Online storage : Location, security and privacy

The sharing and storage of sensitive data online, requires certain precautions. The conditions vary from one service provider to another and this also involves the confidentiality and security of your data. What are the criteria? What conditions apply to popular solutions like Dropbox, and Google Drive?

  • Pay attention to the laws in force in the country where the service provider is based (e.g Privacy Policy )
  • Check in the TOS for information about the ownership of hosted data.
  • Pay close attention to the laws of the country where the servers hosting the data are located.
  • Opt for services integrating encryption protocols for the transfer of files (client - server)

Dropbox uses the Amazon Simple Storage Service (S3) infrastructure for the storage of data (including files/shared documents ) .
These are stored on multiple localized servers in the United States .
In its terms of use, Dropbox states that personal information and files stored through its services can be shared :

  • with third party applications connected to Dropbox (requires the prior consent of the user),
  • with various service (maintenance, management databases) and business partners,
  • with other third parties if this is necessary, in order "to enforce a law or regulation (in the case the United States), respond to a court order, or to protect the property rights of Dropbox".

A Dropbox account can be deleted here: Note that backup versions of files may remain after deletion.
For any questions concerning the processing of personal data, Dropbox can be reached here:
Dropbox adheres to the principles of confidentiality established in the "Safe Harbor" program developed by the Ministry of Commerce of the United States of America in cooperation with the European Commission:

  • During the transfer of data between the Dropbox clients/applications and remote file servers, a 256-bit SSL (Secure Sockets Layer ) encryption is used.
  • The files are then encrypted using AES-256 .
  • Dropbox also offers two-factor authentication . is a UK based service.
The storage and processing of personal information and content is made in:

  • United States
  • in other countries via the U.S subsidiary.

In its terms of use , specifies that the user subscribing to the service authorizes the processing and transfer of information to the United States and other countries and territories which may laws for the protection and privacy of data, which may differ from the country of origin. may share personal information with:

  • Vendors, consultants and other service providers
  • third-party applications
  • business users

Box Inc. also adheres to the principles of confidentiality of the "Safe Harbor" program.

  • Confidential information (credit card number, password ) required by when subscribing to the service (free/pro) is protected by SSL (Secured Socket Layer).
  • SSL encryption is also used during the transfer of data and then files are encrypted using AES 256 bits encryption
  • offers a two-factor authentication.

Data is stored in data centers located in:

  • The United States
  • Europe ( Finland, Belgium, Dublin )
  • Asia (Hong Kong, Singapore, Taiwan)

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Online storage : Location, security and privacy », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (