Our commitment to your privacy

We hold sacred the trust that you place in us when you use Box to share, store and collaborate on your most sensitive data.  Whether you're one of our enterprise customers, or one of our individual users, we respect your privacy, and protecting your data is of paramount importance to us.

With last year's implementation of GDPR, the upcoming effectiveness of the California Consumer Privacy Act (CCPA), and a seemingly never-ending stream of proposed privacy laws and regulations across the United States and around the world, maintaining strong privacy and data protection practices has never been more important.  As more and more customers adopt Box globally and across industries to power their mission-critical business processes, an increasing amount of valuable content, data and personal information is flowing across the extended enterprise.  

These dynamics have led us to proactively implement industry-leading privacy practices.  For example, to provide us with legally-recognized ways to transfer data across European borders, we adopted Processor and Controller Binding Corporate Rules (BCRs) and the E.U.-U.S. / Swiss-U.S. Privacy Shield Frameworks. Similarly, our APEC CPBR and PRP certifications ensure protection of the transfer of personal information among participating APEC economies, and demonstrate Box's ability to assist personal information controllers in complying with relevant privacy obligations. We also achieved the Cloud Computing Compliance Controls Catalogue (C5) certification after being independently audited by German organizations for meeting their high bar for adequate security and data protection. 

It is more critical than ever for us to adhere to a core set of privacy principles.  How we collect, handle and use your personal information is an important component of our privacy principles.  Which is why we are pleased to share some improvements to our Privacy Notice to make it easier to understand, more relevant, actionable and more user-friendly. We remain unwavering in our commitment to be transparent about what information we collect, how we collect it, and how we process or share it. We are also committed to providing you visibility into the mechanisms and controls that protect your personal information so you can rest easy knowing it's secure. Finally, we want to make absolutely certain that you can exercise your individual privacy rights and have ultimate control over the use of your personal information. 

Specifically, we are making the following improvements to our Privacy Notice:

  • Simplified the flow and language to make our practices and data protection stance more transparent. This includes adding section summaries with an expandable 'learn more' sub-section, removing dense legalese, and generally making it more comprehensible. 
  • Structured the Privacy Notice for easier navigation so you can quickly hone in on the information you are looking for. For instance, we have re-organized sections based on relevant categories such as data collection, data usage, and sharing.
  • Supplemented the Privacy Notice with detailed sections. Examples include a Regional Notices page for information specific to a geographical area, and a link to our subprocessor list for easy access and transparency into our service providers. 
  • Addressed the upcoming CCPA requirements, what they mean for you as a Box user, and how Box is enabling your rights as a California resident. This information will appear in the United States section of the Regional Notices page.

We believe these changes will make it easier for you to make more informed decisions about your personal information. At the same time, what isn't changing is our commitment to privacy, security and data protection. As local, regional, national and global laws and regulations continue to evolve, Box's products, services and applications will continue to improve to meet the highest standards for security and data protection.

Check out our new Privacy Notice.