th August 2020

This Dropbox Business Agreement (the 'Business Agreement') is between Dropbox International Unlimited Company, if your organisation is based outside of the United States and its territories and possessions, Canada and Mexico ('North America'), or, if your organisation is based in North America, between Dropbox, Inc., a Delaware corporation (each, 'Dropbox'), and the organisation agreeing to these terms ('Customer'). This Business Agreement governs access to and use of the Services and Beta Services. By clicking 'I agree', signing your contract for the Services, or using the Services, you agree to this Business Agreement as a Customer.

To the extent that Dropbox, Inc. is, on behalf of the Customer, Processing Customer Data that is subject to EU Data Protection Laws, by clicking 'I agree', you are also agreeing to the Data Processing Agreement and EU Standard Contractual Clauses, defined below, with Dropbox, Inc. for the transfer of Personal Data to processors.

If you are agreeing to this Business Agreement and, if applicable, the Data Processing Agreement, for use of the Services by an organisation, you are agreeing on behalf of that organisation. You must have the authority to bind that organisation to these terms, otherwise you must not sign up for the Services.

  1. Services.
    1. Provision. The Agreement governs access to, and use of, the Services and Software Purchased under an Order Form the Customer and End Users may access and use the Services in accordance with the Agreement
    2. Modifications. Dropbox may update the Services from time to time. If Dropbox changes the Services in a manner that materially reduces their functionality, Dropbox will notify Customer at the email address associated with the account, and Customer may provide notice within thirty days of the change to terminate the Agreement. This termination right will not apply to updates made to features provided on a beta or evaluation basis. For certain significant new features, Dropbox may notify Administrators or End Users of the new features via email, provided that an option to unsubscribe from receiving such emails will be available to any potential recipient.
    3. Software.
      1. Generally. Some of the Services allow the Customer and End Users to download Software that may be updated automatically. If any component of the Software is offered under an open source licence, Dropbox will make the licence available to the Customer and, to the extent that the provisions of that licence grant the Customer additional rights, those provisions will expressly override some terms of the Agreement with respect to that component of the Software.
      2. Licence. Dropbox hereby grants to the Customer during the Term a limited non-exclusive licence to use the Software solely in connection with the Services and in accordance with the Agreement. This licence is non-transferable (subject to Section 14.8), irrevocable (except as set forth in Section 9), non-sublicensable and will be fully paid up upon the Customer's payment of the Fees.
    4. Customer Domains. Prior to providing the Services, Dropbox may require Customer to verify that Customer owns or controls the Customer Domains. If Customer does not own or control the Customer Domains, then Dropbox will have no obligation to provide Customer with the Services.
  2. Customer Obligations.
    1. Customer Administration of the Services. Customer may specify End Users as Administrators, including through multiple tiers of Administrators, through the Admin Console. Administrators may be able to: (a) access, disclose, restrict or remove Customer Data in or from End User Accounts; and (b) monitor, restrict or terminate access to End User Accounts. The End User Accounts Administrators may manage as described in the preceding sentence may include End User Accounts of lower tier Administrators. Customer is responsible for maintaining the confidentiality of passwords and Admin Accounts, and managing access to Admin Accounts. Dropbox’s responsibilities do not extend to the internal management or administration of the Services for Customer.
    2. Third Party Administration. The Customer acknowledges that, if the Customer purchases the Services through a reseller and designates any of the reseller's personnel as Administrators of the Customer's Services account, the reseller may be able to control account information, including Customer Data, and access the Customer's Services account as described above.
    3. Unauthorised Use or Access. Customer will prevent unauthorised use of the Services by its End Users and terminate any unauthorised use of or access to the Services. End User Accounts may only be provisioned, registered and used by a single End User. The Services are not intended for End Users under the age of 13. Customer will ensure that it does not allow any person under 13 to use the Services. Customer will promptly notify Dropbox of any unauthorised use of or access to the Services.
    4. Restrictions. Customer will not: (a) sell, resell or lease the Services or Software; (b) use the Services or Software for activities where use or failure of the Services or Software could lead to physical damage, death or personal injury; (c) reverse engineer the Services or Software, or attempt or assist anyone else to do so, unless this restriction is prohibited by law; (d) use the Services or Software, including the export or re-export of Customer Data, in violation of Export Control Laws; (e) violate or circumvent any Service Limits of the Services or otherwise configure the Services to avoid Service Limits; or (f) establish a Dropbox Business account as an individual for personal, family or household purposes.
    5. Compliance.
      1. Generally. Customer and its End Users must use the Services in compliance with the Acceptable Use Policy. Customer will comply with laws and regulations applicable to Customer's use of the Services. Customer must satisfy itself that: (i) the Services are appropriate for its purposes, taking into account the nature of the Customer Data; and (ii) the technical and organisational requirements applicable to Dropbox under EU Data Protection Laws are satisfied by the Security Measures and the Agreement.
      2. End Users. Customer is responsible for use of the Services by its End Users. Customer will obtain and maintain from End Users any consents necessary to allow Administrators to engage in the activities described in the Agreement and to allow Dropbox to deliver the Services.
      3. Customer Actions. Customer will not take any action that would cause Dropbox to violate EU Data Protection Laws, the US Foreign Corrupt Practices Act of 1977, as amended, the UK Bribery Act of 2010 or any other applicable anti-bribery, anti-corruption or anti-money laundering law.
      4. Compliance Assistance. To assist Customer with its compliance obligations under applicable privacy laws related to security, data protection impact assessments and prior consultation with supervisory authorities, Dropbox will make the following available during the Term: (a) the Audit Reports described below; (b) the information contained in Exhibits A and B of the Data Processing Agreement; and (c) the information found at https://www.dropbox.com/business/trust/compliance/certificationscompliance and https://www.dropbox.com/security/gdpr.
      5. Audit Reports. Dropbox has completed Service Organisation Control 2 (SOC 2) Type II, Service Organisation Control 1 (SOC 1) Type II, ISO 27001 and ISO 27018 audits for the Services, which were conducted by an independent auditor that evaluated the design and effectiveness of Dropbox security policies, procedures and controls. Dropbox will continue to undergo regular Service Organisation Control audits for the Service during the Term. At no cost to Customer, upon Customer’s written request, but no more than once per year, Dropbox will provide Customer a copy of the most recent SOC 2 Type 2 and ISO reports ('Audit Reports'), subject to Customer agreeing to treat the SOC 2 report as Dropbox’s confidential information pursuant to a non-disclosure agreement.
      6. Customer Inspections. If, after reviewing the materials in Section 2.5.d above, Customer reasonably believes it needs further information in order to meet its compliance obligations, Dropbox will use commercially reasonable efforts to respond to written requests by Customer regarding the materials. If Customer is not satisfied with Dropbox’s response to questions provided pursuant to this Section 2.6.f, Dropbox will permit Customer, or an agreed upon Customer representative, subject to appropriate confidentiality obligations, to visit Dropbox’s premises and discuss Dropbox’s responses with Dropbox personnel. Dropbox reserves the right to: (a) charge a separate fee for its reasonable costs associated with performing any of its obligations in this Section 2.6.f, provided that Dropbox will provide an estimate of these fees to Customer prior to incurring the costs; or (b) object to any Customer representative participating in an inspection on the basis that they are not qualified, are not bound by an adequate requirement to protect confidential Dropbox information or are a competitor of Dropbox. For Customer inspections pursuant to this Section 2.6.f, the Parties will first mutually agree on the scope, timing and duration of the inspection. Dropbox reserves the right to limit the scope and duration of an inspection to the extent reasonably necessary to avoid compromising the integrity of Dropbox’s security or any Dropbox customer’s or end user’s data.
      7. HIPAA. Customer will not store, transmit or otherwise process any information via the Services that falls within the definition of “Protected Health Information” under the HIPAA Privacy Rule (45 C.F.R. Section 164.051), unless Customer and Dropbox separately enter into a HIPAA Business Associate Agreement, which may be done via the Admin Console.
    6. Third-Party Apps and Integrations. If Customer uses any third-party service or applications, such as a service that uses a Dropbox API, with the Services: (a) Dropbox will not be responsible for any act or omission of the third-party, including the third-party’s access to or use of Customer Data; and (b) Dropbox does not warrant or support any service provided by the third-party. Customer will comply with any API limits associated with the Services plan purchased by Customer.
  3. Customer Data.
    1. Customer Data Limitations. This Agreement constitutes Customer’s instructions to Dropbox to Process Customer Data. Dropbox, Dropbox personnel and its Subcontractors will only Process, access, use, store and transfer Customer Data as Customer instructs in order to deliver the Services and to fulfil Dropbox’s obligations in the Agreement. The categories of Personal Data to be processed by Dropbox and the processing activities to be performed under this Agreement are set out in the Data Processing Agreement. Dropbox will inform Customer of any legal requirement which prevents it from complying with Customer’s instructions, unless prohibited from doing so by applicable law or on important grounds of public interest. Any Dropbox personnel who have access to Customer Data will be bound by appropriate confidentiality obligations.
    2. Security Measures. Dropbox will use industry standard technical and organisational security measures to transfer, store and process Customer Data that, at a minimum, will comply with the Security Measures. Dropbox may update the Security Measures from time to time. Dropbox will provide Customer with at least sixty days prior notice if Dropbox updates the Security Measures in a manner that materially diminishes the administrative, technical or physical security features of the Services taken as a whole. Within five business days of receipt of this notice, Customer may elect to terminate the Agreement and associated Order Forms by providing written notice to Dropbox.
    3. Third-Party Requests.
