Dropbox information security

Learn how Dropbox's advanced IT security management helps protect your sensitive information from unauthorised access, phishing, data breaches and new threats.

Pillar being securely held up by rope tied to concrete block.

Dropbox policies safeguard your information

Dropbox has strict risk management policies regarding user information assurance. We are committed to ongoing risk assessment and continually improving the security testing, confidentiality and data integrity of Dropbox Business systems.

Download the Security Whitepaper

Key areas include:

Access and Authentication Requirements

Content Policies

Legal Holds

Retention and deletion

Discovery and Classification

Data Loss Prevention

Information security is vital to your business success

Dropbox safeguards confidential information assets that are stored and shared by your employees during everyday business operations. Dropbox has numerous data protection practices and security awareness protocols to keep your critical information safe. We also offer further controls that help you maintain the security of your own data.

How Dropbox protects your information

Team access controls

Employee access to data is granted based on role-based access control, and all access requires layers of authentication that includes strong passwords, SSH keys, 2-factor authentication and one-time passcodes.

Change management

The Dropbox Engineering team’s Formal Change Management Policy ensures that changes have been authorised prior to implementation into production environments.

Infrastructure security

Our underlying infrastructure is designed with modern security concepts like defense in depth and based on a zero trust model. Our security controls are tested extensively by our own security team, third-party testers and through an industry leading bug bounty program.

Content and data controls

Dropbox safeguards your content with document watermarking, granular content permissions and policies, document watermarking and legal holds.

Information security requires transparency

Transparency is everything when it comes to building trust and protecting the rights of our users. To that end, we’re committed to being transparent about how we handle government requests for user data. Since 2012, we’ve published a biannual transparency report that makes it easy for you to see the type and number of requests we get, from where they originate and how we respond to them.