This agreement only applies to customers that purchase a Dropbox service for teams (including free access subscriptions), and is not applicable for Dropbox services purchased by consumers or individuals. If your organization has signed a separate agreement with Dropbox, that agreement will govern and may be different from the terms below. Please contact your organization’s Admin for details.
Dropbox Services Agreement
Posted: August 5, 2024
Effective: August 5, 2024
You can see the previous Services Agreement here.
This Dropbox Services Agreement (the "DSA") is between the applicable Dropbox entity set forth in Appendix 1 ("Dropbox") and the organization agreeing to these terms ("Customer"). Dropbox and Customer are each referred to as a “Party” and collectively as the “Parties.” This DSA governs access to and use of the Services and any Beta Services. This DSA, any Service-Specific Terms, each applicable Order Form, the Data Processing Agreement and, if applicable, the HIPAA Business Associate Agreement are collectively referred to as the "Agreement." By clicking "I agree," signing your Order Form for the Services, or using the Services, you agree to the Agreement as a Customer.
If you are agreeing to this Agreement for use of the Services by an organization, you are agreeing on behalf of that organization. You must have the authority to bind that organization to these terms, otherwise you must not sign up for the Services.
- Services.
- Provision. The Agreement governs access to, and use of the Services, and any associated Software. Customer may access and use the Services in accordance with the Agreement.
- Service-Specific Terms. Certain Services, or portions thereof, may be subject to additional terms, including third party terms and conditions, that are specific to the particular Services and are set forth in the Service-Specific Terms. By accessing or using Services covered by any Service-Specific Terms, you agree to the applicable Service-Specific Terms. If there is a conflict between these Terms and the Service-Specific Terms, the Service-Specific Terms will control with respect to the applicable Services or portions thereof.
- Modifications. Dropbox may update the Services from time to time. If Dropbox changes the Services in a manner that materially reduces their functionality, Dropbox will notify Customer at the email address associated with the account, and Customer may provide notice within thirty days of the change to terminate the Agreement. This termination right will not apply to updates made to features provided on a beta or evaluation basis. Without limiting the foregoing, from time to time, Dropbox may add additional features to enhance the user experience of the Services at no additional charge. However, these free features may be withdrawn without further notices.
- Software.
- Generally. Some of the Services may allow Customer and End Users to download Software that may update automatically. Dropbox hereby grants to Customer during the Term a limited non-exclusive license to use the Software solely in connection with the Services and in accordance with the Agreement. This license is non-transferable (subject to Section 14.8), irrevocable (except as set forth in Section 9), non-sublicensable, and will be fully paid up upon Customer’s payment of the Fees.
- Open Source. If any component of the Software is offered under an open source license, Dropbox will make the license available to Customer and to the extent the provisions of that license grant Customer additional rights, those provisions will expressly override some terms of the Agreement solely with respect to that component of the Software.
- Add-Ons. Customer may purchase Add-Ons for use in conjunction with certain Services. Add-Ons may not be purchased on a standalone basis and must be purchased in connection with a new or existing subscription to the applicable Services for which they are offered. Add-Ons may be subject to additional Service-Specific Terms or other limitations described on an Order Form. Without limiting the foregoing, Add-Ons that are identified as being offered by third parties are not part of the Services and are subject to Section 3.9 of the Agreement.
- Subscriptions.
- Services Term. Unless otherwise set forth on the Order Form, the Services are sold on a subscription basis. Dropbox will deliver the Services to Customer for the Services Term. Unless the parties agree otherwise in writing, any increases in quantities of Services purchased during any Services Term will have a prorated term ending on the last day of the pre-existing Services Term.
- Automatic Renewals. Unless otherwise specified on the Order Form, following the Initial Services Term or a Renewal Term, Customer’s subscription to the Services will automatically renew for a Renewal Term at the then-current quantity or subscription tier, unless either Party gives the other written notice of termination (including any partial termination to reduce quantities) at least thirty days prior to the expiration of the then-current Services term. If Customer has purchased the Services online via a self-serve mechanism and provided a payment method to Dropbox for recurring charges, Customer may elect to terminate the Agreement via the Admin Console prior to the day a Renewal Term begins.
- Additional Subscriptions. The Services may be configured to allow Administrators or End Users to purchase additional subscriptions or quantities of Services or Add-Ons. Customer is responsible for understanding the settings and controls of the Services for purchasing additional Services. Dropbox will charge Customer the applicable pro-rated amount for additional Services or Add-Ons for the remainder of the then-current Services Term based on Customer’s then-current price unless otherwise set forth on the Order Form.
- Usage-based Subscriptions. If Customer elects to purchase any Services based on usage, Customer acknowledges that Dropbox will charge Customer the Fees for the Services as set forth in the Order Form or Service-Specific Terms based on the usage calculated by Dropbox.
- Customer Obligations.
- Registration. Customer and its End Users may need to register for an End User Account to place orders or to access or use the Services. Account information must be accurate, current, and complete, and Customer agrees to keep this information up-to-date.
- Customer Administration of the Services. Customer may specify End Users as Administrators, including through multiple tiers of Administrators. Administrators may be able to: (a) access, disclose, restrict access to, or remove Customer Data; (b) purchase additional licenses, capacity, or other applicable quantity for the Services; and (c) provision, monitor, restrict, or terminate access to the Services by End Users. Customer is responsible for maintaining the confidentiality of passwords and Admin Accounts, and managing access to Admin Accounts. Dropbox’s responsibilities do not extend to the internal management or administration of the Services for Customer.
- Third Party Administration. Customer acknowledges that, if Customer purchases the Services through a reseller and designates any of the reseller's personnel as Administrators of Customer's Services account, the reseller may be able to control account information, including Customer Data, and access Customer's Services account as described above.
- End Users.
- Provisioning. For services sold based on End User Licenses, Customer may provision End User Accounts up to the number of End User Licenses purchased through one or more Order Forms. Each End User Account requires a paid End User License, and End User Accounts may not be shared by multiple individuals. End User Accounts may only be provisioned to, registered for, and used by a single End User. End User Accounts that are set as suspended by Customer require a paid End User License. If Customer deletes an End User Account, the End User License may be reallocated to provision a new End User Account.
- Responsibility. Customer is responsible for use of the Services by its End Users. Customer will obtain and maintain from End Users any consents necessary to allow Administrators to engage in the activities described in the Agreement and to allow Dropbox to deliver the Services.
- Unauthorized Use or Access. Customer will prevent unauthorized use of the Services by its End Users and terminate any unauthorized use of or access to the Services. The Services are not intended for End Users under the age of 13 if they reside in the United States or 16 if they reside anywhere else. If the law where the End User resides requires that the End User must be older in order for Dropbox to lawfully provide the Services to the End User without parental consent, the End User must be that older age. Customer will ensure that it does not allow any person under 13 residing in the United States, or 16 if they reside anywhere else, to use the Services. Customer will promptly notify Dropbox of any unauthorized use of or access to the Services.
- Restrictions. Customer will not: (a) sell, resell, or lease the Services, Software, or End User Licenses; (b) use the Services or Software for activities where use or failure of the Services or Software could lead to physical damage, death, or personal injury; (c) reverse engineer the Services or Software, or attempt or assist anyone else to do so, unless this restriction is prohibited by law; (d) use the Services or Software, including the export or re-export of Customer Data, in violation of Export Control Laws; (e) violate or circumvent any Service Limits of the Services or otherwise configure the Services to avoid Service Limits; (f) access the Services for the purpose of building a competitive product or service or copying its features or user interface; (g) use the Services for evaluation, benchmarking, or other comparative analysis intended for publication without Dropbox’s prior written consent; (h) remove or obscure any proprietary or other notices contained in the Services, including in any reports or output obtained from the Services; (i) use or permit the Services to be used for any illegal or misleading purpose; or (j) establish an account on the Services as an individual for personal, family, or household purposes.
- Compliance. Customer and its End Users must use the Services in compliance with the Acceptable Use Policy. Customer will comply with laws and regulations applicable to Customer's use of the Services. Customer will not take any action that would cause Dropbox to violate EU Data Protection Laws, the U.S. Foreign Corrupt Practices Act of 1977, as amended, the U.K. Bribery Act of 2010, or any other applicable data protection, anti-bribery, anti-corruption, or anti-money laundering law. Customer must satisfy itself that: (i) the Services are appropriate for its purposes, taking into account the nature of the Customer Data; and (ii) the technical and organizational requirements applicable to Dropbox under EU Data Protection Laws or other data protection laws, if applicable, are satisfied by the Security Measures and the Agreement.
- HIPAA. If Customer will store, transmit or otherwise process any information via the Services that falls within the definition of “Protected Health Information", Customer must separately enter into a HIPAA Business Associate Agreement with Dropbox prior to storing, transmitting, or otherwise processing this information. NOTWITHSTANDING THE FOREGOING, NOT ALL SERVICES OFFERED BY DROPBOX ARE DESIGNED FOR PROCESSING PROTECTED HEALTH INFORMATION. IF CUSTOMER USES A SERVICE THAT IS NOT DESIGNED FOR PROCESSING PROTECTED HEALTH INFORMATION OR HAS NOT ENTERED INTO THE HIPAA BUSINESS ASSOCIATE AGREEMENT, CUSTOMER MAY NOT USE THE SERVICES TO STORE, TRANSMIT, OR PROCESS THIS INFORMATION.
