Fair Use Policy

Effective as of February 29, 2024

Box is committed to providing an exceptional experience for all users. This means Box must ensure any one user or customer cannot use the Box Service in a manner which may affect the performance or integrity of the experience for other users and customers.

This Fair Use Policy (“policy”) sets forth Box’s expectations for the fair use of our services and systems and applies to all users of the Box Service. Box may change this policy, at its sole discretion, by posting an updated version of the policy at www.Box.com/legal and such updates will be effective upon posting.

Users and customers that do not comply with the Fair Use Policy or exceed purchased usage limits risk Box placing additional controls and limitations on use of the Box Service, suspending or terminating access to the Box Service, declining your next service renewal or other reasonable remedies at Box’s discretion. If you ever see an error message or service notification that references this policy and you believe you were using the Box Service compliantly, please contact Box Support for assistance.

There are three primary ways that Box defines fair use:

  1. Fair Account Activity and Bandwidth
  2. Fair Account Management
  3. Fair Account Behavior
Section 1: Fair Account Activity and Bandwidth

a. Bandwidth

Bandwidth refers to the amount of data transferred across the Box Service. Bandwidth is used when files are downloaded, uploaded, migrated, previewed or otherwise accessed in the Box Service. This includes the use of tools such as Box Shuttle and Box Drive.

Box monitors two categories of bandwidth for fair use purposes:

(i) Download/Upload Ingress/Egress Bandwidth:

Each user may not consume more than 1 TB per month cumulatively for uploading and downloading files to Box.

Additionally, customers with multiple account licenses may not use, on an aggregate basis, in excess of 1 TB per purchased user account license per month. This limit includes bandwidth consumed by a customer's users aggregately, by unauthorized service accounts, and by external applications.

Customers may not create or direct the creation of external collaborator accounts for the purpose of circumventing the monthly bandwidth limit.

(ii) Upload/Download Bandwidth for Shared Links: This is calculated using the amount of bandwidth used for your files available using an open access shared link. The limits per file are:

  • 10 GB per file per month for Individual, Personal Pro and Starter plans
  • 2 TB per file per month for all other plans

Some actions – such as files uploaded by a user and downloaded via an open access shared link – will count against both categories (i) and (ii) above.

Box also reserves the right to regulate your use of Box if your overall enterprise bandwidth – the total bandwidth used by anyone to access your files in Box – reaches a level which, in Box’s reasonable and final determination, suggests you are using Box as content delivery network or media distribution service. The Box Service is not intended for the mass distribution of files.

b. API Calls

An API Call is a request by a client application for a specific action or data from another application which completes the request and delivers the result back to the client. API Calls count towards your account allotment each time the Box API receives a request whether it is intended for the Box Service to receive or send data, regardless of whether the API Call achieves its intended result.

API Calls to non-Box applications are not available to certain account levels (e.g. Individual, Personal Pro, Starter). If the [Box Plans and Pricing page] or your written agreement with Box does not include an API Call allocation, you may not use any API Calls nor integrate your Box account with any third-party application.

Box provides [technical documentation] identifying the acceptable use limits on API Call traffic on a per-user and per-enterprise basis. API Call traffic is calculated across all applications utilizing the API – the limits are calculated per API, not per application using the API – and will include calls made by active applications simultaneously.

When a user or enterprise generates API Calls exceeding the acceptable use limits, or if Box determines in its reasonable and final discretion that an API Call or rapid combination of API Calls risk causing site instability or other disruptions, a standard “429 Too Many Requests” error message (“429s”) will be returned, with an indication of when to retry the request. Please refer to API reference documentation for best practices on how to handle 429s responses.

c. Additional Limits

Additional limits on account usage such as total storage capacity, file size upload limits, and Box Sign requests, can be found on the [Box Plans and Pricing page] or as otherwise identified in your written agreement with Box.


 

Section 2: Fair Account Management

a. User Limitations

Each individual using the Box Service (including your employees and contractors) must have an account tied to a unique email address. You are responsible for ensuring any of your employees have a valid purchased license for the Box Service. You may not deploy or permit employees to deploy User Accounts in excess of your entitlement without purchasing additional account licenses.

