Data Scape Limited v. Dropbox, Inc.

Western District of Texas, txwd-6:2019-cv-00023

Exhibit I

Interested in this case?

Current View

Full Text

Exhibit I Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 10-K (Mark One) x ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the fiscal year ended December 31, 2018 OR ¨ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the transition period from________to________ Commission File Number 001-38434 Dropbox, Inc. (Exact name of registrant as specified in its charter) Delaware 26-0138832 (State or other jurisdiction of (I.R.S. Employer incorporation or organization) Identification Number) Dropbox, Inc. 333 Brannan Street San Francisco, California 94107 (Address of principal executive offices, including zip code) (415) 857-6800 (Registrant's telephone number, including area code) Title of each class Name of exchange on which registered Class A Common Stock, par value $0.00001 per share The NASDAQ Stock Market LLC (Nasdaq Global Select Market) Securities registered pursuant to Section 12(g) of the Act None Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ¨ No x Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Securities Exchange Act of 1934 (the "Exchange Act"). Yes ¨ No x Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports) and (2) has been subject to such filing requirements for the past 90 days. Yes x No ¨ Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes x No ¨ Indicate by a check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and will not be contained, to the best of registrant's knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. x Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of "large accelerated filer," "accelerated filer," "smaller reporting company," and "emerging growth company" in Rule 12b-2 of the Exchange Act. (Check one): Large accelerated filer ¨ Accelerated filer ¨ Non-accelerated filer x Smaller reporting company ¨ Emerging growth ¨ company If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 7(a)(2)(B) of the Securities Act. ¨ Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ¨ No x The aggregate market value of the registrant's Class A common stock held by non-affiliates of the registrant, based on the closing price of a share of the registrant's Class A common Table of Contents phones, and tablets—were actively connected to the Dropbox platform, representing a large number of touchpoints to communicate with our users. We complement our self-serve strategy with a focused outbound sales effort targeted at organizations with existing organic adoption of Dropbox. Once prospects are identified, our sales team works to broaden adoption of our platform into wider-scale deployments. We also acquire some users through paid marketing and distribution partnerships in which hardware manufacturers pre-install our software on their devices. Our Technology Infrastructure and Operations Our users trust us with their most important content, and we focus on providing them with a secure and easy-to-use platform. More than 90% of our users' data is stored on our own custom-built infrastructure, which has been designed from the ground up to be reliable and secure, and to provide annual data durability of at least 99.999999999%. We have datacenter co-location facilities in California, Texas, and Virginia. We also utilize Amazon Web Services, or AWS, for the remainder of our users' storage needs and to help deliver our services. These AWS datacenters are located in the United States and Europe, which allows us to localize where content is stored. Our technology infrastructure, combined with select use of AWS resources, provides us with a distributed and scalable architecture on a global scale. We designed our platform with multiple layers of redundancy to guard against data loss and deliver high availability. Incremental backups are performed hourly and full backups are performed daily. In addition, as a default, redundant copies of content are stored independently in at least two separate geographic regions and replicated reliably within each region. Our Employees As of December 31, 2018, we had 2,323 full-time employees. We also engage contractors and consultants. None of our employees are represented by a labor union. We have not experienced any work stoppages, and we believe that our employee relations are strong. Our Commitment to Security and Privacy Trust is the foundation of our relationship with our users, and we take significant measures every day to protect their privacy and security. Security Our sophisticated infrastructure is designed to protect our users' content while it is transferred, stored, and processed. We offer multiple layers of protection, including secure file data transfer, encryption, network configuration, and application-level controls. For Dropbox Business teams, our tools also empower administrators with control and visibility features that allow them to customize our platform to their organizations' needs. Our information security policies and management framework are designed to build a culture of security, and we continually assess risks and improve the security, confidentiality, integrity, and availability of our systems. We voluntarily engage third-party security auditors to test our systems and controls at least annually against the most widely recognized security standards and regulations. We also encourage and support independent research through our bug bounty program, where we work with leading security researchers from around the world to maintain the high standards of security our users have come to expect. Dropbox supports HIPAA and HITECH compliance. We sign business associate agreements with our customers who require them in order to comply with the Health Insurance Portability and Accountability Act, or HIPAA, and the Health Information Technology for Economic and Clinical Health Act, or HITECH. We also offer a HIPAA assessment report performed by an independent third party. Privacy We're committed to keeping user data private. Our privacy policy details how users' information is protected and the steps we take to protect it. Dropbox also has terms and guidelines for third-party developers to create applications that connect to Dropbox while respecting user privacy. Dropbox is certified under the EU-U.S. and Swiss-U.S. Privacy Shield and operates a robust privacy program. 10