- Third-Party Apps and Integrations. If Customer uses any third-party service or applications, such as a service that uses a Dropbox API, with the Services: (a) Dropbox will not be responsible for any act or omission of the third-party, including the third-party’s access to or use of Customer Data; and (b) Dropbox does not warrant or support any service provided by the third-party. Customer will comply with any API limits associated with the Services plan purchased by Customer.
- Customer Data.
- Customer Data Use. This Agreement constitutes Customer’s instructions to Dropbox to Process Customer Data. Dropbox, Dropbox personnel and its Subcontractors will only Process, access, use, store, and transfer Customer Data as Customer instructs in order to deliver the Services and to fulfill Dropbox’s obligations in the Agreement. If Customer accesses or uses multiple Services, Customer acknowledges and agrees that Dropbox may transfer Customer Data between those Services. The categories of Personal Data to be processed by Dropbox and the processing activities to be performed under this Agreement are set out in the Data Processing Agreement. Dropbox will inform Customer of any legal requirement which prevents it from complying with Customer’s instructions, unless prohibited from doing so by applicable law or on important grounds of public interest. Any Dropbox personnel who have access to Customer Data will be bound by appropriate confidentiality obligations.
- Security Measures. Dropbox will use industry standard technical and organizational Security Measures to transfer, store, and Process Customer Data. Customers can find additional information regarding Dropbox’s security practices for the applicable Services by reviewing any applicable Security Resources. Dropbox may update the Security Measures from time to time. Dropbox will provide Customer with at least sixty days prior notice if Dropbox updates the Security Measures in a manner that materially diminishes the administrative, technical, or physical security features of the Services taken as a whole. Within five business days of receipt of this notice, Customer may elect to terminate the Agreement and associated Order Forms by providing written notice to Dropbox.
- Audit Reports. Dropbox has completed audits that evaluated the design and effectiveness of Dropbox security policies, procedures, and controls for the Audited Features. These audits were conducted by an independent auditor that evaluated the design and effectiveness of Dropbox security policies, procedures, and controls. If applicable, at no cost to Customer, upon Customer’s written request, but no more than once per year, Dropbox will provide Customer a copy of the most recent Audit Reports subject to Customer agreeing to treat the Audit Reports as Dropbox’s Confidential Information.
- Third-Party Requests.
- Customer Responsibility. Customer is responsible for responding to Third-Party Requests via its own access to information. Customer will seek to obtain information required to respond to Third-Party Requests and will contact Dropbox only if it cannot comply with the Third-Party Request despite diligent efforts.
- Dropbox Responsibility. If Dropbox receives a Third-Party Request, Dropbox will make commercially reasonable efforts, to the extent allowed by law and by the terms of the Third-Party Request, to: (i) promptly notify Customer of Dropbox's receipt of a Third-Party Request; (ii) comply with Customer's commercially reasonable requests regarding its efforts to oppose a Third-Party Request; and (iii) provide Customer with information or tools required for Customer to respond to the Third-Party Request, if Customer is otherwise unable to respond to the Third-Party Request. If Dropbox is prohibited from notifying Customer of a Third-Party Request or Customer fails to promptly respond to any Third-Party Request, then Dropbox may, but will not be obligated to do so, to the extent permitted by applicable law.
- Customer Data Sharing. The Services may enable End Users to share Customer Data, including to other Customer End Users and to third parties. Recipients of shared Customer Data may access, view, download, and share this Customer Data, including in and through their own Services accounts. Customer understands: (a) it is solely Customer’s, and its End Users’, choice to share Customer Data; (b) Dropbox cannot control third parties with whom Customer has shared Customer Data; and (c) Customer and its End Users are solely responsible for their use of the Services, including any sharing of Customer Data through the Services. Certain Account Data such as End Users’ names, profile pictures, or contact information may be viewable by other customers and users with whom End Users collaborate and by the entity that has authority to control a corporate email domain if you purchase the Services using an email address on that domain.
- Data Transfer. Customer agrees that Dropbox and its Subcontractors may transfer Customer Data to and access, use, and store Customer Data in locations other than Customer’s country.
- Aggregate/Anonymous Data. Customer agrees that Dropbox will have the right to generate aggregate and anonymous data based on End Users’ use of the Services and this data is owned by Dropbox. Dropbox may use this data for its business purposes during or after the term of this Agreement (including without limitation to develop and improve Dropbox’s products and services and to create and distribute reports and other materials). For clarity, Dropbox will not disclose any aggregate or anonymous data externally in a manner that could reasonably identify Customer or its End Users. Customer is not responsible for Dropbox’s use of aggregate or anonymous data.
- Takedown Requests. If Customer receives any take down requests or infringement notices related to Customer Data, it must promptly: (i) stop using the related item with the Services; and (ii) notify Dropbox. If Dropbox receives any take down requests or infringement notices related to Customer Data, Dropbox may respond in accordance with its policies, and will notify and consult with the Customer on next steps.
- Data Processing Agreement. To the extent Customer Data comprises Personal Data that is processed by Dropbox on Customer’s behalf, Customer and Dropbox agree to the Data Processing Agreement. The Data Processing Agreement applies only to the Services, and does not apply to Beta Services.
- Confidential Information.
- Use and Non-Disclosure. Except as expressly authorized herein, the Receiving Party will hold in confidence and not use or disclose any Confidential Information. Each Party, as the Receiving Party, will: (i) take reasonable measures to protect the Disclosing Party’s Confidential Information including at least those measures it takes to protect its own confidential information of a similar nature; and (ii) not disclose Confidential Information to any third parties. A Party may disclose Confidential Information to its employees, advisors and consultants who have a need to know the Confidential Information, if that employee, advisor or consultant is bound to restrictions at least as protective of the other Party’s Confidential Information as those set forth in this Agreement.
- Exceptions. Confidential Information does not include information that: (i) is or becomes generally known or available to the public, through no act or omission of the Receiving Party; (ii) was known, without restriction, prior to receiving it from the disclosing Party; (iii) is rightfully acquired from a third party who has the right to disclose it and who provides it without restriction as to use or disclosure; (iv) or is independently developed without access to any Confidential Information of the Disclosing Party.
- Permitted Disclosure. A Party may disclose Confidential Information to the extent required by any law or regulation if it gives the other Party reasonable advance notice, to the extent permitted, so that the other Party can seek to prevent or limit such disclosure. Notwithstanding the foregoing, the Parties’ obligations with respect to Third Party Requests are specifically addressed in Section 4.4.
- Remedies. The Receiving Party acknowledges that a disclosure of Confidential Information in violation of these terms would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.
- Payment.
- Fees. Customer will pay Dropbox or Customer's reseller all applicable Fees, in the currency and pursuant to the payment terms indicated on the Order Form, or in the applicable agreement between Customer and Customer’s reseller. Customer authorizes Dropbox, or Customer's reseller, to charge Customer for all applicable Fees using Customer's selected payment method, and Customer will issue the required purchasing documentation. Fees are non-refundable except as required by law or as otherwise specifically permitted in the Agreement.
- Payment. Customer will pay Dropbox invoices on the payment interval set forth in the Order Form. Dropbox may suspend or terminate the Services if Fees are past due. Customer will provide complete and accurate billing and contact information to Dropbox or to Customer's reseller.
- Taxes. Fees are exclusive of taxes and Customer is responsible for all Taxes. Dropbox, or Customer's reseller, will charge Taxes when required to do so. If Customer provides Dropbox or its reseller with a valid exemption certificate, Dropbox will not collect the taxes covered by that certificate.
- Withholding Taxes. Customer will pay Dropbox or its reseller net of any applicable Withholding Taxes. Customer and Dropbox, or Customer's reseller if applicable, will work together to avoid any Withholding Tax if exemptions, or a reduced treaty withholding rate, are available. If Dropbox or Customer's reseller qualifies for a tax exemption, or a reduced treaty withholding rate, Dropbox or Customer's reseller will provide Customer with reasonable documentary proof. Customer will provide Dropbox or Customer's reseller reasonable evidence that it has paid the relevant authority for the sum withheld or deducted.
- Auto-renewals and Trials. IF CUSTOMER HAS ALREADY PROVIDED A PAYMENT METHOD TO DROPBOX OR CUSTOMER’S RESELLER FOR RECURRING CHARGES AND CUSTOMER’S ACCOUNT IS SET TO AUTO-RENEWAL OR IS IN A TRIAL PERIOD, DROPBOX (OR CUSTOMER’S RESELLER) MAY CHARGE AUTOMATICALLY AT THE END OF THE TRIAL OR FOR THE RENEWAL, UNLESS CUSTOMER NOTIFIES DROPBOX (OR CUSTOMER’S RESELLER, AS APPLICABLE) THAT CUSTOMER WANTS TO DISABLE AUTO-RENEWAL OR CANCEL THE SERVICES IN ACCORDANCE WITH SECTION 2.2. Dropbox may revise Services rates by providing the Customer at least thirty days' notice prior to the next charge.
