Skip to main content

At Dropbox, security is our highest priority

We protect data and keep your work life and your home life organised. Security was built into our design.

Whether you’re working solo, storing personal files or a small team in need of a secure workflow you can rely on, see why millions of people trust us with what matters most.

Padlock symbol overlaying a 3x4 grid of folders and icons

How Dropbox keeps your files and data secure

A fingerprint icon, representing Dropbox account security features.

Account security

Two-factor authentication, user and device management, and a zero-knowledge password manager keep your account secure from unknown login attempts.

A lock icon, representing Dropbox file protection and encryption features.

File protection and encryption

Secure 256-bit AES and SSL/TLS encryption technology keeps your files safe from harm during data transfer.

A share icon, representing Dropbox file sharing and access management features.

File sharing and permissions

Advanced sharing controls like password protection, expiry dates and easy revocation of files and folders help ensure that only the right people have access.

A rewind icon, representing Dropbox file and folder recovery features.

File and folder recovery

Don’t live in fear of file loss. Easily recover files, folders and older versions of content – with multiple ways to restore your data.

A shield icon, representing Dropbox data breach security features.

Data breach security

We keep our systems safe from bad actors, with vulnerability testing, dark web monitoring, and enterprise detection and response capabilities.

A tick box icon, representing Dropbox compliance features.

Compliance

Dropbox meets global regulatory standards for many of your data handling and file storage needs, including GDPR compliance and support for HIPAA compliance for teams.

Account security
Keep your account secure

Dropbox account security features help to protect your account from being accessed without your knowledge and approval.

  • Two-factor authentication – require a six-digit security code or key in addition to a password to access your account.
  • Device approval and management – get notified of logins from new devices, and remotely wipe Dropbox data from any device used to access your account.
  • Dropbox Passwords – a zero-knowledge password manager to store, sync and autofill your login details to seamlessly sign in to websites and apps. No one has access but you, not even Dropbox.
An illustration of a house with a large lock, representing Dropbox account security features.
File protection and encryption
Give your files the best protection possible
  • Protecting files at rest – 256-bit Advanced Encryption Standard (AES), the strongest method of AES encryption available, makes the files in your cloud storage virtually-impossible to crack. It would take billions of years to break into a file protected in this way using current technology and so-called ‘brute force’ methods.
  • Protecting files in transit – Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used to protect data as it transfers between Dropbox apps and our servers.
A visual example of files being stored in Dropbox cloud storage, protected by SSL/TLS during upload and 256-bit AES encryption at rest.
File sharing and permissions
Know who has access and revoke quickly and easily

Share in confidence. Dropbox provides multiple ways to share and monitor access to your files and folders:

  • Share folders, links and files – no matter what you’re working on, or who you’re working with, securely share folders, links and files from your cloud storage.
  • File locking – lock files while editing to prevent unwanted edits from collaborators and avoid conflicting copies.
  • File permissions – granular file permissions give you the power to control who can access individual folders and files, and the level of access permissions they have for each.
  • Password-protected files and folders – password-protect files and folders, to add an extra layer of security.
  • External content reporting dashboard – view all files and folders shared outside of your team in a centralised dashboard. Require a password and expiry date for externally-shared links, and easily revoke access when necessary.
A visual example of the password protection settings for a file or folder in Dropbox cloud storage.
File and folder recovery
An additional safety net for your files and folders

Give yourself peace of mind, reassured that your files are safe from accidental deletion, unwanted edits or damage to your devices.

  • Version history – roll files back to earlier versions without needing to create additional copies.
  • File recovery – restore deleted files back into your cloud storage.
  • Dropbox Rewind – recover from accidents or ransomware by reversing all changes to your content at the folder or account level.
  • Dropbox Backup – automatically back up computers – and connected external drives – directly to the cloud. Should anything ever go wrong, it’s quick to recover your content to any device.
A visual example of the process to restore files in your Dropbox cloud storage.
Data breach security
Always-on protection for your account and data

The threat of data breaches and large-scale attacks requires constant vigilance. Our systems continuously monitor for and automatically react to signs of exposed account data.

  • Vulnerability testing – Dropbox applications and infrastructure are regularly tested for security vulnerabilities, and hardened to enhance security and protect against attacks.
  • Dark web monitoring – we continuously monitor the dark web for signs of data breaches, with automated systems to notify you if your information has been compromised.
  • Ransomware detection – always-on monitoring quickly alerts you to potential attacks, and Dropbox helps recover your content without paying a ransom.
  • Breach alerts and notifications – get immediately alerted to suspicious behaviour like ransomware attacks, mass file deletion, excessive login attempts and login attempts from unfamiliar or suspicious locations.
A visual example of the alert settings available to admins in the event of a potential security breach.
Compliance
Compliance for your files and data

Save yourself the admin headache ahead of an audit and ensure all of your files are compliant from day one.

  • GDPR compliant – GDPR compliance and requirements are a top Dropbox priority. In line with our commitment to the protection of our users’ data, we work hard to ensure that Dropbox and its services are GDPR compliant.
  • Support for HIPAA compliance – we’re committed to helping customers subject to HIPAA/HITECH regulations safeguard protected health information (PHI).
  • SOC 1, 2 and 3 compliance reports – when you have high volumes of sensitive data in the cloud, you require superior security, privacy and compliance controls – and regular reports on their effectiveness.
  • Data classification – stay compliant with privacy and security policies. Automatically track and report on sensitive or confidential information in your cloud storage.
  • Data Governance Add-On – secure and control your corporate data so you can meet your regulatory and compliance needs, while also reducing the risk and costs of not meeting them.
A visual example of the process to create a data retention policy with the Dropbox Data Governance Add-On.

White paper

Security practices white paper

Find out more about our approach to security in our security practices white paper.

Frequently asked questions

Yes. Whether you have a personal Dropbox account, work in a team using Dropbox to collaborate, or oversee an enterprise-level solution as an IT admin – the security of your data is our highest priority.

Read our 2023 security white paper to learn how we keep your files safe.

To keep your data protected, Dropbox uses the following measures:

  • Files are encrypted using the 256-bit Advanced Encryption Standard (AES), the strongest method of AES encryption available. By requiring 256 key combinations, AES would take billions of years to crack with current technology, making it virtually impenetrable by hackers using so-called ‘brute-force’ methods.
  • Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used to protect data as it transfers between Dropbox apps and our servers.
  • Our systems undergo regular testing for security vulnerabilities, allowing us to continuously enhance our security against ever-evolving tactics used by hackers.
  • Two-step verifications allows users to keep their accounts secure from login attempts, with the ability to verify by text or with an authenticator app.

Read our 2023 security white paper to find out more about how Dropbox security features work.

Files added to a Dropbox cloud storage account are synced to our secure online servers, located in data centres across the United States.

Additional storage servers are available in Australia, the European Union, Japan and the United Kingdom for eligible users of Dropbox team plans.

Read our 2023 security white paper to find out more about where Dropbox data is stored.

Data residency refers to the physical location in which an organisation’s data is stored. Some organisations may require data residency in specific locations, in order to comply with laws and regulations that affect them.

If your team’s data is stored in the United States but your team’s billing address is elsewhere, for example, you may be able to migrate your file data to a server closer to your team’s billing address.

Your Dropbox account, along with any files and data stored within it, is private.

 

The only people that will be able to view files stored in your Dropbox account are yourself and anyone you have purposefully chosen to share the file or folder with.

Like most major online services, Dropbox personnel will, on rare occasions, need to access users’ file content. 

Find out more about who can see the files and data in your Dropbox account.

Read our 2023 security white paper to find out more about Dropbox file access.