      1. Customer Responsibility. Customer is responsible for responding to Third-Party Requests via its own access to information. Customer will seek to obtain information required to respond to Third-Party Requests and will contact Dropbox only if it cannot comply with the Third-Party Request despite diligent efforts.
      2. Dropbox Responsibility. If Dropbox receives a Third-Party Request, Dropbox will make commercially reasonable efforts, to the extent allowed by law and by the terms of the Third-Party Request, to: (i) promptly notify Customer of Dropbox's receipt of a Third-Party Request; (ii) comply with Customer's commercially reasonable requests regarding its efforts to oppose a Third-Party Request; and (iii) provide Customer with information or tools required for Customer to respond to the Third-Party Request, if Customer is otherwise unable to respond to the Third-Party Request. If Dropbox is prohibited from notifying Customer of a Third-Party Request or Customer fails to promptly respond to any Third-Party Request, then Dropbox may, but will not be obligated to do so, to the extent permitted by applicable law.
    4. Customer Data Sharing. The Services may enable End Users to share Customer Data, including to other Customer End Users and to third parties. Recipients of shared Customer Data may access, view, download and share this Customer Data, including in and through their own Services accounts. Customer understands: (a) it is solely Customer's, and its End Users', choice to share Customer Data; (b) Dropbox cannot control third parties with whom Customer has shared Customer Data; and (c) Customer and its End Users are solely responsible for their use of the Services, including any sharing of Customer Data through the Services.
  4. Data Transfers.
    1. Data Transfer. Customer agrees that Dropbox and its Subcontractors may transfer Customer Data to and access, use and store Customer Data in locations other than Customer's country.
    2. Data Processing Agreement. To the extent Customer Data is subject to EU Data Protection Laws and is processed by Dropbox on Customer's behalf, Customer and Dropbox agree to the Data Processing Agreement. The Data Processing Agreement applies only to the Services and does not apply to Beta Services.
    3. EU-US and Swiss-US Privacy Shield Programs. Dropbox is certified and complies with the EU-US and Swiss-US Privacy Shield Programs, as set forth by the US Department of Commerce regarding the collection, use and retention of Personal Data transferred from the EEA, Switzerland and the United Kingdom (to the extent it is no longer part of the EEA) to the United States in reliance on Privacy Shield. If the Privacy Shield Programs are invalidated, Dropbox will use commercially reasonable efforts to comply with alternate or successor data transfer mechanisms.
  5. Payment.
    1. Fees. Customer will pay Dropbox or Customer's reseller all applicable Fees for the Services, in the currency and pursuant to the payment terms indicated on the Order Form, or in the applicable agreement between Customer and Customer’s reseller. Customer authorises Dropbox, or Customer's reseller, to charge Customer for all applicable Fees using Customer's selected payment method, and Customer will issue the required purchasing documentation. Fees are non-refundable except as required by law or as otherwise specifically permitted in the Agreement.
    2. Payment. Customer will pay Dropbox invoices on the payment interval set forth in the Order Form. Dropbox may suspend or terminate the Services if Fees are past due. Customer will provide complete and accurate billing and contact information to Dropbox or to Customer's reseller.
    3. Taxes. Fees are exclusive of taxes and Customer is responsible for all Taxes. Dropbox, or Customer's reseller, will charge Taxes when required to do so. If Customer provides Dropbox or its reseller with a valid exemption certificate, Dropbox will not collect the taxes covered by that certificate.
    4. Withholding Taxes. Customer will pay Dropbox or its reseller net of any applicable Withholding Taxes. Customer and Dropbox, or Customer's reseller if applicable, will work together to avoid any Withholding Tax if exemptions, or a reduced treaty withholding rate, are available. If Dropbox or Customer's reseller qualifies for a tax exemption, or a reduced treaty withholding rate, Dropbox or Customer's reseller will provide Customer with reasonable documentary proof. Customer will provide Dropbox or Customer's reseller reasonable evidence that it has paid the relevant authority for the sum withheld or deducted.
    5. Auto-renewals and Trials. IF THE CUSTOMER'S ACCOUNT IS SET TO AUTO-RENEWAL OR IS IN A TRIAL PERIOD AND THE CUSTOMER HAS ALREADY PROVIDED A METHOD OF PAYMENT TO DROPBOX FOR THE SERVICES, DROPBOX (OR THE CUSTOMER'S RESELLER) MAY CHARGE AUTOMATICALLY AT THE END OF THE TRIAL OR FOR THE RENEWAL, UNLESS THE CUSTOMER NOTIFIES DROPBOX (OR THE CUSTOMER'S RESELLER, AS APPLICABLE) THAT THE CUSTOMER WANTS TO CANCEL OR DISABLE AUTO-RENEWAL. Dropbox may revise Services rates by providing the Customer at least thirty days' notice prior to the next charge.
    6. Purchase Orders. If Customer requires the use of a purchase order or purchase order number, Customer: (i) must provide the purchase order number at the time of purchase; and (ii) agrees that any terms and conditions on a Customer purchase order will not apply to this Agreement and are null and void. If the Customer is purchasing via a reseller, any terms and conditions from the Customer's reseller or in a purchase order between the Customer and its reseller that conflict with the Agreement are null and void.
  6. Suspension.
    1. Of End User Accounts by Dropbox. If an End User: (a) violates the Agreement; or (b) uses the Services in a manner that Dropbox reasonably believes will cause it liability, then Dropbox may request that Customer suspend or terminate the applicable End User account. If Customer fails to promptly suspend or terminate the End User account, then Dropbox may do so.
    2. Security Emergencies. Notwithstanding anything in the Agreement, if there is a Security Emergency, Dropbox may automatically suspend use of the Services. Dropbox will make commercially reasonable efforts to narrowly tailor the suspension as needed to prevent or terminate the Security Emergency.
