Skip to content

Box to Filen: Cross the Zero-Knowledge Line on a Real Migration

Move files from Box (server-side encrypted, US-jurisdiction) to Filen (German, zero-knowledge AES-256 end-to-end). Two real methods, verified limits, no fluff.

Introduction

A Box-to-Filen migration is unusual among cloud-to-cloud moves: it crosses a trust boundary that most other transfers don't. Box uses server-side encryption — Box itself can read your files. Filen is end-to-end encrypted with a key derived from your password on your device, so neither Filen nor any third party can. The implication is concrete: any tool that moves data between the two has to decrypt-on-pull from Box, then encrypt-on-push into Filen using your Filen password as the key material. This guide is for teams or individuals who want that trust shift on purpose — privacy-first storage in EU jurisdiction — and want a clear picture of what works, what to verify, and which limits actually bite.

Quick Navigation

About Box

Box is a US-headquartered enterprise content platform that has been the default file storage layer for many regulated industries (healthcare, financial services, government) since the early 2010s. It is built around Box Notes, Box Sign, and a deep permissions model that maps onto Active Directory / Okta for identity-managed access. Files are encrypted at rest with AES-256, but the encryption is server-side — Box holds the keys and can decrypt under legal process or for legitimate platform operations such as antivirus scanning.

Per-file upload size depends entirely on the plan: 250 MB on Free Personal, 5 GB on Business, 15 GB on Business Plus, 50 GB on Enterprise, and 500 GB on the Enterprise Advanced tier introduced in 2025. The same number is the cap on a single transfer — chunking is handled by Box's client SDKs but the file itself must fit. That ceiling is the first thing to check when planning a Box exit.

Things to know about Box before you leave

  • Per-plan upload cap: 5 GB (Business), 15 GB (Business Plus), 50 GB (Enterprise), 500 GB (Enterprise Advanced). Files above your plan's cap will not transfer until you upgrade or split them.
  • API rate limit: 10 API calls/sec/user and 4 uploads/sec/user; Enterprise accounts also see a 100,000 API calls/month soft cap on certain license-based endpoints. Long migrations should expect throttling.
  • Server-side AES-256 encryption: Box can decrypt your files on its side. This matters for the migration: a tool can read your Box content using your token, which is exactly how it gets transferred out.
  • Trash retention: 30 days by default; admin-configurable on Business and above. After purge, files are unrecoverable — confirm everything you need is out before deleting on the Box side.

Why people stay on Box

Box is sticky for organizations that built workflows around Box Sign, Box Relay, and tight Microsoft 365 / Salesforce integration. Migration is a pure data move; the workflow integrations rarely come along, which is the strongest reason most Box-to-anywhere migrations are partial rather than full cutovers.

  • Identity-mapped permissions: Folder ACLs that mirror your IdP — useful in regulated industries, but they do not survive the move to a consumer-style E2E destination.
  • Compliance certifications: FedRAMP, HIPAA, GxP, FINRA — Box's compliance posture is the main reason the platform is hard to leave for production workloads, and the main reason individual users / project archives leave it without dragging the rest of the org.

About Filen

Filen is a German-developed, German-hosted cloud storage platform built around zero-knowledge end-to-end encryption. Files are encrypted with AES-256 on your device using a key derived from your password before they leave for Filen's servers. The architectural promise is that Filen literally cannot read your data — there is no server-side decryption path, no admin override, no court-ordered key recovery. The platform is run by a small team and is one of the price-leaders in the E2E category.

Free accounts get 10 GB (with up to 30 GB of additional storage available through referrals, for a 50 GB ceiling on the free tier). Paid plans start at $0.99/month for 100 GB and go up to $8.99/month for 2 TB on monthly billing. Lifetime plans are available — 200 GB at €49.99, 500 GB at €119.99, 2 TB at €278.99. There is no hard cap on individual file size and no published bandwidth cap on uploads or downloads.