Users and customers may not take actions to artificially decrease their user count. Examples of such behavior include (but are not limited to):

(i) Creating a single user account that multiple users share.
(ii) Creating user accounts tied to a generic email address or alias (e.g. salesteam@xyz.com).
(iii) Deleting user accounts prior to a true-up and then subsequently re-provisioning those accounts.
(iv) Provisioning user accounts using an employee’s personal email address for the purpose of circumventing the Customer’s user count.

Additionally, user accounts cannot be used as a “system account” or “service account” that uses Box APIs and are independent of a specific person without Box’s prior authorization. If you have a use case for an account that is not tied to a specific person, for example, connecting backend systems to aggregate files and move them to Box via API, migrating files from an internal repository to Box via API, scanning new files that are uploaded to Box via API, and other similar uses of the Box APIs – please contact your account executive or Box Support.

b. Platform Use Limits

Box Platform is a set of tools which enable our customers to provide content management benefits to users that access Box files or other resources using a third-party application. The use of Box Platform requires the prior purchase of Platform Resources which include Monthly Active Users, Monthly Platform API Calls, Monthly Platform Bandwidth, and Platform Storage. Except as otherwise mentioned in your agreement with Box, Platform Resource usage is measured based on your average usage over the prior twelve-month period, with the exception of Platform Storage which is measured as a total amount of terabytes at any given time. Monthly Platform Bandwidth is measured separately from user bandwidth – the process for user bandwidth is identified in Section 1 above.

Box Business, Business Plus, Enterprise, and Enterprise Plus customers have access to Platform Resources as identified on the [Box Pricing page]. If you choose to purchase additional Platform Resources, your order form or order confirmation will state the Platform Resources available for your use. You are responsible for purchasing sufficient Platform Resources to avoid excessive use and for purchasing additional Platform Resources if your use exceeds the purchased quantities.

c. External Collaborator Limitations

Box encourages collaboration between users from different accounts, including between companies that purchase Box accounts and users with free Individual plans. Many of our account levels include unlimited external collaborators. This allows companies to work with external contractors, customers, consultants, partners, or anyone that signs up for a Box account.

However, you may not create or encourage or direct the creation of individual accounts for the purpose of avoiding limitations on service rate limits or the purchase of Box licenses in exceeding your user entitlement. Additionally, Box also reserves the right to regulate your use of Box if your number of external collaborators greatly outnumbers your number of user accounts, which would suggest you are using Box as a content delivery network or media distribution service. The Box Service is not intended for the mass distribution of files.

More information and best practices for managing internal and external users – including information on how to invite an external user to be managed as part of a Box account – are available here.


 

Section 3. Fair Account Behavior

While the Box Service can be utilized for a multitude of business activities, it should not be used for the following:

a. No Monetization of the Box Service

The Box Service is purchased by you and your use of the Service must be intended only for your benefit. You are prohibited from transferring, renting, reselling, charging or otherwise commercializing any use of the Box Service that you have purchased from Box, in whole or in part, unless otherwise expressly permitted by the terms of your Agreement. This includes, for the avoidance of doubt, the use of the Box Service for phishing, extortion, pyramid schemes, unsolicited commercial messaging (e.g. spam), as the infrastructure for an electronic currency or token, or to support a third-party cloud storage offering.

b. IP Prohibitions

You are prohibited from reverse engineering, disassembling, decompiling, otherwise recreating the Box Service or creating derivative works of the Box Service. You may not access the Box Service for the purposes of replicating any element of the Box Service as part of a product or service that competes with Box.

c. False or Misleading Acts

Honesty is the best policy. Users may not use the Box Service to falsely or misleadingly identify themselves or information about themselves (e.g. employer, title, or affiliations).

d. Security Testing

Overburdening the Box Service or attempting to circumvent access limitations or monitoring mechanisms for the Box Service or its related systems and networks is prohibited. Performance and disclosure of security tests, vulnerability scanning, penetration testing, or similar activities conducted without the prior written consent of Box is prohibited.

e. Content Delivery Network

The Box Service may not be used as a content delivery network or media distribution service.

f. Illegal content and acts

To report content on Box that may violate European Union Law, please click here. Please note that we remove or restrict access to content in the country/region to which it may be deemed illegal, including when content is found to violate Box's policies or Terms of Service.