- Purchase Orders. If Customer requires the use of a purchase order or purchase order number, Customer: (i) must provide the purchase order number at the time of purchase; and (ii) agrees that any terms and conditions on a Customer purchase order will not apply to this Agreement and are null and void. If the Customer is purchasing via a reseller, any terms and conditions from the Customer's reseller or in a purchase order between the Customer and its reseller that conflict with the Agreement are null and void.
- No Refunds. Subscription and usage or overage Fees are non-refundable and non-creditable, except where required by law. Dropbox subscriptions may be cancelled, and such cancellations take effect at the end of your then-current subscription term (for example, if Customer is on a paid monthly subscription the cancellation will take effect the following month, but if Customer is on a paid yearly subscription the cancellation will take effect the following year).
- Suspension.
- Of End User Accounts by Dropbox. If an End User: (a) violates the Agreement; or (b) uses the Services in a manner that Dropbox reasonably believes will cause it liability, then Dropbox may request that Customer suspend or terminate the applicable End User account. If Customer fails to promptly suspend or terminate the End User account, then Dropbox may do so.
- Of the Services. Dropbox may suspend Customer’s access to the Services if: (i) Customer’s account is overdue; or (ii) Customer has exceeded any Service Limits. Dropbox may also suspend Customer’s access to the Services or remove Customer Data if it determines that: (a) Customer has breached any portion of this Agreement, or (b) suspension is necessary to prevent a Security Emergency, provided that Dropbox will make commercially reasonable efforts to narrowly tailor the suspension as needed to prevent or terminate the Security Emergency. Dropbox will have no liability for taking action as permitted above. For the avoidance of doubt, Customer will remain responsible for payment of fees during any suspension period under this Section 7.2. However, unless this Agreement has been terminated, Dropbox will cooperate with Customer to promptly restore access to the Services once it verifies that Customer has resolved the condition requiring suspension.
- Intellectual Property Rights.
- Reservation of Rights. Except as expressly set forth herein, the Agreement does not grant: (a) Dropbox any Intellectual Property Rights in Customer Data; or (b) Customer any Intellectual Property Rights in the Services or Dropbox trademarks and brand features. Customer acknowledges that it is obtaining only a limited right to use the Services and that irrespective of any use of the words “purchase”, “sale” or similar terms, no ownership rights are transferred to Customer (or its End Users) under this Agreement.
- Limited Permission. Customer grants Dropbox only the limited rights that are reasonably necessary for Dropbox to deliver the Services. This limited permission also extends to Subcontractors or Sub-processors.
- Feedback. Dropbox may use, modify, and incorporate into its products and services, license and sublicense, any Feedback that Customer or End Users may provide without any obligation to Customer. Customer agrees to: (i) and hereby does, assign to Dropbox all right, title, and interest in any Feedback; and (ii) provide Dropbox any reasonable assistance necessary to document and maintain Dropbox’s rights in the Feedback.
- Term & Termination.
- Agreement Term. The Agreement will remain in effect for the Term.
- Termination. Either Party may terminate the Agreement, including all Order Forms, if: (i) the other Party is in material breach of the Agreement and fails to cure that breach within thirty days after receipt of written notice; or (ii) the other Party ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within ninety days. Dropbox may terminate this Agreement and suspend Customer’s access to the Services if required to do so by law or for an egregious violation by Customer of the Acceptable Use Policy.
- Effects of Termination. If the Agreement terminates: (a) except as set forth in this Section, the rights and licenses granted by Dropbox to Customer will cease immediately; (b) Customer will delete (or, at Dropbox’s request, return) any and all copies of any Dropbox code, documentation, passwords or access codes, and any other Dropbox Confidential Information in Customer’s possession, custody, or control; (c) Customer may, prior to termination, request reasonable additional time to export its Stored Data, provided that Dropbox may charge Customer for this extended access based on Dropbox’s then-current standard fees; and (d) Dropbox will delete any End User Accounts and Stored Data in Customer’s account in a commercially reasonable period of time following receipt of an Administrator’s request to do so prior to termination of the Services. Dropbox may make instructions available to Customer regarding how to submit the Administrator request described in clause (d) of the previous sentence and Customer is responsible for following these instructions to initiate a deletion.
- Survival. The following sections will survive expiration or termination of the Agreement: 4.4 (Third Party Requests), 6.2 (Payment), 8 (Intellectual Property Rights), 9.3 (Effects of Termination), 9.4 (Survival), 10 (Indemnification), 11 (Disclaimers), 12 (Limitation of Liability), 13 (Disputes), and 14 (Miscellaneous). Notwithstanding the foregoing, Section 4.4 (Third-Party Requests) shall not survive termination if Dropbox has exercised a right to terminate the Agreement.
- Indemnification.
- By Customer. Customer will indemnify, defend, and hold harmless Dropbox from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys’ fees) arising out of any Claim against Dropbox and its Affiliates regarding: (a) Customer Data; (b) Customer Domains; (c) Customer’s or Customer’s End Users’ use of the Services in violation of the Agreement.
- By Dropbox. Dropbox will indemnify, defend, and hold harmless Customer from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys' fees) arising out of any Claim against Customer to the extent based on an allegation that Dropbox's technology used to deliver the Services to the Customer infringes or misappropriates any copyright, trade secret, U.S. patent, or trademark right of the third party. In no event will Dropbox have any obligations or liability under this section arising from: (a) use of any Services in a modified form or in combination with materials not furnished by Dropbox; and (b) any content, information, or data provided by Customer, End Users, or other third parties.
- Possible Infringement. If Dropbox believes the Services or Software infringe or may be alleged to infringe a third party's Intellectual Property Rights, then Dropbox may: (a) obtain the right for Customer, at Dropbox's expense, to continue using the Services or Software; (b) provide a non-infringing functionally equivalent replacement; or (c) modify the Services or Software so that they no longer infringe. If Dropbox does not believe the options described in this section are commercially reasonable, then Dropbox may suspend or terminate Customer's use of the affected Services or Software, with a pro-rata refund of prepaid fees for the Services or Software.
- General. The Party seeking indemnification will promptly notify the other Party of the claim and cooperate with the other Party in defending the claim. The indemnifying Party will have full control and authority over the defense, except that: (a) any settlement requiring the Party seeking indemnification to admit liability requires prior written consent, not to be unreasonably withheld or delayed; and (b) the other Party may join in the defense with its own counsel at its own expense. THE INDEMNITIES ABOVE ARE DROPBOX AND CUSTOMER'S ONLY REMEDY UNDER THE AGREEMENT FOR VIOLATION BY THE OTHER PARTY OF A THIRD PARTY'S INTELLECTUAL PROPERTY RIGHTS.
- Disclaimers.
- Generally. THE SERVICES, SOFTWARE, AND ANY RELATED DOCUMENTATION ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. TO THE FULLEST EXTENT PERMITTED BY LAW, EXCEPT AS EXPRESSLY STATED IN THE AGREEMENT, DROPBOX AND ITS AFFILIATES, SUPPLIERS, AND DISTRIBUTORS MAKE NO WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE, OR NON-INFRINGEMENT. DROPBOX MAKES NO REPRESENTATION, WARRANTY OR GUARANTEE THAT SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS, THAT CUSTOMER DATA WILL BE ACCURATE, COMPLETE, OR PRESERVED WITHOUT LOSS, OR THAT THE SERVICES WILL BE TIMELY, UNINTERRUPTED OR ERROR-FREE. DROPBOX WILL NOT BE RESPONSIBLE OR LIABLE IN ANY MANNER FOR ANY CUSTOMER PROPERTIES, CUSTOMER DATA, THIRD-PARTY PRODUCTS, THIRD-PARTY CONTENT, OR NON-DROPBOX SERVICES (INCLUDING FOR ANY DELAYS, INTERRUPTIONS, TRANSMISSION ERRORS, SECURITY FAILURES, AND OTHER PROBLEMS CAUSED BY THESE ITEMS). CUSTOMER IS RESPONSIBLE FOR USING THE SERVICES OR SOFTWARE IN ACCORDANCE WITH THE TERMS SET FORTH HEREIN AND BACKING UP ANY STORED DATA ON THE SERVICES.
- Beta Services.
- Use In Customer's Discretion. Despite anything to the contrary in the Agreement: (a) Customer may choose to use Beta Services in its sole discretion; (b) Beta Services may not be supported and may be changed at any time without notice; (c) Beta Services may not be as reliable or available as the Services; (d) Beta Services have not been subjected to the same Security Measures and auditing to which the Services have been subjected; and (e) DROPBOX WILL HAVE NO LIABILITY ARISING OUT OF OR IN CONNECTION WITH BETA SERVICES - USE AT YOUR OWN RISK.
- Feedback. Dropbox offers Beta Services in order to get user feedback. In exchange for using Beta Services, Customer agrees that Dropbox may contact Customer and its End Users to obtain Feedback regarding Beta Services.
- Confidential. Beta Services are confidential until officially launched by Dropbox and Customer will treat the Beta Services, and any documentation, specifications, or instructions related to the Beta Services, as Confidential Information of Dropbox.
- Limitation of Liability.
