Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks. We have implemented a variety of cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess and manage such material risks. Our approach includes: (1) an enterprise risk management program, which includes cybersecurity risks and is periodically refreshed; (2) security and privacy reviews designed to identify risks from new features, software, and vendors; (3) a vulnerability management program designed to identify hardware and software vulnerabilities; (4) an internal red team program, which simulates cyber threats, intended to allow us to address vulnerabilities before threat actors identify them; and (5) a threat intelligence program designed to model and research our adversaries. These processes vary in maturity across the business and are processes we work to continually improve. Our process for identifying and assessing material risks from cybersecurity threats (our “Cybersecurity Process”) operates alongside our broader overall risk assessment process, covering other risks facing the company. As part of our Cybersecurity Process appropriate disclosure personnel will collaborate with subject matter specialists, as necessary, to gather insights for identifying and assessing material cybersecurity threat risks, their severity, and potential mitigations. We also maintain an incident response program to prepare for, detect, respond to, and recover from cybersecurity incidents, which include processes to triage, assess the severity of, escalate, contain, investigate, and remediate identified incidents, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. Further, we conduct periodic tabletop exercises to test and fortify the controls of our cyber incident response program. The incident response team assesses the severity and priority of incidents, with escalations of cybersecurity incidents provided to our management team. If a cybersecurity incident is determined to be a material cybersecurity incident, our incident response plan and cybersecurity disclosure controls and procedures define the process to disclose such a material cybersecurity incident. Our cybersecurity risk management approach is supplemented by external and internal management audits against commonly accepted frameworks, including SOC-2 and ISO 27001, which are designed to test the effectiveness of our security controls. We conduct penetration testing on a periodic basis and have established an external bug bounty program through which security researchers can help identify vulnerabilities in our systems before threat actors do. We also maintain a vendor risk management program designed to identify and mitigate risks associated with third-party suppliers and business partners. This program includes pre-engagement diligence, contractual security and notification provisions, and ongoing monitoring, as appropriate. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading “We have in the past and may continue to experience privacy and data security breaches or incidents” included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks. We have implemented a variety of cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess and manage such material risks.
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our Board of Directors is actively involved in overseeing cybersecurity risk management. At least once a year, the Board of Directors discusses our programs and policies related to cybersecurity and risk initiatives and considers them closely both from a risk management perspective and as part of Dropbox’s business strategy. Additionally, our Audit Committee oversees programs and policies related to cybersecurity risks and initiatives. Our Audit Committee is comprised entirely of independent directors who evaluate these issues at least quarterly.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Board of Directors is actively involved in overseeing cybersecurity risk management. At least once a year, the Board of Directors discusses our programs and policies related to cybersecurity and risk initiatives and considers them closely both from a risk management perspective and as part of Dropbox’s business strategy. Additionally, our Audit Committee oversees programs and policies related to cybersecurity risks and initiatives. Our Audit Committee is comprised entirely of independent directors who evaluate these issues at least quarterly.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	At least once a year, the Board of Directors discusses our programs and policies related to cybersecurity and risk initiatives and considers them closely both from a risk management perspective and as part of Dropbox’s business strategy. Additionally, our Audit Committee oversees programs and policies related to cybersecurity risks and initiatives. Our Audit Committee is comprised entirely of independent directors who evaluate these issues at least quarterly.
Cybersecurity Risk Role of Management [Text Block]	Members of senior leadership are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described herein, including the operation of our incident response plan. Additionally, all employees are required to complete annual information security and privacy training, which are reviewed and updated annually. They also receive ongoing security awareness education via informational emails, talks and presentations, and resources available on our intranet.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks. We have implemented a variety of cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess and manage such material risks. Our approach includes: (1) an enterprise risk management program, which includes cybersecurity risks and is periodically refreshed; (2) security and privacy reviews designed to identify risks from new features, software, and vendors; (3) a vulnerability management program designed to identify hardware and software vulnerabilities; (4) an internal red team program, which simulates cyber threats, intended to allow us to address vulnerabilities before threat actors identify them; and (5) a threat intelligence program designed to model and research our adversaries. These processes vary in maturity across the business and are processes we work to continually improve.

Our process for identifying and assessing material risks from cybersecurity threats (our “Cybersecurity Process”) operates alongside our broader overall risk assessment process, covering other risks facing the company. As part of our Cybersecurity Process appropriate disclosure personnel will collaborate with subject matter specialists, as necessary, to gather insights for identifying and assessing material cybersecurity threat risks, their severity, and potential mitigations.

We also maintain an incident response program to prepare for, detect, respond to, and recover from cybersecurity incidents, which include processes to triage, assess the severity of, escalate, contain, investigate, and remediate identified incidents, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. Further, we conduct periodic tabletop exercises to test and fortify the controls of our cyber incident response program. The incident response team assesses the severity and priority of incidents, with escalations of cybersecurity incidents provided to our management team. If a cybersecurity incident is determined to be a material cybersecurity incident, our incident response plan and cybersecurity disclosure controls and procedures define the process to disclose such a material cybersecurity incident.

Our cybersecurity risk management approach is supplemented by external and internal management audits against commonly accepted frameworks, including SOC-2 and ISO 27001, which are designed to test the effectiveness of our security controls. We conduct penetration testing on a periodic basis and have established an external bug bounty program through which security researchers can help identify vulnerabilities in our systems before threat actors do. We also maintain a vendor risk management program designed to identify and mitigate risks associated with third-party suppliers and business partners. This program includes pre-engagement diligence, contractual security and notification provisions, and ongoing monitoring, as appropriate.

We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading “We have in the past and may continue to experience privacy and data security breaches or incidents” included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board of Directors is actively involved in overseeing cybersecurity risk management. At least once a year, the Board of Directors discusses our programs and policies related to cybersecurity and risk initiatives and considers them closely both from a risk management perspective and as part of Dropbox’s business strategy. Additionally, our Audit Committee oversees programs and policies related to cybersecurity risks and initiatives. Our Audit Committee is comprised entirely of independent directors who evaluate these issues at least quarterly.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

At least once a year, the Board of Directors discusses our programs and policies related to cybersecurity and risk initiatives and considers them closely both from a risk management perspective and as part of Dropbox’s business strategy. Additionally, our Audit Committee oversees programs and policies related to cybersecurity risks and initiatives. Our Audit Committee is comprised entirely of independent directors who evaluate these issues at least quarterly.

Cybersecurity Risk Role of Management [Text Block]

Members of senior leadership are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described herein, including the operation of our incident response plan. Additionally, all employees are required to complete annual information security and privacy training, which are reviewed and updated annually. They also receive ongoing security awareness education via informational emails, talks and presentations, and resources available on our intranet.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true