Your stuff is safe with Dropbox

At Dropbox, the security of your data is our highest priority. Trust us to safeguard your stuff with multiple layers of security, and we'll give you tools to help protect your account.

What does Dropbox do to protect my stuff?

We store your file data using 256-bit AES encryption and use an SSL/TLS secure tunnel to transfer files between you and us. You can securely access files and folders any time from our desktop, web, and mobile applications, or through third-party apps connected to your account.
Learn more below

How does Dropbox protect my privacy?

Guarding our users' privacy is something we take very seriously. We work hard to protect your information from unauthorized access and have designed policies and controls to safeguard the collection, use, and disclosure of your information.
Learn more below

What can I do to protect my account?

Use a strong password that you don't use for any other service and enable two-step verification to add an extra layer of protection. Monitor and control your account by reviewing your account activity and keeping your security settings updated.
Learn more below

For more information on Dropbox Business security, visit

What does Dropbox do to protect my stuff?

Protect files in transit and at rest

To protect file data in transit, Dropbox uses SSL/TLS for file transfer, creating a secure tunnel protected by 128-bit or higher AES encryption. Dropbox file data is stored in discrete file blocks that are fragmented and encrypted using 256-bit AES. Not all mobile media players support encrypted streaming, so media files streamed from our servers aren't always encrypted. Additionally, we support perfect forward secrecy, flag all authentication cookies as secure, and enable HSTS.

Deletion recovery and version history

By default, Dropbox saves a history of all deleted and previous versions of files, and allows you to restore them for up to 30 days. Extended (one-year) version history is available to Dropbox Pro and Dropbox Education users as a subscription add-on. 120 day file recovery is included with Dropbox Business. Learn more

Application security testing

Our security team performs automated and manual application security testing on a regular basis to identify and patch potential security vulnerabilities and bugs on our desktop, web, and mobile applications. We also work with third-party security specialists, as well as other industry security teams and the security research community, to keep our applications safe and secure. Potential security bugs and vulnerabilities can be reported to us on the third party service HackerOne.

Third-party apps

A number of guidelines and practices have been established to help third-party developers create apps that connect to Dropbox while respecting and protecting user privacy and account security. We require unique keys for each distinct app a developer writes, and can revoke an app key if API terms and conditions or developer branding guidelines are not followed. In addition, we use OAuth, an industry-standard protocol for authorization, to allow users to grant apps different levels of account access without exposing their account credentials. For more information on Dropbox APIs and for developers, see

How does Dropbox protect my privacy?

Privacy policy

We've created a privacy policy to describe how we collect, use, and handle your information when you use our websites, software, and service. For details, see

Government request principles

Stewardship of your data is critical to us and a responsibility that we embrace. We believe that our users' data should receive the same legal protections regardless of whether it's stored on our services or on their home computer's hard drive. We'll abide by the following principles when receiving, scrutinizing, and responding to government requests for our users' data:

  • Be transparent,
  • Fight blanket requests,
  • Protect all users, and
  • Provide trusted services.

Please visit our Government Request Principles and Transparency Report for more detailed information.

Data transfers between Europe and the United States

Dropbox is certified and complies with the EU-U.S. Privacy Shield Program ("Privacy Shield") framework and the U.S.-Swiss Safe Harbor ("Safe Harbor") framework. Learn more

What can I do to protect my account?

As a user, Dropbox gives you a number of security tools to protect your account and data. The following authentication, activity, and other security features are available to you:

Choose a strong, unique password

By creating a unique password — and guarding it closely — you'll help keep your Dropbox account safe. We've created a password strength estimator to help you test your password. Learn more

Enable two-step verification

This optional — but highly recommended — security feature adds an extra layer of protection to your account. Once two-step verification is enabled, Dropbox will require your password and a six-digit security code sent via text message or a separate authentication app when signing in or linking a new device. Learn more

Adjust security settings

From the Security page, you can easily monitor linked devices, active web sessions, and third-party apps with access to your account. Something doesn't look right? You can cut off access to any with one click.

Monitor account activity

From the Events page, up-to-date account activity information is available for shared folders and active sharing links, as is a running log of individual file and folder edits, addition, and deletions. From the Profile page, you can also opt in to receive notifications whenever a new device or app is linked to your account.

Get advanced security features with Dropbox BusinessTry free for 30 days