What are the institutional and regulatory implications of this document?

This policy engages GDPR (EEA/UK), CCPA (California), and standard cross-border data transfer frameworks including Standard Contractual Clauses. Compliance teams should note that business customer data processed through Dropbox Teams and Business accounts is subject to administrator override rights, raising data processor/controller boundary questions under GDPR Article 28. The policy's reference to using aggregated or anonymized data for AI/ML improvement warrants scrutiny under emerging AI go…

How does Dropbox's Dropbox Privacy Policy affect users?

Dropbox collects extensive personal data including file contents, usage patterns, device identifiers, and contacts, and may use this data to train and improve AI and machine learning features. Business account administrators have significant control over employee accounts, including the ability to access, restrict, or delete content stored in those accounts. You can review and adjust your privacy settings, request data deletion, or opt out of certain data uses by visiting the Dropbox Privacy Se…

How often is Dropbox's Dropbox Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Dropbox updates this document?

Yes. Watcher subscribers ($9.99/month) can add Dropbox to their watchlist and receive same-day email alerts whenever this document or any other Dropbox document changes.

Dropbox Privacy Policy — Dropbox

8 Total

2 High severity

6 Medium severity

0 Low severity

Summary

This is Dropbox's privacy policy — the document that explains what personal information Dropbox collects about you, how it uses it, and who it shares it with. Dropbox collects a wide range of data including your files, usage behavior, device information, and contacts, and may share this with partners and use it to improve its AI features. Users in the EU, UK, and California have specific legal rights to access, delete, or limit how their data is used.

Technical Summary

This document is Dropbox's Privacy Policy governing the collection, use, storage, and disclosure of personal data across its cloud storage and collaboration services. It details the categories of data collected (account information, usage data, device data, and user-generated content), the legal bases for processing, and the circumstances under which data is shared with third parties including service providers, business partners, and law enforcement. The policy provides specific rights for users in regulated jurisdictions including GDPR rights for EEA/UK users and CCPA rights for California residents. Notable provisions include Dropbox's use of user data to improve AI and machine learning features, cross-border data transfers with standard contractual clauses, and the ability for business account administrators to access and control employee accounts.

Evidence Provenance

Captured March 19, 2026 14:54 UTC

Document ID CA-D-000196

Version ID CA-V-000140

Source URL https://www.dropbox.com/privacy

Wayback Machine View archived versions →

SHA-256 dafeccda2e497f0720e8f9dbe87da437c7024fc64e8bacf7efaa010a8354782f

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

March 19, 2026 — Initial capture

Initial snapshot — monitoring begins

dafeccda…

View full version history (0 captures) →

High Severity — 2 provisions

Administrator Access to Business Accounts

If you use Dropbox through your employer or organization, your administrator can access, modify, restrict, or delete your account and the files stored in it.

Added March 20, 2026
AI and Machine Learning Data Use

Dropbox may use your data, including file content and usage information, to train and improve AI and machine learning features within its products.

Added March 20, 2026

Medium Severity — 6 provisions

Third-Party Data Sharing

Dropbox shares your personal data with service providers, business partners, and other third parties for purposes including analytics, advertising, and product improvement.

Added March 20, 2026
Cross-Border Data Transfers

Dropbox transfers your personal data to countries outside your own, including the United States, and uses Standard Contractual Clauses and other legal mechanisms to do so.

Added March 20, 2026
California CCPA Rights

California residents have the right to know what personal data Dropbox collects, request deletion of their data, opt out of the sale of their data, and not be discriminated against for exercising these rights.

Added March 20, 2026
Law Enforcement Disclosure

Dropbox may disclose your personal data and file contents to law enforcement, government agencies, or other third parties when required by law or in response to legal process.

Added March 20, 2026
Data Retention Policy

Dropbox retains your personal data for as long as your account is active or as needed to provide services, comply with legal obligations, or resolve disputes.

Added March 20, 2026
GDPR Rights for EEA and UK Users

Users in the European Economic Area and UK have the right to access, correct, delete, restrict, or port their personal data, and to object to certain types of processing.

Added March 20, 2026

Cross-platform context

See how other platforms handle Administrator Access to Business Accounts and similar clauses.

Compare across platforms →

Applicable Regulations

CCPA/CPRA

California, USA

CFAA

United States Federal

CAN-SPAM

United States Federal

GDPR

European Union