  7. Intellectual Property Rights.
    1. Reservation of Rights. Except as expressly set forth herein, the Agreement does not grant: (a) Dropbox any Intellectual Property Rights in Customer Data; or (b) Customer any Intellectual Property Rights in the Services or Dropbox trademarks and brand features.
    2. Limited Permission. Customer grants Dropbox only the limited rights that are reasonably necessary for Dropbox to deliver the Services. This limited permission also extends to Subcontractors or Sub-processors.
    3. Suggestions. Dropbox may use, modify and incorporate into its products and services, licence and sub-licence, any feedback, comments or suggestions on the Services that Customer or End Users may send Dropbox or post in Dropbox's forums without any obligation to Customer.
  8. Term.
    1. Agreement Term. The Agreement will remain in effect for the Term.
    2. Services Term. Dropbox will deliver the Services to Customer for the Services Term. Unless the parties agree otherwise in writing, End User Accounts purchased during any Services Term will have a prorated term ending on the last day of the pre-existing Services Term.
    3. Automatic Renewals. Unless otherwise specified on the Order Form, following the Initial Services Term or a Renewal Term, the subscription to the Services will automatically renew for a Renewal Term, unless either Party gives the other written notice of termination at least thirty days prior to the expiration of the then-current Services term. If Customer has provided a payment method to Dropbox for recurring charges as provided in Section 5.5, Customer may elect to terminate the Agreement via the Admin Console prior to the day a Renewal Term begins.
  9. Termination.
    1. Generally. Either Party may terminate the Agreement, including all Order Forms, if: (i) the other Party is in material breach of the Agreement and fails to cure that breach within thirty days after receipt of written notice; or (ii) the other Party ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within ninety days. Dropbox may terminate this Agreement and suspend Customer’s access to the Services if required to do so by law or for an egregious violation by Customer of the Acceptable Use Policy.
    2. Effects of Termination. If the Agreement terminates: (a) except as set forth in this Section, the rights and licences granted by Dropbox to Customer will cease immediately; (b) Customer may, prior to termination, request reasonable additional time to export its Stored Data, provided that Dropbox may charge Customer for this extended access based on Dropbox's then-current standard fees; and (c) Dropbox will delete any End User Accounts and Stored Data in Customer's account in a commercially reasonable period of time following receipt of an Administrator's request to do so prior to termination of the Services. Dropbox may make instructions available to Customer regarding how to submit the Administrator request described in clause (c) of the previous sentence and Customer is responsible for following these instructions to initiate a deletion.
    3. Survival. The following sections will survive expiration or termination of the Agreement: 3.3 (Third-Party Requests), 5 (Payment), 7 (Intellectual Property Rights), 9.2 (Effects of Termination), 9.3 (Survival), 10 (Indemnification), 11 (Disclaimers), 12 (Limitation of Liability), 13 (Disputes) and 14 (Miscellaneous). Notwithstanding the foregoing, Section 3.3 (Third-Party Requests) shall not survive termination if Dropbox has exercised a right to terminate the Agreement.
  10. Indemnification.
    1. By Customer. The Customer will indemnify, defend and hold harmless Dropbox from and against all liabilities, damages and costs (including settlement costs and reasonable legal fees) arising out of any Claim against Dropbox and its Affiliates regarding: (a) Customer Data; (b) Customer Domains; or (c) the Customer's, or the Customer's End Users', use of the Services in violation of the Agreement.
    2. By Dropbox. Dropbox will indemnify, defend and hold harmless Customer from and against all liabilities, damages and costs (including settlement costs and reasonable legal fees) arising out of any Claim against the Customer to the extent based on an allegation that Dropbox's technology used to deliver the Services to the Customer infringes or misappropriates any copyright, trade secret, US patent or trademark right of the third party. In no event will Dropbox have any obligations or liability under this section arising from: (a) use of any Services in a modified form or in combination with materials not furnished by Dropbox; and (b) any content, information or data provided by the Customer, End Users or other third parties.
    3. Possible Infringement. If Dropbox believes the Services or Software infringe or may be alleged to infringe a third party's Intellectual Property Rights, Dropbox may: (a) obtain the right for the Customer, at Dropbox's expense, to continue using the Services or Software; (b) provide a non-infringing functionally equivalent replacement; or (c) modify the Services or Software so that they no longer infringe. If Dropbox does not believe the options described in this section are commercially reasonable, Dropbox may suspend or terminate the Customer's use of the affected Services or Software, with a pro rata refund of prepaid fees for the Services or Software.
    4. General. The Party seeking indemnification will notify the other Party promptly of the claim and cooperate with the other Party in defending the claim. The indemnifying Party will have full control and authority over the defence, except that: (a) any settlement requiring the Party seeking indemnification to admit liability requires prior written consent, not to be unreasonably withheld or delayed; and (b) the other Party may join in the defence with its own legal representation at its own expense. THE INDEMNITIES ABOVE ARE DROPBOX AND THE CUSTOMER'S ONLY REMEDY UNDER THE AGREEMENT FOR VIOLATION BY THE OTHER PARTY OF A THIRD PARTY'S INTELLECTUAL PROPERTY RIGHTS.
