Trust Center
Welcome to the Dropbox Protect Trust Center.
Dropbox Protect is a data access governance solution that helps IT and security teams secure sensitive company data from unbounded sharing across multi-cloud content storage platforms. Gain cross-cloud visibility by connecting Dropbox, Google Drive, or Microsoft 365 accounts to proactively monitor risky access activity and quickly take bulk remediation actions within one surface. Use built-in policies to enforce clear rules on what can be shared and with whom—so least-privilege controls are always in place across connected platforms.
Dropbox Protect leverages the same underlying infrastructure, systems, and control environment as Dropbox Dash. The controls supporting this infrastructure were independently assessed as part of the Dropbox Dash SOC 2 report. While Dropbox Protect is a newly introduced standalone offering, it is built on this existing audited foundation. Dropbox Protect is planned to be formally included in the Dropbox Dash SOC 2 report scope as part of the current audit cycle. In addition, Dropbox Protect operates within Dropbox Dash’s ISO 27001 certified Information Security Management System (ISMS), which governs the security controls and processes supporting this functionality.
We recognize the deep responsibility that comes with the content we are entrusted with, and the new technology we apply on behalf of our customers. Being worthy of trust is one of our core values at Dropbox and at the center of everything we do. To that end, we've designed our Trust Center to provide you the information and assurance you need to feel confident in beginning a more enlightened way of working with Dropbox.
Introducing the Dropbox AI Whitepaper
Dropbox has published a new AI Whitepaper outlining how we design and operate AI-powered experiences with a focus on security, privacy, and customer control.
The paper highlights key practices such as permission-aware access, admin governance, clear data handling boundaries, and transparency into models and data flows. It also explains how Dropbox aligns AI development with established risk management frameworks and our AI Principles.
Read the AI Whitepaper here.
Introducing the Dropbox Safety Center
Dropbox has launched a new Safety Center to provide greater transparency into how we promote a safe user experience across our services.
The Safety Center brings together information about our safety policies, reporting mechanisms, and how we respond to harmful or abusive content. It is designed to help users better understand the steps Dropbox takes to maintain a safe environment and how to report concerns when they arise.
Visit the Safety Center to learn more: https://safety.dropbox.com/
New Dropbox SOC Reports and ISO Certificates Available
Dropbox’s updated SOC reports for the period of October 1, 2024 through September 30, 2025 are now available for download in the Trust Center. The following reports have been published:
- Dropbox SOC 1
- Dropbox SOC 2
- Dropbox SOC 3
- Dropbox Sign SOC 2
- Dropbox Sign SOC 3
- Dropbox DocSend SOC 2
- Dropbox DocSend SOC 3
- Dropbox Dash SOC 2
Updated ISO certificates for the current certification cycle are also available:
- Dropbox ISO 27001
- Dropbox ISO 27017
- Dropbox ISO 27018
- Dropbox ISO 27701
- Dropbox ISO 22301
- Dropbox Sign ISO 27001
- Dropbox Sign ISO 27018
- Dropbox Dash ISO 27001
For any questions, please contact us through the Trust Center.
AI Transparency at Dropbox
Dropbox has launched our new AI Transparency resource.
It outlines data flows for Dash features and answers key questions about how Dropbox secures and governs our use of large language models (LLMs).
Bug Bounty and Vulnerability Disclosure Program
Dropbox has migrated our Bug Bounty Program to Intigriti. We’ve also launched a Vulnerability Disclosure Program (VDP) giving security researchers a way to report issues that fall outside of our bounty scope or when no reward is expected. While the Bug Bounty program offers compensation for in-scope findings, the VDP supports broader, good-faith disclosures to help us identify and address security issues across Dropbox.