Posted: December 8, 2016
Effective: February 10, 2017
Thanks for using Dropbox! Here we describe how we collect, use and handle your information when you use our websites, software and services ("Services").
We collect and use the following information to provide, improve and protect our Services:
Account. We collect, and associate with your account, information like your name, email address, phone number, payment info, physical address, and account activity. Some of our services let you access your accounts and your information with other service providers.
Services. Our Services are designed to make it simple for you to store Your Stuff, collaborate with others, and work across multiple devices. To make that possible, we store, process, and transmit Your Stuff—like files, messages, comments, and photos—as well as information related to it. This related information can be things like your profile information that makes it easier to collaborate and share Your Stuff with others. Our Services provide you with different options for sharing Your Stuff.
You may choose to give us access to your contacts to make it easy for you to do things like share and collaborate on Your Stuff, send messages, and invite others to use the Services. If you do, we'll store those contacts on our servers for you to use.
Usage. We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). This helps us provide you with features like the "Events" page and version history.
We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.
Cookies and other technologies. We use technologies like cookies and pixel tags to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services. If our systems receive a DNT:1 signal from your browser, we'll respond to that signal as outlined here.
We may share information as discussed below, but we won't sell it to advertisers or other third parties.
Other users. Our Services display information like your name, profile picture, and email address to other users in places like your user profile and sharing notifications. When you register your Dropbox account with an email address on a domain owned by your employer or organization, we may help collaborators find you and your team by making some of your basic information—like your name, team name, profile picture, and email address—visible to other users on the same domain. This helps us show you teams you can join, and helps other users share files and folders with you.
Certain features let you make additional information available to others.
Other applications. You can also give third parties access to your information and account - for example, via Dropbox APIs. Just remember that their use of your information will be governed by their privacy policies and terms.
Dropbox Team Admins. If you are a user of a Dropbox team (e.g., Dropbox Business plans or Dropbox Education), your administrator may have the ability to access and control your Dropbox team account. Please refer to your organization's internal policies if you have questions about this. If you are not a Dropbox team user but interact with a Dropbox team user (by, for example, joining a shared folder or accessing stuff shared by that user), members of that organization may be able to view the name, email address, profile picture, and IP address that was associated with your account at the time of that interaction.
Law & Order. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or our users; or (d) protect Dropbox's property rights.
Stewardship of your data is critical to us and a responsibility that we embrace. We believe that our users' data should receive the same legal protections regardless of whether it's stored on our services or on their home computer's hard drive. We'll abide by the following Government Request Principles when receiving, scrutinizing and responding to government requests (including national security requests) for our users' data:
Security. We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like two-factor authentication, encryption of files at rest, and alerts when new devices and apps are linked to your account.
Retention. We'll retain information you store on our Services for as long as we need it to provide you the Services. If you delete your account, we'll also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements. You can access your personal information by logging into your Dropbox account. Learn more here.
Around the world. To provide you with the Services, we may store, process and transmit information in the United States and locations around the world - including those outside your country. Information may also be stored locally on the devices you use to access the Services.
EU-US Privacy Shield and US-Swiss Safe Harbor. When transferring data from the European Union, the European Economic Area, and Switzerland, Dropbox relies upon a variety of legal mechanisms, including contracts with our users. Dropbox complies with the U.S.-Swiss Safe Harbor ("Safe Harbor") framework and its principles. We also participate in the EU-U.S. Privacy Shield Program ("Privacy Shield") and comply with its framework and principles. You can find Dropbox's Safe Harbor certification here and our Privacy Shield certification here. You can also learn more about Privacy Shield at https://www.privacyshield.gov and Safe Harbor at http://2016.export.gov/safeharbor/swiss/.
Dropbox is subject to oversight by the U.S. Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield and Safe Harbor compliance — free of charge to you. We ask that you first submit any such complains directly to us via email@example.com. If you aren't satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event your concern still isn't addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.
Have questions or concerns about Dropbox, our Services and privacy? Contact us at firstname.lastname@example.org.