- Limitation on Indirect Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, EXCEPT FOR DROPBOX OR CUSTOMER'S INDEMNIFICATION OBLIGATIONS, NEITHER CUSTOMER NOR DROPBOX AND ITS AFFILIATES, SUPPLIERS, AND DISTRIBUTORS WILL BE LIABLE UNDER THE AGREEMENT FOR (I) INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR (II) LOSS OF USE, DATA, BUSINESS, REVENUES, OR PROFITS (IN EACH CASE WHETHER DIRECT OR INDIRECT), EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
- Limitation on Amount of Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, DROPBOX’S AGGREGATE LIABILITY UNDER THE AGREEMENT WILL NOT EXCEED THE LESSER OF $100,000 OR THE AMOUNT PAID BY CUSTOMER TO DROPBOX HEREUNDER DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY. FOR FREE ACCESS SUBSCRIPTIONS, TRIALS, OR BETA SERVICES, DROPBOX’S TOTAL LIABILITY WILL NOT EXCEED, IN AGGREGATE, FIFTY U.S. DOLLARS ($50).
- Failure of Essential Purpose. EACH PARTY ACKNOWLEDGES AND AGREES THAT THIS SECTION 12 IS A FUNDAMENTAL BASIS OF THE BARGAIN AND A REASONABLE ALLOCATION OF RISK BETWEEN THE PARTIES AND WILL SURVIVE AND APPLY TO ANY CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT, ANY DROPBOX SERVICES OR ANY RELATED SERVICES, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE), EVEN IF ANY LIMITED REMEDY IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
- Disputes.
- Informal Resolution. Before filing a claim, each Party agrees to try to resolve the dispute by contacting the other Party through the notice procedures in Section 14.6. If a dispute is not resolved within thirty days of notice, Customer or Dropbox may bring a formal proceeding.
- Arbitration. Customer and Dropbox agree to resolve any claims relating to the Agreement or the Services through final and binding arbitration, except as set forth below. This includes disputes arising out of or relating to the interpretation or application of this “Arbitration” subsection, including its scope, enforceability, revocability, or validity. The American Arbitration Association (AAA) will administer the arbitration under its Commercial Arbitration Rules. The arbitration will be held in San Francisco (CA), or any other location both parties agree to in writing. The arbitrator may award relief only individually and only to the extent necessary to redress Customer’s or Dropbox’s individual claim(s); the arbitrator may not award relief on behalf of others or the general public. Our past, present and future affiliates and agents may invoke our rights under this “Disputes” Section in the event they become involved in a dispute with you; otherwise, these Terms do not give rights to any third parties.
- Exception to Arbitration. Either Party may bring a lawsuit in the federal or state courts of San Francisco County, California solely for injunctive relief to stop unauthorized use or abuse of the Services or infringement of Intellectual Property Rights without first engaging in the informal dispute notice process described above. Both Customer and Dropbox consent to venue and personal jurisdiction there.
- NO CLASS ACTIONS. Customer may only resolve disputes with Dropbox on an individual basis and will not bring a claim in a class, consolidated or representative action. Class arbitrations, class actions, private attorney general actions and consolidation with other arbitrations are not allowed.
- Severability. If any part of this “Disputes” section is found to be illegal or unenforceable, the remainder will remain in effect, except that if a finding of partial illegality or unenforceability would allow class or representative arbitration, this “Disputes” section will be unenforceable in its entirety. If you are found to have a non-waivable right to bring a particular claim or to request a particular form of relief that the arbitrator lacks authority to redress or award according to this “Disputes” section, then only that respective claim or request for relief may be brought in court, and you and we agree that litigation of any such claim or request for relief shall be stayed pending the resolution of any individual claim(s) or request(s) for relief in arbitration.
- Miscellaneous.
- Terms Modification. Dropbox may revise this Agreement from time to time and the most current version will always be posted on the Dropbox website. If a revision, in Dropbox's sole discretion, is material, Dropbox will notify Customer (by, for example, sending an email to the email address associated with the applicable account). Other revisions may be posted to Dropbox's blog or terms page, and Customer is responsible for checking these postings regularly. By continuing to access or use the Services after revisions become effective, Customer agrees to be bound by the revised Agreement. If Customer does not agree to the revised Agreement terms, Customer may terminate the Services within thirty days of receiving notice of the change.
- Entire Agreement. The Agreement supersedes any prior agreements or understandings between the Parties, and constitutes the entire agreement between the Parties related to this subject matter. The Service-Specific Terms, the Data Processing Agreement, Customer invoices, and the Order Forms executed by the Parties, are hereby incorporated into the Agreement by this reference.
- Interpretation of Conflicting Terms. If there is a conflict between the documents that make up the Agreement, the documents will control in the following order: the invoice, the Service-Specific Terms, Order Form, the DSA. The terms and conditions of the Agreement will be considered Confidential Information of Dropbox. Customer agrees that any terms and conditions on a Customer purchase order will not apply to the Agreement and are null and void. If End Users are required to click through terms of service in order to use the Services, those click through terms are subordinate to this Agreement and the Agreement will control if there is a conflict.
- Governing Law. THE AGREEMENT WILL BE GOVERNED BY CALIFORNIA LAW EXCEPT FOR ITS CONFLICTS OF LAWS PRINCIPLES.
- Severability. Unenforceable provisions will be modified to reflect the parties' intention and only to the extent necessary to make them enforceable, and the remaining provisions of the Agreement will remain in full effect.
- Notice. Notices must be sent via email, first class, airmail, or overnight courier and are deemed given when received. Notices to Customer may also be sent to the applicable account email address and are deemed given when sent. Notices to Dropbox must be sent to Dropbox Legal at contractnotices@dropbox.com, with a copy to Dropbox, Inc., P.O. Box 77767, San Francisco, CA 94107, attn.: Legal Department.
- Waiver. A waiver of any default is not a waiver of any subsequent default.
- Assignment. Customer may not assign or transfer the Agreement or any rights or obligations under the Agreement without the written consent of Dropbox, except that Customer may assign the Agreement to the surviving entity in connection with a merger, acquisition, or sale of all or substantially all of its assets by providing written notice to Dropbox. Dropbox may not assign the Agreement without providing notice to Customer, except Dropbox may assign the Agreement or any rights or obligations under the Agreement to an Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets without providing notice. Any other attempt to transfer or assign is void.
- No Agency. Dropbox and Customer are not legal partners or agents, but are independent contractors.
- Subcontracting. Customer consents to Dropbox’s appointment of Subcontractors, including Sub-processors, to perform the Services. Dropbox will remain liable for all acts or omissions of its Subcontractors or Sub-processors, and for any subcontracted obligations.
- Force Majeure. Except for payment obligations, neither Dropbox nor Customer will be liable for inadequate performance to the extent caused by a condition that was beyond the Party's reasonable control (for example, natural disaster, act of war or terrorism, riot, labor condition, governmental action, and Internet disturbance).
- No Third-Party Beneficiaries. There are no third-party beneficiaries to the Agreement. Without limiting this section, a Customer's End Users are not third-party beneficiaries to Customer's rights under the Agreement.
- Definitions.
"Acceptable Use Policy" means the acceptable use policy set forth at the following link, or other link Dropbox may provide: https://www.dropbox.com/acceptable_use.
"Account Data" means the account and contact information submitted to the Services by Customer or End Users.
"Add-On(s)" means an additional feature, component, service, or functionality that can be separately purchased or provisioned for use with certain Services.
"Administrator" means a Customer-designated technical End User who administers the Services to End Users on Customer's behalf, through multiple tiers.
"Admin Account" means an administrative account provided to Customer by Dropbox for the purpose of administering the Services.
"Admin Console" means the online tool provided by Dropbox to Customer for use in administering the Services.
"Affiliate" means any entity that controls, is controlled by or is under common control with a Party, where "control" means the ability to direct the management and policies of an entity.
"Agreement" means, collectively, this DSA, each applicable Order Form, the Data Processing Agreement and, if applicable, the HIPAA Business Associate Agreement and any Service-Specific Terms entered into by the Parties.
"Audit Reports" means the audit reports for the applicable Audited Features.
"Audited Features” means the Services, service components, or features set forth at the following link: https://assets.dropbox.com/documents/en-us/legal/audited-features-current.pdf or other link Dropbox may provide, which list may be updated from time to time by Dropbox. Only Audited Features are included in the scope of the Audit Reports described in this Agreement.
"Beta Services" means services or features identified as alpha, beta, preview, early access, or evaluation, or words or phrases with similar meanings.
"Claim" means a claim by a third party, including a regulatory penalty.
"Confidential Information" means information disclosed by one Party to the other Party that is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be Confidential Information due to the nature of the information disclosed and the circumstances surrounding the disclosure. Any performance information relating to the Service and the terms and conditions of this Agreement shall be deemed Confidential Information of Dropbox without any marking or further designation.
"Customer Data" means Stored Data, Account Data, and messages, comments, structured data, images, and other content submitted to the Services by Customer or End Users.
"Customer Domains" means Customer's Internet domain names.
"Data Processing Agreement" means the data processing agreement set forth at the following link: https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf or other link that Dropbox may provide.
"Disclosing Party" means the Party disclosing Confidential Information to the other Party.
"EEA" means European Economic Area.
"Effective Date" means the date this DSA is entered into by the Parties, either by acceptance online or by the signing of an Order Form.
"End Users" means users of Customer’s Services account. End Users may include Customer’s and its Affiliate’s employees, consultants, agents, representatives, students or any other person authorized by Customer to use the Services through Customer’s account.
