Content uploaded to Box - from a single user with a Personal account to our largest Enterprise accounts - is encrypted in transit when sent through Box's website and Box-created applications, using high-strength TLS encryption. Content is also encrypted at rest by Box using 256-bit AES encryption, and is further protected by an encryption key-wrapping strategy that also utilizes 256-bit AES encryption.


Note: Box defaults to use the strongest encryption cipher suite available starting with 256-bit AES. However, to support Box's diverse customer base, Box does support other encryption cipher suites such as RC4, which provides greater compatibility with systems and end users. Users with specific encryption requirements should ensure that their browsers are correctly configured to use Box.


All outgoing Box email notifications associated with the Box Webapp ( and Box-created applications support opportunistic TLS.

  • Please see this link to learn more about the security behind our Upload by Email feature.