  11. Disclaimers.
    1. Generally. THE SERVICES AND SOFTWARE ARE PROVIDED "AS IS". TO THE FULLEST EXTENT PERMITTED BY LAW, EXCEPT AS EXPRESSLY STATED IN THE AGREEMENT, NEITHER CUSTOMER NOR DROPBOX AND ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE OR NON-INFRINGEMENT. CUSTOMER IS RESPONSIBLE FOR USING THE SERVICES OR SOFTWARE IN ACCORDANCE WITH THE TERMS SET FORTH HEREIN AND BACKING UP ANY STORED DATA ON THE SERVICES.
    2. Beta Services.
      1. Use In Customer’s Discretion. Despite anything to the contrary in the Agreement: (a) the Customer may choose to use Beta Services at its sole discretion; (b) Beta Services may not be supported and may be changed at any time without notice; (c) Beta Services may not be as reliable or available as the Services; (d) Beta Services have not been subjected to the same Security Measures and auditing to which the Services have been subjected; and (e) DROPBOX WILL HAVE NO LIABILITY ARISING OUT OF OR IN CONNECTION WITH BETA SERVICES – USE AT YOUR OWN RISK.
      2. Feedback. Dropbox offers Beta Services in order to get user feedback. In exchange for using Beta Services, Customer Agrees that Dropbox may contact Customer and its End Users to obtain feedback regarding Beta Services. Customer agrees to: (i) and hereby does, assign to Dropbox all right, title and interest in any feedback; and (ii) provide Dropbox any reasonable assistance necessary to document and maintain Dropbox’s rights in the feedback. This feedback may include oral or written comments, suggestions, error reports and analysis.
      3. Confidential. Beta Services are confidential until officially launched by Dropbox. Customer will take reasonable measures to keep information regarding the Beta Services confidential, including at least those measures Customer takes to protect its own confidential information of a similar nature. Customer will not disclose information regarding Beta Services to any third parties, and will keep new features and functionality confidential until officially launched by Dropbox. Customer may disclose information regarding Beta Services to the extent required by law or regulation if Customer gives Dropbox reasonable advance written notice, to the extent permitted, so Dropbox can seek to prevent or limit the disclosure.
  12. Limitation of Liability.
    1. Limitation on Indirect Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, EXCEPT FOR DROPBOX OR CUSTOMER'S INDEMNIFICATION OBLIGATIONS, NEITHER CUSTOMER NOR DROPBOX AND ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS WILL BE LIABLE UNDER THE AGREEMENT FOR (I) INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES, OR (II) LOSS OF USE, DATA, BUSINESS, REVENUES OR PROFITS (IN EACH CASE WHETHER DIRECT OR INDIRECT), EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
    2. Limitation on Amount of Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, DROPBOX'S AGGREGATE LIABILITY UNDER THE AGREEMENT WILL NOT EXCEED THE LESSER OF $100,000 OR THE AMOUNT PAID BY CUSTOMER TO DROPBOX HEREUNDER DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY.
  13. Disputes.
    1. Informal Resolution. Before filing a claim, each Party agrees to try to resolve the dispute by contacting the other Party through the notice procedures in Section 14.6. If a dispute is not resolved within thirty days of notice, the Customer or Dropbox may bring a formal proceeding.
    2. Arbitration. The Customer and Dropbox agree to resolve any claims relating to the Agreement or the Services through final and binding arbitration, except as set forth below. The American Arbitration Association (AAA) will administer the arbitration under its Commercial Arbitration Rules. The arbitration will be held in San Francisco (CA), or any other location to which both parties agree in writing.
    3. Exception to Arbitration. Either Party may bring a lawsuit in the federal or state courts of San Francisco County, California solely for injunctive relief to stop unauthorised use or abuse of the Services or infringement of Intellectual Property Rights without first engaging in the informal dispute notice process described above. Both the Customer and Dropbox consent to venue and personal jurisdiction there.
    4. NO CLASS ACTIONS. Customer may only resolve disputes with Dropbox on an individual basis and will not bring a claim in a class, consolidated or representative action. Class arbitrations, class actions, private lawyer general actions and consolidation with other arbitrations are not allowed.
  14. Miscellaneous.
    1. Terms Modification. Dropbox may revise this Agreement from time to time and the most current version will always be posted on the Dropbox Business website. If a revision, in Dropbox's sole discretion, is material, Dropbox will notify the Customer (by, for example, sending an email to the email address associated with the applicable account). Other revisions may be posted to Dropbox's blog or terms page, and the Customer is responsible for checking these postings regularly. By continuing to access or use the Services after revisions become effective, the Customer agrees to be bound by the revised Agreement. If the Customer does not agree to the revised Agreement terms, the Customer may terminate the Services within thirty days of receiving notice of the change.
    2. Entire Agreement. The Agreement supersedes any prior agreements or understandings between the Parties, and constitutes the entire agreement between the Parties related to this subject matter. All attachments to this Business Agreement, the Data Processing Agreement, Customer invoices and Order Forms executed by the Parties are hereby incorporated into the Agreement by this reference.