"End User Account" means a Dropbox hosted account provisioned by Customer through the Services for an End User.
"End User License" means a user license purchased by Customer which enables Customer to provision an End User Account.
"EU Data Protection Laws" means, to the extent in force and applicable from time to time, those laws implementing the EU General Data Protection Regulation (2016/679) and any implementing laws in each EU member state.
"Export Control Laws" means all applicable export and re-export control laws and regulations, including the Export Administration Regulations ("EAR") maintained by the U.S. Department of Commerce, trade and economic sanctions maintained by the Treasury Department's Office of Foreign Assets Control, and the International Traffic in Arms Regulations ("ITAR") maintained by the Department of State.
"Feedback" means any feedback, comments, or suggestions on the Services or Beta Services that Customer or End Users may send Dropbox or post in Dropbox’s forums. Feedback may include oral or written comments, suggestions, error reports, and analysis.
"Fees" means the amounts invoiced to Customer by Dropbox.
“HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and the rules and the regulations thereunder, as amended.
"HIPAA Business Associate Agreement" means an agreement between Customer and Dropbox detailing each Party's obligations regarding "Protected Health Information" under HIPAA.
"Initial Services Term" means the term for the applicable Services beginning on the Provisioning Date and continuing for the duration set forth on the Order Form.
"Intellectual Property Rights" means current and future worldwide rights under patent, copyright, trade secret, trademark, moral rights, and other similar rights.
"Order Form" means an ordering document, order page, or user interface through which Customer purchases a subscription to the Services or enables access to the Services.
"Personal Data," "Process," and "Processing" have the meaning given to those terms in the EU Data Protection Laws.
“Protected Health Information” or “PHI” will have the meaning given to it under HIPAA if provided to Dropbox as Stored Data in connection with Customer’s use of the Services provided under the Agreement.
"Provisioning Date" is the date upon which Dropbox makes the Services available to Customer.
"Receiving Party" means the Party receiving Confidential Information from the other Party.
"Renewal Term" means, unless otherwise agreed to in writing by the Parties, the renewal term of the same duration as the Initial Services Term or preceding Renewal Term.
"Security Emergency" means: (i) use of the Services that does or could disrupt the Services, other customers' use of the Services, or the infrastructure used to deliver the Services; or (ii) unauthorized third-party access to the Services.
"Security Measures" means the technical and organizational security measures implemented by Dropbox for the applicable Services set forth at the following link: https://assets.dropbox.com/documents/en/legal/security-measures.pdf, or other link that Dropbox may provide.
"Security Resources" means any webpages, resources, guides, and whitepapers regarding technical or organizational measures that Dropbox has implemented for the applicable Services that are described in the Service-Specific Terms.
"Services" means the services ordered by Customer on the Order Form, excluding any third-party Add-Ons (as indicated at the time of purchase or enablement).
"Service-Specific Terms" means additional terms that apply to certain Services or Add-Ons as set forth in Appendix 2 or otherwise attached to an Order Form.
"Services Term" means the Initial Services Term and all Renewal Terms for the applicable Services.
"Service Limits" means rate, storage, End User or other limits on Customer's use of the Services as described in the applicable Order Form or product description page.
"Software" means the client software provided as part of the Services, either directly by Dropbox or through third party distribution channels such as app stores.
"Stored Data" means the files uploaded to the Services by Customer or End Users.
"Subcontractor" means an entity to whom Dropbox subcontracts any of its obligations under the Agreement.
"Sub-processor" means an entity who agrees to Process Customer Data on Dropbox's behalf, or on behalf of another Dropbox sub-processor, in order to deliver the Services.
"Taxes" means any sales, use, value added, goods and services, consumption, excise, local stamp, or other tax, (including but not limited to ISS, CIDE, PIS, CONFINS), duty or other charge of any kind or nature excluding tax that is based on Dropbox's net income, associated with the Services or Software, including any related penalties or interest.
"Term" means the term of the Agreement, which will begin on the Effective Date and continue until the earlier of: (i) the end of all applicable Services Terms; or (ii) the Agreement is terminated as set forth herein.
"Third-Party Request" means a request from a third-party for records relating to an End User's use of the Services including information in or from an End User Account, or from Customer's Services account. Third-Party Requests may include valid search warrants, court orders, or subpoenas, or any other request for which there is written consent from End Users, or an End User's authorized representative, permitting a disclosure.
"Withholding Taxes" mean any income taxes that are imposed on Dropbox or Customer's reseller in which Customer is required by law to withhold or deduct on the payment to Dropbox or Customer's reseller.
Appendix 1:
Dropbox Entities
The Agreement will be between Customer and the following Dropbox entities, as applicable:
- Dropbox, Inc: Customers based inside Canada, Mexico, or the United States, or their territories and possessions
- Dropbox International Unlimited Company: Customers based outside Canada, Mexico, or the United States, or their territories and possessions
Appendix 2:
Service-Specific Terms
Posted: August 5, 2024
Effective: August 5, 2024
These Service-Specific Terms set forth additional terms and conditions that are specific to the Services for teams listed below. For purposes of clarity, this Agreement does not apply to Dropbox products for consumers or individuals, including Dropbox Basic (for individuals), Plus, Family, or Professional.
Dropbox may update these Service-Specific Terms from time to time, including to add additional Service-Specific Terms for new Services made available by Dropbox, by posting an updated version. If an update materially changes any Service-Specific Terms for any Services already purchased by Customer, Dropbox will notify Customer in accordance with Section 14.1 of the DSA.
Dropbox Business and Dropbox Business Plus
- Service Description. The Dropbox Business and Dropbox Business Plus Services offer a suite of tools to manage a team’s content and workflows in one place. For example, End Users may be able to store and protect content, collaborate with others on content, get analytics on content they’ve shared, and send Signature requests.
- Terms for Specific Functionality. The functionality, compliance frameworks, and infrastructure applicable to these Services is described in the other Service-Specific Terms sections as follows:
2.1. File storage, syncing, and sharing functionality is subject to the Dropbox Standard, Advanced, Enterprise, and Education Service-Specific Terms.
2.2. Except as set forth in Section 2.4 of the Dropbox Business and Dropbox Business Plus Service-Specific Terms below, the “Send and track” functionality with analytics is subject to the DocSend Service-Specific Terms.
2.3. Except as set forth in Section 2.4 of the Dropbox Business and Dropbox Business Plus Service-Specific Terms below, the "Signature" and "Sign Standard Add-On" functionalities are subject to the Dropbox Sign Service-Specific Terms.
2.4. Audited Features; Excluded Features. Dropbox has completed various Audit Reports for the Audited Features. Customer can request a copy of the Audit Reports in accordance with Section 4.3 of the DSA. For the purposes of these Services, “Excluded Features” means services or features listed here https://assets.dropbox.com/documents/en-us/legal/dfb-services-exceptions.pdf which list may be updated from time to time by Dropbox, provided that non-Beta features incorporated in the Services as of the Effective Date will not be transitioned to the Excluded Features list during the Term. Excluded Features are not included in the scope of the audits and Audit Reports listed above.
Dropbox Standard, Advanced, Enterprise, and Education
- Service Description. The Dropbox Standard, Advanced and Enterprise services are an online file storage, synchronization, and sharing service for teams that allow Customer's End Users to store, sync, and access files across multiple devices and to share files with others. Administrators can manage team activity and access, billing, and integrations with other tools.
- Security & Audits.
- Security Resources. Dropbox provides the following Security Resources for these services: (a) the Dropbox Security Whitepaper available at https://assets.dropbox.com/www/en-us/business/solutions/solutions/dfb_security_whitepaper.pdf; and (b) the information found at https://www.dropbox.com/business/trust/compliance/certifications-compliance and https://www.dropbox.com/security/gdpr.
- Audits. Dropbox has completed the Audit Reports described here for the Audited Features. Customers can request a copy of the Audit Reports in accordance with Section 4.3 of the DSA.
- Privacy.
- Sub-processors. Dropbox will list its current Sub-processors for these Services at: https://subprocessor.dropbox-legal.com/subprocessorlist.html.
- Customer Domains. Prior to providing the Services, Dropbox may require Customer to verify that Customer owns or controls the Customer Domains. If Customer does not own or control the Customer Domains, then Dropbox will have no obligation to provide Customer with the Services.
- Free Teams. Dropbox may offer free access subscription, non-trial, limited versions of its Services for teams from time to time (“Free Teams”). Free Teams may be sold under various names. Notwithstanding anything to the contrary, documentation or resources for the Services regarding Administrator controls or the “Admin Console” may not apply to Free Teams.
- Excluded Features. For the purposes of these Services, "Excluded Features" means services or features listed here https://assets.dropbox.com/documents/en-us/legal/dfb-services-exceptions.pdf which list may be updated from time to time by Dropbox, provided that non-Beta features incorporated in the Services as of the Effective Date will not be transitioned to the Excluded Features list during the Term. Excluded Features are not included in the scope of the audits and audit reports listed above.
Dropbox Dash
- Service Description. Dash is a tool to retrieve and organize relevant information stored and created across different services or tools. Dash works by connecting to and collecting data stored in other services and simplifying the process of searching for, accessing, and using relevant information dispersed across connected tools. These terms only apply to your organization’s use and implementation of Dash, all references to Services in this Section are only references to Dash.
