Fair Use Policy

Effective as of July 31, 2020

This policy sets forth Box’s expectations for the fair use of our systems in order to ensure the integrity of the Box Service for all. The policy applies to all users of our Box Service. Box may change this policy, at its sole discretion, by posting an updated version of the policy at www.Box.com/legal and such updates will be effective upon posting.  

 

Section 1. Integrity of Our Service

Consistent with your obligations under your agreement, it is important that all users understand that while the Box Service can be utilized for a multitude of activities, it should not be used for the following:

     a. No Monetization of the Box Service

The Box Service is purchased by you and intended for your internal use only.   You are prohibited from transferring, renting, reselling, charging or otherwise commercializing any use of the Box Service that you have purchased from Box, in whole or in part, unless otherwise expressly permitted by the terms of your Agreement. This includes, for the avoidance of doubt, the use of the Box Service for phishing, extortion, pyramid schemes, or unsolicited commercial messaging (e.g. spam). 

     b.  IP Prohibitions

You are prohibited from reverse engineering, disassembling, decompiling, otherwise recreating the Box Service or creating derivative works of the Box Service. You may not access the Box Service for the purposes of replicating any element of the Box Service as part of a product or service that competes with Box.

     c.  False or Misleading Acts

Honesty is the best policy. Users may not use the Box Service to falsely or misleadingly identify themselves or information about themselves (e.g. employer, title, or affiliations).

     d.  Security Testing

Overburdening the Box Service or attempting to circumvent access limitations or monitoring mechanisms for the Box Service or its related systems and networks is prohibited. Performance and disclosure of security tests, vulnerability scanning, penetration testing, or similar activities conducted without the prior written consent of Box is prohibited. 

 

Section 2. Entitlement Compliance  

 

Box believes in providing our customers with the best experience possible. As such, we do not set system limitations on our customers’ user access or other similar functionality within the Box Service.The following section is intended to address our customers’ use of the Box Service in excess of the products purchased under the applicable order and ensure compliance with our pricing model.

     a.  User Limitations 

Our pricing model for user accounts is straightforward - we charge for our plans per user and not by usage. "Users" (e.g. employees, contractors, consultants) that are part of the Box Business Plans must be tied to individual people, and to a single email address. Your order which represents the commercial terms of the Box Service contract, states the quantity of user accounts a Customer has purchased. Customers are responsible for purchasing accounts for all Users deployed by the administrator in accordance with your agreement and order.  Deploying users beyond your user account entitlement, as stated in the order, will result in the need to purchase additional users. 

 

We approach our customer relationships in a transparent and honest way and hope for the same from our customers. Users and customers may not take actions to artificially decrease their user count. Examples of such behavior include (but are not limited to):

  • Creating a single user account that multiple users share.
  • Creating user accounts tied to a generic email address or alias (e.g. salesteam@xyz.com).
  • Deleting user accounts prior to a true-up and then subsequently re-provisioning those accounts.
  • Provisioning user accounts using an employee’s personal email address for the purpose of circumventing the Customer’s user count.

Additionally, user accounts that are part of the Box Business Plans cannot be used as a "system account" or "service account" that uses Box APIs and are independent of a specific person. If you have a use case for an account that is not tied to a specific person, for example, connecting backend systems to aggregate files and move them to Box via API, migrating files from an internal repository to Box via API, scanning new files that are uploaded to Box via API, and other similar uses of the Box APIs – we will be happy to work with you to enable that use case as, generally, such use cases are covered under the Box Platform Plans.  

     b. Platform Use Limits

Our pricing model for Platform Resources (as defined below) is straightforward - we charge for Platform Resources up-front for an annual term. Platform Resources include Monthly Active Users, Monthly Platform API Calls, Monthly Platform Bandwidth, and Platform Storage. Platform Resource usage is measured based on their average usage over the past 12 months leading up to the point of measurement, with the exception of Platform Storage which is measured as a total amount of terabytes as of a point in time. Customers are responsible for purchasing Platform Resources such that their Platform Use Limits are equal to or more than the amount of Platform Resources being used. Customer’s order, which represents the commercial terms of the Box Service contract, states the quantity of Platform Resources a customer has purchased, and constitute the customer’s Platform Use Limits. If no such entitlements are reflected on the order form, then customer is entitled to the Platform Use Limits reflected on the Feature Matrix (if included in the plan). If the customer uses in excess of their Platform Use Limits, they are considered out of compliance and will be required to purchase additional entitlements. 

      c. External Collaborator Limitations

Box encourages collaboration between users from different accounts, including between companies that purchase Box Business plans and users using free Individual plans. This allows companies to work with external contractors, customers, consultants, partners, or anyone that signs up for a Box account of any kind (including free of charge Individual accounts). Box Business Customers may not create Individual accounts for users from the same company for the purpose of avoiding purchasing Box licenses for internal users in excess of their user entitlement.  Box reserves the right to restrict external collaboration, suspend accounts and recover payment for such action.  

More information and best practices for managing internal and external users – including information on how to invite an external user to be managed as part of a Box account – are available here.

 

Section 3. Product Limits  

 

The following sections outline system limits and thresholds that, if exceeded, may cause general hardship on our systems resulting in an error message.  It is advised that you do not exceed these limits to ensure the integrity of the Box Service. 

     a. API Rate Limits

In order to protect our service from issues that may arise when a single user generates too much traffic, the number of API calls that a user can make in a minute is limited as described below. When a user exceeds the rate limit, a standard "429 Too Many Requests" error message (“429s”) will be returned, with an indication of when to retry the request. Please refer to API reference documentation for best practices on how to handle 429s responses.

We may allow bursts for short periods of time above the threshold, but generally rates are as set forth in the following Rate Limits.   

Note that these rates are determined per user across all apps utilizing the API (and the rate-limit is not per-app). So if a user is simultaneously using multiple apps, the aggregate API calls by all active apps will be counted towards the limit. 

Rate Limits are different than total number of API calls as set forth by your plan.  For information about the total number of API calls by plan, please refer to the Box Plans and Pricing page. Exceeding your API call entitlements will require the purchase of additional API calls.  If additional API resources are needed, please contact your Box representative or Box Support for more information.Note that Box may also return 429s in certain rare situations if an API call or rapid combination of API calls are likely to cause site instability.

     b.  Bandwidth

To help prevent excessive usage by any one user, Box may limit user bandwidth if it exceeds the thresholds described below.

Box monitors two different types of bandwidth: 

  • Download Bandwidth for Shared Links: Files downloaded from an open access shared link (applies to the owner of the file).
    • 10GB per user per month for Individual plans
    • 2TB per user per month for Box Business plans 
  • Download/upload Ingress/Egress Bandwidth: Files uploaded and downloaded (applies to the user who uploads and/or downloads the file).
    • 1TB per user per month for both Box Business and Individual plans

     c. Storage and File Sizes

Information on total storage and maximum file size allowed per user is described on the Box Plans and Pricing page.