Dropbox
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 2 Type II SOC 1, SOC 2, and SOC 3 reports available via the Trust Center; most recent reports cover Oct 2024–Sep 2025. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 Certified by EY CertifyPoint. Also holds ISO 27017, 27018, 27701, and 22301; separate certificates for Dropbox Sign and Dropbox Dash. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27018 | Verified | vendor source ↗ | June 10, 2026 |
| CSA STAR Level 2 Third-party assessed (certification by EY CertifyPoint, attestation by Ernst & Young LLP). | Verified | vendor source ↗ | June 10, 2026 |
| HIPAA Dropbox supports HIPAA/HITECH compliance and signs BAAs for business plans. | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does Dropbox have SOC 2?
Subprocessors
Subprocessor extraction for Dropbox is pending.
Hosting & data residency
- InfrastructureDropbox-managed infrastructure, Amazon Web Services
- Data residencynot yet recorded
Trust documents & links
- Trust centerhttps://trust.dropbox.com
- Security pagehttps://www.dropbox.com/business/trust/compliance/certifications-compliance
- DPAnot yet recorded
- Status pagehttps://status.dropbox.com
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added to StackPosture — initial snapshot from published trust documentation. Verification pass pending.
2026-06-10
Verification pass: SOC 2 Type II (plus SOC 1/SOC 3), ISO 27001/27018 (plus 27017/27701/22301), CSA STAR Level 2, and HIPAA support confirmed against Dropbox's compliance page, Trust Center, and the CSA STAR registry.