- Security & Audits.
- Security Resources. Dropbox provides Security Resources for these Services including the Dash Security Architecture Overview Whitepaper, at https://trust.dropbox.com/.
- Audits. Dropbox has completed Service Organization Control 2 (SOC 2) for Dash. Customers can request a copy of the SOC 2 report at https://trust.dropbox.com/ and in accordance with Section 4.3 of the DSA.
- Privacy.
- Sub-processors. Dropbox will list its current Sub-processors for these Services at: https://subprocessor.dropbox-legal.com/dash-subprocessorlist.html
- Product Features.
- Usage Limitations. Dropbox may be required to limit or suspend your use of Dash when such suspension or limitation is necessary to prevent harm or liability to other customers/individuals, or to preserve the security, stability, availability, or integrity of the Services.
- Output. The Services may provide results to search queries, answers to submitted questions, or other suggestions likely to be relevant based on contextual information and Customer Data available to the Services (“Output”). As between Dropbox and Customer, Customer owns Output. Customer is responsible for its and its End Users’ use of Output. For the sole purpose of enhancing and delivering the Services, Customer authorizes Dropbox to review Output. For example, in the event Customer indicates Output is inaccurate, Dropbox may review that Output to improve future responses.
- Third Party Connected Services.
- The Services can connect to a wide variety of supported services to collect and organize information (the “Connected Services”) described in documented materials made available to you by Dropbox or described on your Order Form. Data loaded from Connected Services and stored by Dash is Stored Data under the DSA.
- Dropbox is not responsible for the performance of the Connected Services, including the integrity or security of data stored in a Connected Service.
- If an Administrator connects Connected Services on behalf of End Users, Customer represents and warrants that it has any necessary permissions to do so. Section 3.4(b) of the DSA applies to the performance and use of the Connected Services. With respect to Dropbox and Customer, Customer is solely responsible for its use of the Connected Services.
Dropbox Sign Mobile, WebApp, and API
- Service Description. Dropbox Sign is an electronic signature service which allows Customers to display, deliver, acknowledge, store, and electronically sign documents. Customers can use the Dropbox Sign mobile or web application ("Dropbox Sign UI") or the Dropbox Sign Application Programming Interface ("Dropbox Sign API"). The Dropbox Sign API allows Customers to easily integrate or embed the Dropbox Sign electronic signature solution into its websites, applications, workflows or other properties ("Customer Properties"), creating a clean, branded, and seamless online experience allowing users to complete agreements or transactions within the company and/or with Customer’s customers.
- Security & Audits.
- Security Resources. Security Resources regarding these Services are available at https://www.hellosign.com/trust/security.
- Audits. Dropbox has completed the Audit Reports described here for the Audited Features. Customers can request a copy of the Audit Reports in accordance with Section 4.3 of the DSA.
- Privacy.
- Sub-processors. Dropbox will list its current Sub-processors for these Services at: https://subprocessor.dropbox-legal.com/subprocessorlist.html.
- Customer Obligations. Customer agrees to: (i) maintain a legally-adequate privacy policy on Customer Properties, and provide all required disclosures; (ii) obtain all necessary rights, releases, and consents to allow Customer Data or other information (including any personal information) to be collected, used, and disclosed in the manner contemplated by this Agreement and to grant Dropbox the rights and licenses set out in the Agreement.
- Electronic Signature Responsibilities. Customer acknowledges and agrees that: (i) as between Dropbox and Customer, Customer has exclusive control and responsibility for the content of all Customer Data, including any documents used with the Services; (ii) certain types of documents, agreements, or contracts may be excluded from general electronic signature laws (such as wills, trusts, court orders, or family law matters), or may have specific regulations that are applicable to them; (iii) Customer is solely responsible for ensuring that the documents, agreements or contracts it uses with the Services are appropriate for electronic signatures, and Dropbox is not responsible or liable for any such determination or use; and (iv) consumer protection laws or regulations may impose specific requirements for electronic transactions involving consumers. Customer is solely responsible for ensuring it complies with all such laws/regulations and Dropbox has no obligations to make such determination or assist with fulfilling any requirements therein.
- Dropbox Sign Authentication.
- Dropbox Sign UI. If Customer is using Dropbox Sign UI, a person signing a document via the Services must either have a Dropbox Sign account or have received a request for signature in their email account.
- Dropbox Sign API. To the extent that Customer elects to use the Dropbox Sign API to enable embedded features on Customer Properties, Customer is required to authenticate the identity of each signer/end user through email confirmation or such other means that Dropbox may approve in its sole discretion. Customer is solely responsible and liable for such authentication and will indemnify, defend and hold Dropbox harmless against any claim related to such authentication. If Customer is using a third-party API or other service that allows Customer to perform any end user/participant/signer authentication, then Customer is solely responsible and liable for such authentication.
- Audit Trails. Documents completed in the Services include an audit trail that contains information that helps track your document through its lifecycle. This information includes, but is not limited to, unique document ID generated by the Services, email addresses of the sender and recipient(s), IP addresses of the sender and recipient(s), and track events (such as date, time, and location when the following events occur - document uploaded, document viewed, document removed, document sent, document signed, decline to sign, signer email address updated, signer access code authenticated, signature request cancelled).
- Dropbox Sign API Terms. The following terms apply to use of the Dropbox Sign APIs.
- Signature Requests. A "Signature Request" is the transaction that takes place when Customer initiates a new signature process and makes a corresponding call to the Dropbox Sign APIs. For example, if you call “signature_request/send” to send out documents for signature, this will constitute one (1) Signature Request. Note that a single Signature Request can be used to gather signatures from multiple signers in cases where they are all involved in the same contract.
- API Keys. In order to use the Dropbox Sign APIs, Customer must obtain its unique API credentials an ("API Key") via the registration process. Customer is solely responsible for all activity associated with its API Key, regardless of whether it has knowledge of such activity. Customer must not share its API Key with any third party, shall keep such API Key secure, and shall use it as Customer’s sole means of accessing the Dropbox Sign API.
- Limits. Subject to any additional limits set forth on the Order Form or on a product description page, Customers with a paid subscription can make up to : (a) 100 requests per minute for standard API requests; (b) 25 requests per minute for higher tier API requests; and (c) 10 requests per minute in test mode. Collectively the above are "Transaction Limits." Please contact our sales department if you wish to increase your Transaction Limits. Dropbox may be required to limit or suspend your use of the Dropbox Sign APIs when such suspension or limitation is necessary to prevent harm or liability to other customers/individuals, or to preserve the security, stability, availability, or integrity of the Services. Notwithstanding the foregoing, Dropbox may limit the number of API requests for Customers on a “basic” or free tier in its discretion.
- Properties. Only those Customer Properties that have been approved by Dropbox may access and use the Services. Dropbox reserves the right to reject any Customer Property, for any reason, in its sole discretion, including but not limited to ensure that you comply with the Agreement and the Acceptable Use Policy. Furthermore, you will ensure that the Customer Properties contain terms of service and privacy policies that are consistent with the terms of this Agreement.
- API Restrictions. You agree that you will not (and will not permit any third party to) directly or indirectly: (a) create an API client that functions substantially the same as the Dropbox Sign APIs; (b) make any use of the Dropbox Sign APIs for any purpose independent of the Customer Properties; (c) misrepresent the source or ownership of the Dropbox Sign APIs or remove, obscure, or alter any copyright, trademark or other proprietary rights notices, falsify or delete any author attributions, legal notices or other labels of the origin or source of the Dropbox Sign APIs; or (d) interfere with or disrupt the Dropbox Sign APIs or the servers or networks providing the Dropbox Sign APIs or Services.
- Customer Applications. Customer may use the Dropbox Sign APIs to develop applications and/or embedded signing experiences for use by Customer or Customer’s clients and their respective end users (collectively "Customer Applications"). Customer shall be solely responsible for the Customer Applications and shall ensure it has: (a) provided its customers, clients, and end users with the applicable terms (including privacy terms) that authorize Dropbox to provide the Services hereunder, and (b) the proper authority and/or authorization to share user or signer information (including personally identifiable information) with Dropbox.
- Dropbox Sign for Salesforce. The following terms apply to use of the Dropbox Sign for Salesforce integration in connection with your use of these Services.
- Description. “Dropbox Sign for Salesforce” means the integration for the Services with Salesforce that lets you quickly prepare documents for electronic signature, minimize the back-and-forth follow-up, and simplify the signing process for your clients by using data from fields in your Salesforce account.
- Storage. When using Dropbox Sign for Salesforce, signed documents will be stored within Customer’s Salesforce account.
- Eligibility. Customer must be on a Dropbox Sign enterprise plan (or higher tier) to access this integration. Customer (or its administrator) can add users to its Salesforce integration within the limits of Customer’s subscription plan. Dropbox Sign for Salesforce works with both Salesforce Classic and Salesforce Lightning Experience.