    3. Interpretation of Conflicting Terms. If there is a conflict between the documents that make up the Agreement, the documents will control in the following order: the invoice, the Services Addenda, Order Form, the Business Agreement. The terms and conditions of the Agreement will be considered the confidential information of Dropbox, and the Customer will not disclose the information to any third parties. The Customer agrees that any terms and conditions on a Customer purchase order will not apply to the Agreement and are null and void. If End Users are required to click through terms of service in order to use the Services, those click-through terms are subordinate to this Agreement and the Agreement will control if there is a conflict.
    4. Governing Law. THE AGREEMENT WILL BE GOVERNED BY CALIFORNIA LAW EXCEPT FOR ITS CONFLICTS OF LAWS PRINCIPLES.
    5. Severability. Unenforceable provisions will be modified to reflect the parties' intention and only to the extent necessary to make them enforceable, and the remaining provisions of the Agreement will remain in full effect.
    6. Notice. Notices must be sent via email, first class post, airmail or overnight courier and are deemed given when received. Notices to the Customer may also be sent to the applicable account email address and are deemed given when sent. Notices to Dropbox must be sent to Dropbox Legal at contractnotices@dropbox.com, with a copy to Dropbox, Inc., P.O. Box 77767, San Francisco, CA 94107, USA for the attention of the Legal Department.
    7. Waiver. A waiver of any default is not a waiver of any subsequent default.
    8. Assignment. The Customer may not assign or transfer the Agreement or any rights or obligations under this Agreement without the written consent of Dropbox, except that Customer may assign the Agreement to the surviving entity in connection with a merger, acquisition or sale of all or substantially all of its assets by providing written notice to Dropbox. Dropbox may not assign the Agreement without providing notice to the Customer, except Dropbox may assign the Agreement or any rights or obligations under the Agreement to an Affiliate or in connection with a merger, acquisition, corporate reorganisation or sale of all or substantially all of its assets without providing notice. Any other attempt to transfer or assign is void.
    9. No Agency. Dropbox and Customer are not legal partners or agents, but are independent contractors.
    10. Subcontracting. Customer consents to Dropbox’s appointment of Subcontractors, including Sub-processors, to perform the Services. Dropbox will remain liable for all acts or omissions of its Subcontractors or Sub-processors, and for any subcontracted obligations. Dropbox will list its current Sub-processors at: https://assets.dropbox.com/documents/en/legal/subprocessors-dfb-013118.pdf or another link provided by Dropbox from time to time. Dropbox may add or remove Sub-processors from time to time. Dropbox will inform Customer in advance of new Sub-processors via a subscription mechanism described in the list of Sub-processors linked above. If Customer objects to a change, it will provide Dropbox with notice of its objection to privacy@dropbox.com including reasonable detail supporting Customer’s concerns within sixty days of receiving notice of a change from Dropbox or, if Customer has not subscribed to receive this notice, within sixty days of Dropbox publishing the change. Dropbox will then use commercially reasonable efforts to review and respond to Customer’s objection within thirty days of receipt of Customer’s objection. Dropbox’s response to Customer’s objection will include, at a minimum, reasonable accommodations, if any, that Customer or Dropbox can take to limit or prevent a new Sub-processor from acting as a processor of Customer Data when Customer makes use of the Services. If Dropbox does not respond to a Customer objection as described above, or cannot reasonably accommodate Customer’s objection, Customer may terminate the Agreement by providing written notice to Dropbox: (a) within thirty days of receipt of a Dropbox response that does not comply with this Section 14.10; or (b) if Dropbox fails to respond, within thirty days of the date Dropbox’s response was due.
    11. Force Majeure. Except for payment obligations, neither Dropbox nor Customer will be liable for inadequate performance to the extent caused by a condition that was beyond the Party's reasonable control (for example, natural disaster, act of war or terrorism, riot, labour condition, governmental action and Internet disturbance).
    12. No Third-Party Beneficiaries. There are no third-party beneficiaries to the Agreement. Without limiting this section, a Customer's End Users are not third-party beneficiaries to Customer's rights under the Agreement.
  15. Definitions.
    • 'Acceptable Use Policy' means the Dropbox acceptable use policy set forth at the following link, or another link that Dropbox may provide: https://www.dropbox.com/acceptable_use.
    • "Account Data" means the account and contact information submitted to the Services by Customer or End Users.
    • "Administrator" means a Customer-designated technical End User who administers the Services to End Users on Customer's behalf, through multiple tiers.
    • "Admin Account" means an administrative account provided to Customer by Dropbox for the purpose of administering the Services.
    • "Admin Console" means the online tool provided by Dropbox to Customer for use in administering the Services.
    • "Affiliate" means any entity that controls, is controlled by or is under common control with a Party, where "control" means the ability to direct the management and policies of an entity.
    • "Agreement" means, collectively, this Business Agreement, each applicable Order Form, the Data Processing Agreement and, if applicable, the HIPAA Business Associate Agreement and any Services Addenda entered into by the Parties.
    • "Beta Services" means services or features identified as alpha, beta, preview, early access or evaluation or words or phrases with similar meanings.
    • "Claim" means a claim by a third party, including a regulatory penalty.
    • "Customer Data" means Stored Data, Account Data and messages, comments, structured data, images and other content submitted to the Services by Customer or End Users.
