At Dropbox, the security of your data is our highest priority

See why millions of people and organizations trust us with their most important work.

Dropbox security
At Dropbox, the security of your data is our highest priority
How we protect your files
Dropbox is designed with multiple layers of protection across a distributed, reliable infrastructure. Securely access files from desktop, web, and mobile, or through connected third-party apps.
How we protect your privacy
It's our responsibility to protect your files from unauthorized access. We've designed policies and controls to safeguard the collection, use, and disclosure of your information.
How to protect your account
Dropbox offers several tools to protect your account from attacks. To help keep your files safe, enable two-step verification, monitor third-party apps, and adjust your security settings.

Protecting your files

Dropbox file security
Beyond traditional encryption

Dropbox protects files in transit between our apps and our servers, and at rest. Each file is split into discrete blocks, which are encrypted using a strong cipher. Only blocks that have been modified are synced. Learn more

File recovery and version history

Dropbox saves a history of all deleted and previous versions of files, and allows you to restore them for up to 30 days. Extended version history is available as a Dropbox Plus subscription add-on. Dropbox Business users have 120 days to recover deleted files. Learn more

Rigorous security testing

We regularly test our infrastructure and apps to identify and patch vulnerabilities. We also work with third-party specialists, industry security teams, and the security research community to keep our users and their files safe. Potential security bugs and vulnerabilities can be reported to us on the third-party service HackerOne.

Third-party access

Dropbox has terms and guidelines for third-party developers to create apps that connect to Dropbox while respecting user privacy and account security. In addition, we use OAuth, an industry-standard protocol for authorization, to allow users to grant apps different levels of account access without exposing their account credentials. Learn more

Protecting your privacy

Dropbox privacy protection
Privacy policy

You own your data, and whether it’s your personal or work information, we’re committed to keeping it private. Our privacy policy clearly describes when we collect your information and the steps we take to protect it.

Government data request principles

We publish a transparency report to share how often we receive government data requests, as well as our government data request principles which guide our responses to those requests. Those principles include being transparent, fighting overly broad requests, providing trusted services, and protecting all of our users, no matter where they are.

European data requirements

Dropbox is certified under the EU-U.S. Privacy Shield framework. Data hosting based in Europe is available for Dropbox Business customers with 250+ seats. Speak with our sales team to learn more.

Protecting your account

Protecting account security
Choose a unique, strong password

Create a password that you don't use anywhere else, and make it hard to guess. Test your password with our strength estimator when you create your account or reset your password. Learn more

Enable two-step verification

This security feature adds an extra layer of protection to your account. Once enabled, Dropbox will require a six-digit code or a USB security key when signing in or linking a new device. For security keys, Dropbox supports the open standard FIDO Universal 2nd Factor (U2F). A U2F security key uses cryptographic communication and provides additional protection against credential theft attacks like phishing. Enable it now or learn more

Monitor account activity

From the Security page, you can easily monitor linked devices, active web sessions, and third-party apps with access to your account. Something doesn't look right? You can cut off access in seconds. From the Events page, you can track changes to files and folders, including edits, deletions, and shared folder membership. 

Watch out for phishing and malware

Attackers may try to steal sensitive information by pretending to be Dropbox or other services you trust. Be on the lookout for unfamiliar emails, websites, and links that try to trick you into entering your password or other sensitive information. Additionally, if you see anything suspicious being hosted on Dropbox, report it to us. Learn more