Your stuff is safe with Dropbox

At Dropbox, the security of your data is our highest priority. Trust us to safeguard your stuff with multiple layers of security, and we'll give you tools to help protect your account.

What does Dropbox do to protect my stuff?

We store your files using 256-bit AES encryption and transfer them in a secure tunnel using SSL/TLS. You can securely access files and folders any time from our desktop, web, and mobile applications, or through third-party apps connected to your account.
Learn more below

How does Dropbox protect my privacy?

Guarding our users' privacy is something we take very seriously. We work hard to protect your information from unauthorized access and have designed policies and controls to safeguard the collection, use, and disclosure of your information.
Learn more below

What can I do to protect my account?

Use a strong password that you don't use for any other service and enable two-step verification to add an extra layer of protection. Monitor and control your account by reviewing your account activity and keeping your security settings updated.
Learn more below

For more information on Dropbox for Business security, visit www.dropbox.com/business/features.

What does Dropbox do to protect my stuff?

Data encryption in transit and at rest

To protect data in transit, Dropbox uses SSL/TLS for data transfer, creating a secure tunnel protected by 128-bit or higher AES encryption. Primary storage of Dropbox user data at rest is currently in multiple secure data centers, where it's stored in discrete file blocks that are fragmented and encrypted using 256-bit AES. Additionally, we support perfect forward secrecy, flag all authentication cookies as secure, and enable HSTS.

Deletion recovery and version history

By default, Dropbox saves a history of all deleted and previous versions of files, and allows you to restore them for up to 30 days. Unlimited recovery is available as an add-on for Dropbox free and Pro accounts, and is included with Dropbox for Business. Learn more

Application security testing

Our security team performs automated and manual application security testing on a regular basis to identify and patch potential security vulnerabilities and bugs on our desktop, web, and mobile applications. We also work with third-party security specialists, as well as other industry security teams and the security research community, to keep our applications safe and secure. Potential security bugs and vulnerabilities can be reported to us at security@dropbox.com.

Third-party apps

A number of guidelines and practices have been established to help third-party developers create apps that connect to Dropbox while respecting and protecting user privacy and account security. We require unique keys for each distinct app a developer writes, and all apps are subject to review. In addition, we use OAuth, an industry-standard protocol for authorization, to allow users to grant apps different levels of account access without exposing their account credentials. For more information on Dropbox APIs and for developers, see www.dropbox.com/developers.

How does Dropbox protect my privacy?

Privacy policy

We've created a privacy policy to describe how we collect, use, and handle your information when you use our websites, software, and service. For details, see www.dropbox.com/privacy.

Safe Harbor compliance

Dropbox complies with the EU-U.S. and Swiss-U.S. Safe Harbor ("Safe Harbor") frameworks and principles. You can view our compliance certifications here. Any concerns about our Safe Harbor compliance should first be directed to privacy@dropbox.com. If you aren't satisfied with our response, please contact TRUSTe at feedback-form.truste.com/watchdog/request.

Government request principles

Stewardship of your data is critical to us and a responsibility that we embrace. We believe that our users' data should receive the same legal protections regardless of whether it's stored on our services or on their home computer's hard drive. We'll abide by the following principles when receiving, scrutinizing, and responding to government requests for our users' data:

  • Be transparent,
  • Fight blanket requests,
  • Protect all users, and
  • Provide trusted services.

Please visit our Government Request Principles and Transparency Report for more detailed information.

What can I do to protect my account?

As a user, Dropbox gives you a number of security tools to protect your account and data. The following authentication, activity, and other security features are available to you:

Choose a strong, unique password

By creating a unique password — and guarding it closely — you'll help keep your Dropbox account safe. We've created a password strength estimator to help you test your password. Learn more

Enable two-step verification

This optional — but highly recommended — security feature adds an extra layer of protection to your account. Once two-step verification is enabled, Dropbox will require your password and a six-digit security code sent via text message or a separate authentication app when signing in or linking a new device. Learn more

Adjust security settings

From the Security page, you can easily monitor linked devices, active web sessions, and third-party apps with access to your account. Something doesn't look right? You can cut off access to any with one click.

Monitor account activity

From the Events page, up-to-date account activity information is available for shared folders and active sharing links, as is a running log of individual file and folder edits, addition, and deletions. From the Profile page, you can also opt in to receive notifications whenever a new device or app is linked to your account.