    • "Customer Domains" means Customer's Internet domain names.
    • "Data Processing Agreement" means the agreement with Dropbox related to compliance with EU Data Protection Laws set forth at the following link: https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf or other link that Dropbox may provide.
    • "EEA" means European Economic Area.
    • "Effective Date" means the date this Business Agreement is last signed by a Party.
    • "End Users" means users of Customer's Services account. End Users may include Customer's and its Affiliate's employees and consultants.
    • "End User Account" means a Dropbox hosted account established by Customer through the Services for an End User.
    • "EU Data Protection Laws" means, to the extent in force and applicable from time to time, those laws implementing the EU General Data Protection Regulation (2016/679) and any implementing laws in each EU member state.
    • "EU-US Privacy Shield Program" means the EU-US Privacy Shield Program framework and its principles as set forth by the US Department of Commerce and the European Commission regarding the collection, use and retention of personal data from EU member states.
    • "Excluded Features" means services or features listed here https://assets.dropbox.com/documents/en-us/legal/dfb-services-exceptions.pdf, which list may be updated from time to time by Dropbox, provided that non-Beta features incorporated in the Services as of the Effective Date will not be transitioned to the Excluded Features list during the Term.
    • 'Export Control Laws' means all applicable export and re-export control laws and regulations, including the Export Administration Regulations ('EAR') maintained by the US Department of Commerce, trade and economic sanctions maintained by the Treasury Department's Office of Foreign Assets Control, and the International Traffic in Arms Regulations ('ITAR') maintained by the Department of State.
    • "Fees" means the amounts invoiced to Customer by Dropbox for the Services.
    • "HIPAA Business Associate Agreement" means an agreement between Customer and Dropbox detailing each Party's obligations regarding "Protected Health Information" under the HIPAA Privacy Rule (45 C.F.R. Section 164.051).
    • "Initial Services Term" means the term for the applicable Services beginning on the Provisioning Date and continuing for the duration set forth on the Order Form.
    • "Intellectual Property Rights" means current and future worldwide rights under patent, copyright, trade secret, trademark, moral rights and other similar rights.
    • "Order Form" means the ordering document, or order page, for the Services.
    • "Personal Data, "Process," and "Processing"" have the meaning given to those terms in the EU Data Protection Laws.
    • "Provisioning Date" is the date upon which Dropbox makes the Services available to Customer.
    • "Renewal Term" means, unless otherwise agreed to in writing by the Parties, the twelve-month renewal term following either the Initial Services Term, or a previous Renewal Term. Renewal Terms are set forth on the Order Form.
    • "Security Emergency" means: (i) use of the Services that do or could disrupt the Services, other customers' use of the Services, or the infrastructure used to deliver the Services; or (ii) unauthorised third-party access to the Services.
    • "Security Measures" means the technical and organisational security measures described at https://assets.dropbox.com/documents/en/legal/security-measures.pdf or other link that Dropbox may provide.
    • "Services" means the services ordered by Customer on the Order Form. If Customer orders Dropbox Business, the Services are described at https://www.dropbox.com/business/plans-comparison, or other link that Dropbox may provide. Any other Services will be referenced in the applicable Order Form.
    • "Services Addendum" means a document attached to an Order Form that lists particular Services and includes terms and conditions specific to those Services.
    • "Services Term" means the Initial Services Term and all Renewal Terms for the applicable Services.
    • "Service Limits" means rate, storage, End User or other limits on Customers use of the Services as described in the applicable Order Form.
    • "Software" means the client software provided as part of the Services, either directly by Dropbox or through third party distribution channels such as app stores.
    • "Stored Data" means the files uploaded to the Services using the Software by Customer or End Users.
    • "Subcontractor" means an entity to whom Dropbox subcontracts any of its obligations under the Agreement.
    • "Sub-processor" means an entity who agrees to Process Customer Data on Dropbox's behalf, or on behalf of another Dropbox sub-processor, in order to deliver the Services.
    • "Taxes" means any sales, use, value added, goods and services, consumption, excise, local stamp or other tax, (including but not limited to ISS, CIDE, PIS, CONFINS), duty or other charge of any kind or nature excluding tax that is based on Dropbox's net income, associated with the Services or Software, including any related penalties or interest.
    • "Term" means the term of the Agreement, which will begin on the Effective Date and continue until the earlier of: (i) the end of all applicable Services Terms; or (ii) the Agreement is terminated as set forth herein.
    • "Third-Party Request" means a request from a third-party for records relating to an End User's use of the Services including information in or from an End User Account, or from Customer's Services account. Third-Party Requests may include valid search warrants, court orders or subpoenas, or any other request for which there is written consent from End Users, or an End User's authorised representative, permitting a disclosure.
    • 'Withholding Taxes' mean any income taxes that are imposed on Dropbox or Customer's reseller in which Customer is required by law to withhold or deduct from the payment to Dropbox or Customer's reseller.

