Dropbox, our data centers, and managed service provider undergo regular Standards for Attestation Engagements No. 16 (SSAE 16) Service Organization Control (SOC) audits. A Dropbox SOC 2 Type 2 report is available by request.
Dropbox and our payment providers are Payment Card Industry Data Security Standard (PCI DSS) compliant. A PCI DSS attestation of compliance is available by request.
Dropbox complies with the U.S.–E.U. and the U.S.–Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. More information on the Safe Harbor framework can be found at http://export.gov/safeharbor, including a searchable list with current certification status of organizations.
Compliance and certification documents can be requested through the Dropbox for Business sales or account management team. We’ll update this page with any new certifications or compliance standards as we receive them.