Filen's posture in one paragraph

  • Zero-knowledge AES-256 E2E: Encryption key is derived from your password on-device. Lose the password, lose the data — Filen cannot reset or recover it.
  • 10 GB free tier: Most generous E2E free tier in the category; expandable to 50 GB through referrals. No file size cap on the free plan.
  • German jurisdiction: Servers and team in Germany — a clean fit for GDPR-conscious workflows that want to step away from US-controlled platforms entirely.
  • Lifetime pricing: 200 GB / 500 GB / 2 TB lifetime plans (€49.99 / €119.99 / €278.99) — relevant when Box's per-seat pricing was the reason for the move.

What Filen is not

  • Not a workflow platform: No Box Sign equivalent, no enterprise ACL grafting onto your IdP, no Salesforce integration. It is storage with strong privacy guarantees, not a productivity suite.
  • Not a server-side encrypted destination: Because Filen is end-to-end encrypted, server-side features that require Filen to read your files (full-text search across your account, server-side preview generation for arbitrary types, virus scan) are not available. This is the trade-off the architecture makes on purpose.

Why move from Box to Filen?

The migration is rarely about price alone — it is usually a privacy-posture change, sometimes alongside cost. Here is what concretely shifts:

  • From server-side AES-256 to zero-knowledge AES-256: Box holds your decryption keys; Filen does not. After the migration, no party other than the password holder can read the files — including under legal process targeting Filen.
  • Per-seat → flat or lifetime pricing: Box's smallest paid tier costs more per user than Filen's 2 TB monthly plan ($8.99/mo) for the whole account. For project archives, Filen's €278.99 lifetime 2 TB is competitive against any subscription cloud over a 3+ year horizon.
  • US jurisdiction → German jurisdiction: Box runs on US-controlled infrastructure and is subject to the US CLOUD Act. Filen's servers and operating company are in Germany — clean GDPR fit when the goal is removing US legal exposure for sensitive archives.
  • Production platform → cold archive destination: Most Box-to-Filen moves are not full cutovers. The realistic pattern is: move dormant project folders, completed engagements, and personal archives off Box and into Filen, while keeping Box for active workflows that need its productivity features.

Treat Box-to-Filen as a one-direction archive move, not a workflow migration. The destination is intentionally feature-light because the encryption architecture demands it.

Before you start

Three checks save the most time later.

  • Inventory Box files larger than 5 GB: Plan caps bite hardest above 5 GB on Business and 15 GB on Business Plus. Run a Box search by file size; anything over the cap will fail to download until you split it or upgrade the plan.
  • Set the Filen password somewhere recoverable: Filen's password derives the AES-256 key used to encrypt every file. Lose it after the migration and the data is unrecoverable — Filen cannot reset it. Use a password manager or write it down twice and store separately.
  • Decide on 2FA before the first transfer: Filen supports TOTP-based 2FA. Enable it before moving sensitive data; CloudsLinker prompts for the 2FA code as part of the credential connection.

With those three settled, both methods below take roughly the same shape — they differ mainly in how much local bandwidth and human attention they spend.

Two ways to move from Box to Filen

The browser-based path works for small project folders and gives you per-file verification. The cloud-to-cloud path with CloudsLinker runs server-side and is the practical choice once the dataset crosses a few hundred gigabytes or the file count makes manual handling tedious. Both methods are described honestly with their real limits.

Method 1: Browser download from Box, web upload to Filen

1. Download from Box

In the Box web app, navigate to the folder, click More optionsDownload. Box builds a single ZIP archive of the folder contents. For folders larger than ~5 GB the web download is unreliable — switch to the Box Drive desktop client and copy from the mounted drive directly. Box's per-plan upload cap also functions as a per-file download cap, so anything that exceeded your plan's limit on the way up will already have been uploaded as multipart and the ZIP path may stall.

Box Drive (the desktop mount) is more reliable than the in-browser ZIP path for any folder over a few GB, especially on slow links.

2. Verify the local copy

Run find ./box-export -type f | wc -l and confirm the count matches what Box's web app showed. For high-stakes data, also generate checksums: find ./box-export -type f -exec sha256sum {} \; > checksums.txt. The Filen web app does not expose server-side checksums, so this is your last opportunity to do byte-level verification before the data crosses into the encrypted-only domain.

