How to use Policies in Dropbox Protect

Q: Why don’t I see any policy matches?

You’ll only see policy matches when all the requirements are met. Policies trigger alerts or automations only after every condition is satisfied.

Q: When do policies run? Can I change when policies run?

Policies run automatically once per day at 8:00 UTC and can’t be modified.

Q: Can I stop or undo fixes once they start?

Actions already queued will complete and appear in Action history. They can’t be stopped or undone.Note: If an item only has links or collaborators that are managed at the top level, no policy actions are taken and the item will appear in Action history as Skipped.

Q: Can I edit or delete an action that already ran?

Actions are permanently logged in Action history for visibility and auditing and can’t be modified. Only direct access changes made by a policy are logged. Lower-level items with access managed from the top level appear in Action history as Skipped.

Q: Can I get alerts through Slack?

Currently, alerts are only sent through email.

Q: What happens if an admin is added or removed?

If a new admin is added, they‘ll be available to be added to an alert. If someone is removed as an admin, they’ll be removed from the recipient list.

Admins Updated May 28, 2026

How to use Policies

There are two ways to use policies after you’ve set up your requirements. You can use them together or on their own:

Send an alert: Sends admins an email every 24 hours at 8:00 UTC that summarizes matching policies that need manual review.
Automatically fix it: Performs automatic fixes daily on matching items at 8:00 UTC, with changes logged in Action history.
- Depending on the size of your organization, automatic fixes can take a few hours to complete.

How Policies handle access managed at the top-level

When policies run automatic fixes, they only evaluate and act on items with directly added access. Items with access managed at the top level are skipped and aren’t actioned on.

This only applies to automations run via a policy. Since no fix is applied, these items are logged in Action history as Skipped.

Learn more about top-level permissions.

How to access Policies

After you access Dropbox Protect, click Policies in the side panel.

How to manage policy requirements

There are 14 policy cards that can be edited and customized.

Click Set up on an inactive policy card or the gear icon on an active policy card.
Give your policy a unique name.
Click Edit mode.
Set all the applicable filters.
Click Save and close.
Select if you want to Send an alert, Automatically fix it or both.
- If Send an alert is selected, you can enter the name or email of the admins to notify, select or deselect all, or remove them. By default, only the admin who sets up the alert is added.
Type CONFIRM.
Click Activate on an inactive policy card or Update on an active policy card.

Note: The Accounts and Owner filters are currently hidden on the Policies page.

You can also edit an existing policy while reviewing the policy matches. Use the filters in the left side panel to preview what the matches will look like with the changes.

Be sure to click Edit when you’re ready to make changes and Save and close when you’re done.

Notes:

Policies must have unique filter selections.
If you update an existing policy, the policy matches will stay in the queue, and the next run at 8:00 UTC will reflect the changes.

What automatic fixes are available

Each policy card has a set automatic fix and can’t be changed.

Number of cards	Action
1	Remove collaborator: All external accounts
3	Remove link type: Public
3	Remove link type: Company
3	Remove collaborator: All outside accounts
4	Remove collaborator: All personal accounts

Tip: You can see the automatic fixes in Action history. To see only automatic fixes, enter “policy-automation” in the Actor filter. You can refine your results by adding additional filters.

How Alerts work

Every 24 hours at 8:00 UTC, an email summarizing policy matches that need manual review is sent to admins. The email also has a link to review the matches, and identifies who created the alert.

Notes:

Alerts are transactional emails that can’t be unsubscribed from.
Only the listed admins will receive these emails. Learn more about how to add or change an admin.

How to review and take action on policy matches

You can view policy matches by clicking View matches in the alert email or the matches on the policy card. From there, you can manually take action on the matches individually or in bulk.

Select the matches you want to action on.
Click the action you want to take:
- Add link type
- Remove link type
- Add collaborator
- Remove collaborator
- Stop sharing
- Delete
If applicable, select the action or enter the collaborator.
Type CONFIRM.
Click the action button.

How to deactivate a policy

Click the gear icon on an active policy card.
Scroll to the bottom of the policy card.
Type CONFIRM.
Click Deactivate in the bottom left of the policy card.
Then click Deactivate again in the pop-up.

Note: When a policy is deactivated, alerting and automatic fixes will continue until the start of the next cycle at 8:00 UTC. Policy matches will stay in the queue after deactivation.

FAQs about Policies in Dropbox Protect

Why don’t I see any policy matches?

When do policies run? Can I change when policies run?

Can I stop or undo fixes once they start?

Can I edit or delete an action that already ran?

Can I get alerts through Slack?

What happens if an admin is added or removed?

Was this article helpful?

Yes, thanks!

Not really

Thanks for your feedback!

Other ways to get help

Community

Contact support

Social media support