At Dropbox, the security of your data is our highest priority

See why millions of people and organisations trust us with their most important work.
Dropbox security
At Dropbox, the security of your data is our highest priority

How we protect your files

Dropbox is designed with multiple layers of protection across a distributed, reliable infrastructure. Access files securely from desktop, web and mobile, or via connected third-party apps.

How we protect your privacy

It's our responsibility to protect your files from unauthorised access. We've designed policies and controls to safeguard the collection, use and disclosure of your information.

How to protect your account

Dropbox offers several tools to protect your account from attacks. To help keep your files safe, enable two-step verification, monitor third-party apps and adjust your security settings.

Protecting your files

Dropbox file security
Beyond traditional encryption

Dropbox protects files in transit between our apps and our servers, and at rest. Each file is split into discrete blocks, which are encrypted using a strong cipher. Only blocks that have been modified are synced. Learn more

File recovery and version history

Dropbox saves a history of all deleted and previous versions of files, and allows you to restore them for up to 30 days. Extended version history is available as a Dropbox Plus subscription add-on. Dropbox Business users have 180 days to recover deleted files. Learn more

Rigorous security testing

We test our infrastructure and apps regularly to identify and patch vulnerabilities. We also work with third-party specialists, industry security teams and the security research community to keep our users and their files safe. Potential security bugs and vulnerabilities can be reported to us on the third-party service HackerOne.

Third-party access

Dropbox has terms and guidelines for third-party developers to create apps that connect to Dropbox whilst respecting user privacy and account security. In addition, we use OAuth, an industry-standard protocol for authorisation, to allow users to grant apps different levels of account access without exposing their account credentials. Learn more

Protecting your privacy

Dropbox privacy protection
Privacy Policy

You own your data and, whether it’s your personal or work information, we’re committed to keeping it private. Our privacy policy clearly describes when we collect your information and the steps we take to protect it.

Government data request principles

We publish a transparency report to share how often we receive government data requests, as well as our government data request principles, which guide our responses to those requests. Those principles include being transparent, fighting overly broad requests, providing trusted services and protecting all of our users, no matter where they are.

European data requirements

Dropbox is certified under the EU-U.S. and Swiss-U.S. Privacy Shield framework. Data hosting based in Europe is available for Dropbox Business customers with 15+ seats. Speak with our sales team to learn more.

Organisations established in the EU and processing personal data of EU-based individuals have been required to comply with the General Data Protection Regulation (GDPR). Our Legal, Trust and Security teams have carefully scrutinised the GDPR and taken all necessary steps to identify changes that needed to be made. We are GDPR compliant and continue to help our customers with their GDPR requirements.

Protecting your account

Protecting account security
Choose a unique, strong password

Create a password that you don't use anywhere else, and make it hard to guess. Test your password with our strength estimator when you create your account or reset your password. Learn more

Enable two-step verification

This security feature adds an extra layer of protection to your account. Once enabled, Dropbox will require a six-digit code or a USB security key when signing in or linking a new device. For security keys, Dropbox supports the open standard FIDO Universal 2nd Factor (U2F). A U2F security key uses cryptographic communication and provides additional protection against credential theft attacks such as phishing. Enable it now or learn more

Monitor account activity

From the Security page, you can easily monitor linked devices, active web sessions and third-party apps with access to your account. Something doesn't look right? You can cut off access in seconds. From the Events page, you can track changes to files and folders including edits, deletions and shared folder membership. 

Watch out for phishing and malware

Attackers may try to steal sensitive information by pretending to be Dropbox or other services you trust. Be on the lookout for unfamiliar emails, websites and links that try to trick you into entering your password or other sensitive information. Also, if you see anything suspicious being hosted on Dropbox, please report it to us. Learn more