Box.net hosts its servers at a Level3 data center in Emeryville, California. Level3 is an enterprise-grade, Tier 1 data center and network provider with ongoing audits. Level3 provides a 99.9% network uptime guarantee and 24x7x365 monitoring. Data is stored on a secure internal storage cluster behind an industry-standard Cisco PIX firewall, which exposes only two ports: HTTP and SSL. On the software side, every request is first passed through carefully programmed and audited verification code, which ensures that the user is authorized for the action requested. We store local snapshots of data and we back up all data weekly to a secondary facility in another state.

We provide 256-bit Secured Socket Layer (SSL) security to encrypt the data between the end user and Box.net. We disallow indexing of public files by search engines or robots, and this prevents any random Internet access of your files on Box. All filenames are encoded once they arrive on our servers.

Files uploaded to Box.net are private by default. They are only accessible to others if the user shares them or makes them public. All methods of sharing are rescindable, and several are password-protectable. Public links contain a unique ID made up of a randomly generated combination of letters and integers.

Box Enterprise users can set up semi-permanent access to specific Box folders with collaborators who are given various levels of restricted access. Any given Sub User has either Read Only, Write Only, Read & Write, or Full (which includes the right to delete files) privileges for the files he/she has access to. Sub User access to a Box is always password protected, and any related files transfers are encrypted.

Box.net uses proven password and privilege techniques to validate access to all application data. Based on a user's privileges, our application system determines access and presents the data. Should a user try to access something they are not authorized to access, they will be presented with an error. One feature provided in the Box Enterprise application is the display of the last action of a user. This logging gives administrators visibility into usage in their accounts.

We at Box.net believe strongly in our customers' privacy. We have developed a comprehensive privacy policy to protect our customers and inform everyone how we will use personal information. Our current Privacy Policy can be found here.

For more technical information on our security and network systems, please see our Security Overview PDF.