Content uploaded to Box - from a single user with a Personal account to our largest Enterprise accounts - is encrypted in transit when sent through Box's website and Box-created applications, using high-strength TLS encryption. Content is also encrypted at rest by Box using 256-bit AES encryption, and is further protected by an encryption key-wrapping strategy that also utilizes 256-bit AES encryption.
Note: Box defaults to use the strongest encryption cipher suite available starting with 256-bit AES. However, to support Box's diverse customer base, Box does support other encryption cipher suites such as 3DES, which provides greater compatibility with systems and end users. Users with specific encryption requirements should ensure that their browsers are correctly configured to use Box.