This translation is provided for convenience only and the English language version will control in the event of any discrepancies.

Dropbox DMCA Policy

Dropbox (“Dropbox”) respects the intellectual property rights of others and expects its users to do the same. In accordance with the Digital Millennium Copyright Act of 1998, the text of which may be found on the US Copyright Office website at http://www.copyright.gov/legislation/dmca.pdf, Dropbox will respond expeditiously to claims of copyright infringement committed using the Dropbox service and/or the Dropbox website (the “Site”) if such claims are reported to Dropbox’s Designated Copyright Agent identified in the sample notice below.

If you are a copyright owner, authorised to act on behalf of one, or authorised to act under any exclusive right under copyright, please report alleged copyright infringements taking place on or through the Site by completing the following DMCA Notice of Alleged Infringement and delivering it to Dropbox’s Designated Copyright Agent. Upon receipt of Notice as described below, Dropbox will take whatever action, in its sole discretion, it deems appropriate, including removal of the challenged content from the Site.

DMCA Notice of Alleged Infringement (“Notice”)

  1. Identify the copyrighted work that you claim has been infringed or - if multiple copyrighted works are covered by this Notice - you may provide a representative list of the copyrighted works that you claim have been infringed.

  2. Identify the material or link you claim is infringing (or the subject of infringing activity) and to which access is to be disabled, including at a minimum, if applicable, the URL of the link shown on the Site or the exact location where such material may be found.

  3. Provide your company affiliation (if applicable), postal address, telephone number and, if available, email address.

  4. Include both of the following statements in the body of the Notice:

    • “I hereby state that I have a good faith belief that the disputed use of the copyrighted material is not authorised by the copyright owner, its agent or the law (e.g. as a fair use)”.

    • “I hereby state that the information in this Notice is accurate and, under penalty of perjury, that I am the owner, or authorised to act on behalf of, the owner, of the copyright or of an exclusive right under the copyright that is allegedly infringed”.

  5. Provide your full legal name and your electronic or physical signature.

Deliver this Notice, with all items completed, to Dropbox’s Designated Copyright Agent:

Copyright Agent
Dropbox Inc.
333 Brannan Street
San Francisco, CA 94107

This translation is provided for convenience only and the English language version will control in the event of any discrepancies.

Dropbox Acceptable Use Policy

Dropbox is used by millions of people, and we're proud of the trust placed in us. In exchange, we trust you to use our services responsibly.

You agree not to misuse the Dropbox services ("Services") or help anyone else to do so. For example, you must not even try to do any of the following in connection with the Services:

  • probe, scan or test the vulnerability of any system or network, unless done in compliance with our Bug Bounty programme;
  • breach or otherwise circumvent any security or authentication measures;
  • access, tamper with or use non-public areas or parts of the Services, or shared areas of the Services you haven't been invited to;
  • interfere with or disrupt any user, host or network, for example by sending a virus, overloading, flooding, spamming or mail-bombing any part of the Services;
  • access, search or create accounts for the Services by any means other than our publicly supported interfaces (for example "scraping" or creating accounts in bulk);
  • send unsolicited communications, promotions or advertisements, or spam;
  • send altered, deceptive or false source-identifying information, including "spoofing" or "phishing";
  • promote or advertise products or services other than your own without appropriate authorisation;
  • abuse referrals or promotions to get more storage space than deserved or to sell storage space received from referrals or promotions;
  • circumvent storage space limits;
  • sell the Services unless specifically authorised to do so;
  • publish or share materials that are unlawfully pornographic or indecent, or that contain extreme acts of violence or terrorist activity, including terror propaganda;
  • advocate bigotry or hatred against any person or group of people based on their race, religion, ethnicity, sex, gender identity, sexual orientation, disability or impairment;
  • harass or abuse Dropbox personnel or representatives or agents performing services on behalf of Dropbox;
  • violate the law in any way, including storing, publishing or sharing material that's fraudulent, defamatory or misleading; or
  • violate the privacy or infringe the rights of others.

This translation is provided for convenience only and the English language version will control in the event of any discrepancies.

Open Source Software at Dropbox

Dropbox is an active participant in the open source community. We’ve open sourced many of our own projects (https://opensource.dropbox.com) , and we’re using open source software in a variety of ways across our products. Attribution notices for open source software that may be included in our products can be found here.

We thank the open source community for all of their contributions!