Data encryption in transit and at rest
To protect data in transit, Dropbox uses SSL/TLS for data transfer, creating a secure tunnel protected by 128-bit or higher AES encryption. Primary storage of Dropbox user data at rest is currently in multiple secure data centers, where it's stored in discrete file blocks that are fragmented and encrypted using 256-bit AES. Additionally, we support perfect forward secrecy, flag all authentication cookies as secure, and enable HSTS.
Deletion recovery and version history
By default, Dropbox saves a history of all deleted and previous versions of files, and allows you to restore them for up to 30 days. Unlimited recovery is available as an add-on for Dropbox free and Pro accounts, and is included with Dropbox for Business. Learn more
Application security testing
Our security team performs automated and manual application security testing on a regular basis to identify and patch potential security vulnerabilities and bugs on our desktop, web, and mobile applications. We also work with third-party security specialists, as well as other industry security teams and the security research community, to keep our applications safe and secure. Potential security bugs and vulnerabilities can be reported to us at firstname.lastname@example.org.
A number of guidelines and practices have been established to help third-party developers create apps that connect to Dropbox while respecting and protecting user privacy and account security. We require unique keys for each distinct app a developer writes, and all apps are subject to review. In addition, we use OAuth, an industry-standard protocol for authorization, to allow users to grant apps different levels of account access without exposing their account credentials. For more information on Dropbox APIs and for developers, see www.dropbox.com/developers.