What Dropbox is built for — and what it isn't
Dropbox is built for collaboration and convenience. Files sync across devices, share with a link, and integrate with productivity tools. For many use cases, this is exactly the right tradeoff.
For sensitive documents — legal files, financial records, client data subject to confidentiality obligations — the tradeoff fails in a specific and consistent way: the platform has access to your files.
The provider-side access problem
Dropbox operates on server-side encryption. Your files are encrypted at rest and in transit, but Dropbox holds the encryption keys. This means Dropbox can, in principle, access your file contents.
This is not a theoretical vulnerability. It is how the product is architected.
For files subject to professional confidentiality obligations — attorney-client privilege, accountant-client privilege, HIPAA, GDPR — provider-side key access is not a governance gap that can be papered over with a data processing agreement. It is a structural conflict between the platform model and the compliance requirement.
Dropbox does offer Business plans with enhanced controls, but even Business tier does not offer client-side encryption — encryption that occurs on your device before files reach Dropbox's infrastructure.
The link sharing model
Dropbox link sharing is designed for ease of access. A generated link is accessible to anyone who has it. Password protection is available on paid plans, but the password is verified server-side — which means Dropbox can see both the content and the access credential.
Links in Dropbox can be set to expire, but this is not default behavior. Many shared links in Dropbox are effectively permanent: once created, they remain active until explicitly deleted.
For document delivery to clients, partners, or external counterparties, this creates a pattern of indefinite access grants that accumulate over time. A link created for a due diligence package two years ago is, by default, still active today.
What a genuine alternative requires
A genuine Dropbox alternative for sensitive files requires a different architecture, not just different pricing.
Client-side encryption. Files must be encrypted on the originating device before upload. The platform should have no access to file contents or keys. A platform breach should produce only unreadable ciphertext.
Per-document link controls. Every shared link should carry default expiry, download limits, and immediate revocation capability — and these should be defaults, not optional settings users must remember to configure.
No provider key access. The platform should be technically incapable of reading file contents. This is a verifiable architectural property, not a policy commitment.
Audit trail. Every file access should produce a timestamped log accessible to the file owner. This is what allows incident response within hours rather than days.
Evaluating alternatives
When evaluating alternatives for sensitive document workflows, the questions that determine fitness:
- Does the vendor have access to file plaintext at any point?
- Are link expiry and download limits applied by default, or must users set them manually?
- Is revocation instant — removing access without requiring the recipient to take any action?
- Can you export a full access log for a specific file or recipient?
Most mainstream alternatives — Google Drive, OneDrive, Box — share Dropbox's architecture on the key question: the provider holds the keys.
Migration approach
Migrating from Dropbox to a zero-knowledge alternative does not require migrating all files. The practical approach is to identify the file categories where provider-side access creates genuine compliance or confidentiality exposure and migrate those workflows first.
For most professional services firms, this means: client tax documents, legal correspondence, financial statements, and any file subject to a regulatory retention requirement.
Once the high-risk workflows are running on a zero-knowledge platform, the decision about what remains in Dropbox is a risk-tiering decision, not a binary one.