Dropbox Forms and Dropbox Forms API
- Service Description. Dropbox Forms is an intelligent workflow automation service that simplifies document completion through advanced data validation, conditional logic, integrated e-signatures, and mobile-first design. Customers can use the Dropbox Forms visual interface (“Dropbox Forms UI”) or the Dropbox Forms Application Programming Interface (“Dropbox Forms API”). The Dropbox Forms API allows Customers to easily integrate or embed the Dropbox Forms workflow automation and e-signature solutions into its websites, applications, workflows or other properties (“Customer Properties”), creating a clean, branded, and seamless online experience allowing users to complete agreements or transactions.
- Security & Audits.
- Security Resources. Security Resources regarding these Services are available at https://www.hellosign.com/trust/security.
- Audits. Dropbox has completed the Audit Reports described here for the Audited Features. Customers can request a copy of the Audit Reports in accordance with Section 4.3 of the DSA.
- Privacy.
- Sub-processors. Dropbox will list its current Sub-processors for Dropbox Forms at: https://subprocessor.dropbox-legal.com/subprocessorlist.html
- Customer Obligations. Customer agrees to: (i) maintain a legally-adequate privacy policy on Customer Properties, and provide all required disclosures; (ii) obtain all necessary rights, releases, and consents to allow Customer Data or other information (including any personal information) to be collected, used, and disclosed in the manner contemplated by this Agreement and to grant Dropbox the rights and licenses set out in the Agreement.
- Electronic signature responsibilities. Customer acknowledges and agrees that: (i) as between Dropbox and Customer, Customer has exclusive control and responsibility for the content of all Customer Data, including any documents used with the Services; (ii) certain types of documents, agreements, or contracts may be excluded from general electronic signature laws (such as wills, trusts, court orders, or family law matters), or may have specific regulations that are applicable to them; (iii) Customer is solely responsible for ensuring that the documents, agreements or contracts it uses with the Services are appropriate for electronic signatures, and Dropbox is not responsible or liable for any such determination or use; and (iv) consumer protection laws or regulations may impose specific requirements for electronic transactions involving consumers. Customer is solely responsible for ensuring it complies with all such laws/regulations and Dropbox has no obligations to make such determination or assist with fulfilling any requirements therein.
- Audit Trails. Documents signed using the Services include an audit trail that contains information that helps track your document through its lifecycle. This information includes, but is not limited to, unique document ID generated by the Services, email addresses of the sender and recipient(s), IP addresses of the sender and recipient(s), and track events (such as date, time, and location when the following events occur - document uploaded, document viewed, document removed, document sent, document signed, decline to sign, signer email address updated, signer access code authenticated, signature request cancelled).
- Dropbox Forms Authentication.
- Dropbox Forms UI. If Customer is using Dropbox Forms UI, a person signing a document via the Services must either have a Dropbox Sign account or have received a request for signature in their email account.
- Dropbox Forms API. To the extent that Customer elects to use the Dropbox Forms API to enable embedded features on Customer Properties, Customer is required to authenticate the identity of each participant/signer/end user through email confirmation or such other means that Dropbox may approve in its sole discretion. Customer is solely responsible and liable for such authentication and will indemnify, defend and hold Dropbox harmless against any claim related to such authentication. If Customer is using a third party API or other service that allows Customer to perform any end user/participant/signer authentication, then Customer is solely responsible and liable for such authentication.
- Workflows. A “Workflow” is the combination of multiple tasks or processes being utilized. The Dropbox Forms UI allows End Users to create combinations of multiple forms and documents that are required to be completed by a recipient. After a Workflow is launched it becomes a Transaction.
- Transactions.
- Dropbox Forms UI. For Dropbox Forms UI, A “Transaction” occurs when a Customer or End User launches a Workflow from the Dropbox Forms UI.
- Dropbox Forms API. For Dropbox Forms API, a “Transaction” is the use of the API to initiate either: (a) the collection and/or dissemination of information, or (b) a signature request.
- Limits. Subject to any additional limits set forth on the Order Form or on a product description page, Customers with a paid subscription can make up to: (a) 500 Transactions per hour; and (b) 50 Transactions per hour in test mode. Collectively the above are “Transaction Limits." Dropbox may be required to limit or suspend your use of the Services when such suspension or limitation is necessary to prevent harm or liability to other customers/individuals, or to preserve the security, stability, availability, or integrity of the Services. Notwithstanding the foregoing, Dropbox may limit the number of Transactions for Customers on a “basic” or free tier in its discretion.
- Dropbox Forms API Terms. The following terms apply to use of the Dropbox Forms APIs.
- API Keys. To use the Dropbox Forms APIs, Customer must obtain its unique API credentials (an “API Key”) via the registration process. Customer is solely responsible for all activity associated with its API Key, regardless of whether it has knowledge of such activity. Customer must not share its API Key with any third party, shall keep such API Key secure, and shall use it as Customer’s sole means of accessing the Dropbox Forms API.
- Properties. Only those Customer Properties that have been approved by Dropbox may access and use the Services. Dropbox reserves the right to reject any Customer Property, for any reason, in its sole discretion, including but not limited to ensure that you comply with the Agreement and the Acceptable Use Policy. Furthermore, you will ensure that the Customer Properties contain terms of service and privacy policies that are consistent with the terms of this Agreement.
- API Restrictions. You agree that you will not (and will not permit any third party to) directly or indirectly: (a) create an API client that functions substantially the same as the Dropbox Forms APIs; (b) make any use of the Dropbox Forms APIs for any purpose independent of the Customer Properties; (c) misrepresent the source or ownership of the Dropbox Forms APIs or remove, obscure, or alter any copyright, trademark or other proprietary rights notices, falsify or delete any author attributions, legal notices or other labels of the origin or source of the Dropbox Forms APIs; or (d) interfere with or disrupt the Dropbox Forms APIs or the servers or networks providing the Dropbox Forms APIs or Services.
- Customer Applications. Customer may use the Dropbox Forms APIs to develop applications and/or embedded signing experiences for use by Customer or Customer’s clients and their respective end users (collectively “Customer Applications”). Customer shall be solely responsible for the Customer Applications and shall ensure it has: (a) provided its customers, clients, and end users with the applicable terms (including privacy terms) that authorize Dropbox to provide the Services hereunder, and (b) the proper authority and/or authorization to share user or signer information (including personally identifiable information) with Dropbox.
Dropbox Fax and Dropbox Fax API
- Service Description. Dropbox Fax is an electronic fax service that allows Customers to upload and manage documents online, send and receive faxes online, and electronically sign faxes.
- Security & Audits.
- Security Resources. Security Resources regarding these Services are available at https://www.hellosign.com/trust/security.
- Audits. Dropbox has completed the Audit Reports described here for the Audited Features. Customers can request a copy of the Audit Reports in accordance with Section 4.3 of the DSA.
- Account Information. Customers of the Services must provide Dropbox with accurate and up-to-date information including, but not limited to, name, billing address, physical address, payment information (including credit card number), and national ID number (where applicable). Dropbox may be required to obtain copies of Customer’s or its users’ national IDs where required by legal proceedings, investigations, or by our subcontractors/service providers. Customer will immediately provide any and all related account information upon request by Dropbox and Customer expressly authorizes Dropbox to share any and all account information, usage data, location data, and IP addresses with its subcontractors/service providers as necessary to provide the Services. Dropbox reserves the right to suspend or terminate Customer’s account and/or its use of the Services if such account information is out-of-date or not provided immediately upon request.
- Unsolicited Faxes and Spam.
- Prohibition. The transmission of unsolicited fax advertisements is illegal in the United States under the Federal Telephone Consumer Protection Act of 1991 (TCPA) and in the European Union under the Privacy and Electronic Communications Regulations 2003, and is also illegal under the laws of a number of other countries, states and provinces. Dropbox reserves the right to immediately suspend or terminate Customer’s use of the Services if Customer sends unsolicited fax advertisements or spam. Dropbox also reserves the right to monitor Customer’s use of the Services and Dropbox may, in its sole discretion, block or refuse to deliver any messages it considers unsolicited fax advertisements or spam.
- Complaints. If a third party believes that it has received an unsolicited fax advertisement from Customer, Dropbox may direct the third party to contact Customer directly. Customer will cooperate with Dropbox in its investigation of any claims regarding unsolicited faxes and scams.
- Numbers and Porting.
- General. Customer may obtain new telephone numbers from Dropbox for use with Dropbox Fax. Such numbers are subject to availability and Dropbox does not guarantee that any particular number can be assigned to a Customer. Dropbox also supports number porting (for US, UK and Canada) as per the terms below.
- Porting. The porting of phone numbers into or out of an account requires Customer’s provision of specific and detailed information to Dropbox and/or other service providers, and procedures imposed by other service providers or Dropbox to comply with law and industry standards. Customer acknowledges that the completion of any number port request may depend on factors outside of Dropbox’s control, including delays caused by Customer and/or other service providers.
- Port-In Requests. To port in a fax number, Customer must comply with the following requirements and procedures:
- Customer must keep its existing service active with the applicable third-party service provider to port a phone number to the Services.
- Customer must fill out and submit a porting request form as made available by Dropbox. By submitting the form, Customer acknowledges and agrees that it will be charged a one-time porting fee. The fee will be charged to Customer’s account on the Services upon completion of the porting process.
- Dropbox will review the porting request form and verify whether it can port the requested number. If the requested number can be ported, Customer will be required to complete a letter of authorization form provided by Dropbox. Customer will be required to provide a recent copy of an invoice from Customer’s current service provider to verify ownership of the requested number.
- After receiving a completed letter of authorization and copy of invoice, Dropbox will request the number be ported to the Services.
- Customer will be assigned a temporary number by the Services until the requested number is ported to the Services. Customer may elect to keep the pre-assigned number for an extra monthly fee.
- All fees are subject to Dropbox’s then current pricing for the Services, which may be updated from time-to-time.
- Port-Out Process. Customer may request the porting out of a fax number currently assigned to Customer’s account on the Services to another service provider by following the instructions specified by that service provider. Customer must provide all information and cooperation requested by the relevant other services provider, Dropbox, or any other relevant third party.
- Unauthorized Port Outs. Dropbox is required by law to comply with any valid porting request. Phone numbers may be ported out from an account due to acts or omissions of third parties, and it may be difficult or impossible for Dropbox to: (i) prevent such port-outs: (ii) retrieve numbers ported out of an Account; or (iii) port such numbers back into an account. Dropbox has no responsibility or liability due to such port-outs.
- Accurate Porting Information. Customer represents and warrants that all information provided in connection with any request to port in or port out numbers to or from the Services (including without limitation any information or representations in any letter of agency) by Customer or any party acting on its behalf or direction will be true, accurate, and up-to-date.
- Customer Compliance with Porting Laws. The porting of numbers is subject to telecommunications and other laws and may be subject to third-party terms and conditions. Customer, and/or any party acting on Customer’s behalf, shall not: (i) violate any applicable law or engage in any fraudulent or deceptive conduct in its porting-related requests or activities; (ii) engage in or facilitate “slamming” or the porting out of any fax number or change or attempt to change any party’s telephony service provider without first obtaining the proper, requisite consents and authorizations; or (iii) violate contractual or other obligations to service providers or other third parties.
- Release of Numbers. In the event of account termination or cancellation, all numbers associated with the account which have not previously been ported to another provider may be released. The cancellation of individual lines may result in the release of the associated numbers if those numbers have not previously been ported to another provider. Customer is solely responsible for working with its new third-party provider to port out any numbers prior to termination or cancellation of any Services, or any individual line.
- Dropbox Fax API Terms. The following terms apply to use of the Dropbox Fax APIs
- API Keys. To use the Dropbox Fax APIs, Customer must obtain its unique API credentials (an “API Key”) via the registration process. Customer is solely responsible for all activity associated with its API Key, regardless of whether it has knowledge of such activity. Customer must not share its API Key with any third party, shall keep such API Key secure, and shall use it as Customer’s sole means of accessing the Dropbox Fax API.
- Authentication. To the extent that Customer elects to use the Dropbox Fax API to enable integrated features on Customer Properties, Customer is required to authenticate the identity of each end user / sender through email confirmation or such other means that Dropbox may approve in its sole discretion. Customer is solely responsible and liable for such authentication and will indemnify, defend and hold Dropbox harmless against any claim related to such authentication. If Customer is using a third-party API or other service that allows Customer to perform any end user/sender authentication, then Customer is solely responsible and liable for such authentication.
- Limits. Subject to any additional limits set forth on the Order Form or on a product description page, Customers with a paid subscription can make up to 200 pending fax requests per day via the Dropbox Fax API (the “Transaction Limit”). Please contact our sales department if you wish to increase your Transaction Limit. Dropbox may be required to limit or suspend your use of the Dropbox Fax APIs when such suspension or limitation is necessary to prevent harm or liability to other customers/individuals, or to preserve the security, stability, availability, or integrity of the Services. Dropbox may limit the number of fax requests for Customers on a “basic” or “free” tier in its discretion.
- Properties. Only those Customer Properties that have been approved by Dropbox may access and use the Services. Dropbox reserves the right to reject any Customer Property, for any reason, in its sole discretion, including but not limited to ensure that you comply with the Agreement and the Acceptable Use Policy. Furthermore, you will ensure that the Customer Properties contain terms of service and privacy policies that are consistent with the terms of this Agreement.
- API Restrictions. You agree that you will not (and will not permit any third party to) directly or indirectly: (a) create an API client that functions substantially the same as the Dropbox Fax APIs; (b) make any use of the Dropbox Fax APIs for any purpose independent of the Customer Properties; (c) misrepresent the source or ownership of the Dropbox Fax APIs or remove, obscure, or alter any copyright, trademark or other proprietary rights notices, falsify or delete any author attributions, legal notices or other labels of the origin or source of the Dropbox Fax APIs; or (d) interfere with or disrupt the Dropbox Fax APIs or the servers or networks providing the Dropbox Fax APIs or Services.
- Customer Applications. Customer may use the Dropbox Fax APIs to develop applications and/or embedded signing experiences for use by Customer or Customer’s clients and their respective end users (collectively “Customer Applications”). Customer shall be solely responsible for the Customer Applications and shall ensure it has: (a) provided its customers, clients, and end users with the applicable terms (including privacy terms) that authorize Dropbox to provide the Services hereunder, and (b) the proper authority and/or authorization to share user or signer information (including personally identifiable information) with Dropbox.
DocSend
- Service Description. DocSend is a communication and information sharing service and related technologies, including: (a) the DocSend website; (b) the interactive features and communication features available through the website; (c) and any other related services made available as described in an Order Form.
- Security & Audits.
- Security Resources. Security resources regarding these Services are available at https://www.docsend.com/security/.
- Audits. Dropbox has completed the Audit Reports described here for the Audited Features. Customers can request a copy of the Audit Reports in accordance with Section 4.3 of the DSA.
- Privacy.
- Sub-processors. Dropbox will list its current Sub-processors for the Services at https://subprocessor.dropbox-legal.com/subprocessorlist.html.
- True Up Terms. Customer acknowledges and agrees that the Services may be configured to permit Customer to add additional End User Licenses to its account beyond the quantity purchased on an Order Form. Unless otherwise agreed in writing, Dropbox will calculate the number of active or suspended End User Licenses on Customer's account each month and, if the number of active or suspended End User Licenses exceeds the then-current purchased quantity, Customer will be charged for any additional End User Licenses on a prorated basis at the agreed upon rate in Customer's most recent applicable Order Form for the remainder of the then-current Service Term. Any additional End User Licenses purchased through this process during a Services Term will have a prorated term ending on the last day of the pre-existing Services Term and Customer agrees to pay for these additional End User Licenses for the remainder of the Services Term at the same billing frequency set forth on their most recent applicable Order Form. Any additional Licenses purchased in accordance with this paragraph are non-cancellable and non-refundable.
- Additional Terms for DocSend Signature. "DocSend Signature" means the feature of the Services that facilitates the execution of Electronic Records between the parties to those records, using Electronic Signatures. By using DocSend Signature, Customer agrees to the following:
- Definitions. For purposes of this section, the following definitions apply:
"Electronic" means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
"Electronic Record" means a contract or other record created, generated, sent, communicated, received, or stored by Electronic means.
"Electronic Signature" means an Electronic sound, symbol, or process made available by us executed or adopted by you to sign an Electronic Record. - Consent. By using DocSend Signature, Customer agrees to do business Electronically and to sign Electronic Records by Electronic Signature.
- Authority. If Customer is using DocSend Signature on behalf of a business, company or other legal entity, you represent that you have the authority to bind the business or entity to the Electronic Record you send or accept via DocSend Signature.
- Responsibility for Electronic Records and Signatures. Customer has exclusive control over and responsibility for the content, quality and format of any Electronic Record. Nothing in these Terms makes Dropbox a party to any Electronic Record signed or shared via DocSend Signature. Customer is bound by any Electronic Signature made on its behalf by any person via DocSend Signature. Customer acknowledges that the use of Electronic Signatures and Electronic Records is governed by foreign, federal and state laws and the laws of other jurisdictions and agrees that it is responsible for complying with all such laws.
- Legal Requirements. Electronic Signatures on certain types of Electronic Records may not be valid, enforceable, or have legal effect (e.g., wills or agreements concerning family law). Customer agrees that it is solely responsible for determining whether Electronic Records signed via DocSend Signature are valid, enforceable, or have legal effect, and we have no such responsibility. Dropbox makes no representations or warranties that Electronic Records signed via DocSend Signature are valid, enforceable, or have legal effect.
- No Consumer Transactions. DocSend Signature is designed for business transactions, not consumer transactions. Some consumer protection laws may impose special requirements for Electronic Signatures and Electronic Records in connection with consumer transactions. Consumer transactions generally involve individuals who obtain, through a transaction, products or services which are used primarily for personal, family, or household purposes. These requirements may include providing disclosures and paper copies of Electronic Records. DocSend Signature does not comply with any of these requirements and other legal requirements. Customer may not use DocSend Signature in connection with consumer transactions.
- Retention. Customer is responsible for determining how long it is required to retain or store Customer Data in compliance with any applicable law, including any Electronic Records Customer signs or shares via DocSend Signature. Any Electronic Records must be stored using Customer’s own facilities, and Dropbox is not responsible for continuing to store or retrieve any Electronic Records or for ensuring that third parties receive Electronic Records Customer signs or shares via DocSend Signature.
- Definitions. For purposes of this section, the following definitions apply: