User Agreement for Dropbox Services
Overall Score
Risk by Category
The Dropbox Terms of Service outline the legal agreement between Dropbox, Inc. and users for accessing and using Dropbox's cloud storage and collaboration services. It covers account creation, user content ownership, usage rules, security responsibilities, data processing, third-party integrations, termination, liability limitations, and dispute resolution. The policy emphasizes user responsibility for content, grants Dropbox broad licenses for service operation, allows sharing with affiliates and service providers, and includes arbitration clauses. Privacy details are referenced to a separate Privacy Policy.
Dropbox receives a worldwide, royalty-free license to host, store, and display user content to provide the service, including thumbnails and previews.
Disputes must be resolved through binding arbitration, waiving class actions and jury trials.
Dropbox can suspend or terminate accounts at discretion for violations, with limited appeal.
Users retain ownership of their content; Dropbox only gets operational licenses.
Dropbox implements industry-standard security measures and complies with certifications like SOC 2.
Users can export their data via download or API.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
Email, password, payment info, profile details.
File names, sizes, upload dates, sharing settings.
IP address, device info, interaction logs for analytics.
Files and folders users choose to upload.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
Data is used to store, sync, and share files across devices.
Usage data and metadata used for service analytics and product enhancement.
Data may be shared with connected apps via user-approved integrations.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Shared with vendors for hosting, analytics (e.g., AWS).
Data accessible across Dropbox group companies.
User-initiated sharing with apps like Slack, Zoom.
Disclosed if required by law or to protect rights.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Users can access and download their content anytime.
Users can delete files and accounts, but some metadata may be retained for compliance.
Export options available for files and account data.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
Retained as long as account is active.
Deleted files recoverable for 30 days; permanent after.
Billing and legal records retained for required periods.
Aggregated analytics data retained indefinitely.
Security & Transparency
Files encrypted in transit (SSL/TLS) and at rest.
Users notified if required by law.
SOC 2 Type II, ISO 27001 compliant.
Recommended and supported for accounts.
Source Text
Users grant Dropbox perpetual licenses for service features.
Interpretation
Broad but necessary for core functionality; users retain ownership.
Source Text
Users must secure accounts; Dropbox not liable for unauthorized access.
Interpretation
Shifts responsibility to users, standard but emphasizes MFA.
Source Text
Access ends; data deleted after 30 days except for backups.
Interpretation
Grace period good, but compliance data persists.
Source Text
Binding arbitration in California, no class actions.
Interpretation
Favors company; limits user legal recourse.
Source Text
Must be 18+ or with guardian; accurate info required.
Interpretation
Standard age gate and verification.
You retain full ownership of your content. Dropbox only gets licenses needed to provide the service.