Box: Summary of Terms and Conditions

  • Data ownership – The ownership for all documents stored in the Box environment is the same as in an internally hosted environment. Washington University in St. Louis has the ability to access and retrieve data to support normal business operations, respond to legal requests, and to recover data and services.
  • Data access and use by the vendor – When you upload a file to Box, it is private by default and encrypted when stored. Your files are only accessible to others if you share them or make them public. Box may only access WUSTL data stored in their environment for the purpose of maintaining the service, responding to valid legal requests or for resolving security threats. Box.net will not access WUSTL data for the purpose of marketing, analysis of user behavior or for purposes not related to providing file storage services.
  • Data back-up and recovery – Box stores local snapshots of data and backs up all data daily to a facility in a separate location. Data is retained until deleted by the end user or the agreement with WUSTL is terminated. In the event the agreement with Box is terminated, WUSTL will coordinate transferring data from Box to another service.
  • Security – Box hosts its servers at multiple geographically separated, enterprise-grade data centers in the United States with a 99.9% network uptime guarantee, SSAE 16 Type II security standards, ongoing audits and 24x7x365 monitoring and video surveillance. Data is stored on a secure internal storage cluster behind an enterprise-grade firewall, with redundant connections to multiple Internet backbones. The software passes every request through a carefully audited verification code, which ensures that the user is authorized for the action requested. All user data is stored in encrypted form. Keys are held by Box under the strictest security. 256-bit Secured Socket Layer (SSL) encryption is used on the data between the end user and Box.
  • FERPA – Box agrees to comply with FERPA regulations.
  • HIPAA – There is a HIPAA Business Associate Agreement in place between WUSTL and Box.