3. Upload to Filen via the web app or desktop client

Sign in at filen.io with your account. The web app supports drag-and-drop folder upload — files are encrypted in the browser before transmission, which means upload speed will be slightly slower than a comparable plain upload to Box because the browser is doing AES-256 work on each chunk. For multi-hundred-gigabyte sets, install the Filen desktop client; it parallelizes the encryption pipeline more effectively than the browser.

4. Spot-check on Filen

Open three or four sample files in the Filen web app — they decrypt on-demand using your password-derived key. Confirm folder structure matches the Box source. Sharing links are scoped to Filen and do not carry over from Box; if you had public Box links anyone needs to reach, recreate them from the Filen side.

Method 2: Server-to-server transfer with CloudsLinker

About CloudsLinker

CloudsLinker is a third-party cloud-to-cloud transfer service that connects to Box via Box's official OAuth flow and to Filen via Filen's account credentials (with 2FA support). The transfer runs server-to-server: data is decrypted from Box using your OAuth token, re-encrypted on the wire to Filen using AES-256 in transit, and then re-encrypted on-device-equivalent at Filen using your password-derived key before storage. CloudsLinker uses public APIs of both vendors and is not an official partner of either.

Sign up for CloudsLinker and Receive 10GB Free Monthly

1. Connect Box (OAuth)

In CloudsLinker, click Add CloudBox. CloudsLinker redirects to account.box.com for the standard Box OAuth consent screen. Sign in with your Box credentials, review the requested scopes (read and write file content; CloudsLinker does not request admin or co-admin scopes), and approve. The token is account-scoped and revocable from Box → Account Settings → Security → Apps with Access.

If you are on Box Enterprise with admin restrictions, your Box admin may need to allow CloudsLinker as an approved app from the Box Admin Console before the OAuth grant succeeds.

2. Connect Filen (account credentials + 2FA)

Click Add CloudFilen. Enter your Filen email, password, and the current TOTP code from your authenticator app. Filen's password is also your AES-256 encryption key — entering it into a third-party tool transfers the trust boundary to that tool for the duration of the migration. The token is encrypted at rest with AES-256 inside CloudsLinker and used only inside the active transfer worker. Best practice: change the Filen password after the migration completes if the priority of zero-knowledge separation outweighs operational convenience.

3. Configure the transfer

Pick the source folder on Box (or an entire Box account root), then pick or create a destination folder on Filen. Apply filters as needed — file size cap (useful for excluding files above your Box plan's per-file limit so they don't repeatedly fail), modification-date range (for archive moves, restrict to files older than N months), file-type filters (skip .boxnote native Box format if you don't need it on Filen, since it won't render natively there). Set conflict policy to skip for incremental runs or overwrite for full re-transfers.

4. Start and monitor

Kick off the transfer. CloudsLinker shows a per-file progress view; Box's 10 calls/sec/user rate limit is the practical ceiling on parallelism, so expect ~200–400 GB/day per active token connection on a steady run. On 429 / throttle responses CloudsLinker backs off and retries automatically. When the run completes, download the transfer log (CSV with file path, size, status, timestamp) for archive purposes — useful when you need to confirm what moved during a future audit.

After the transfer

Verify on Filen

Open three or four sample files in the Filen web app. The decrypt happens on demand using your password-derived key — a successful decrypt is the only end-to-end confirmation that the migration's encryption hand-off worked. Walk a few subdirectory levels deep to confirm folder nesting was preserved.

  • Sample-open files: Pick one document, one media file, one archive — confirm each opens correctly.
  • Recreate sharing links: Box shared links do not carry over. Generate new ones from Filen for anyone outside your account who needs access.

Revoke CloudsLinker access on both clouds

Once you've confirmed the data on Filen and have no further runs scheduled, revoke the OAuth grant on Box and rotate the Filen password if the password was entered into the CloudsLinker tool.

  • Revoke on Box: <code>account.box.com</code> → <strong>Account Settings → Security → Apps with Access</strong> → find CloudsLinker → <strong>Disconnect</strong>.
  • Rotate the Filen password (optional but recommended): Filen → <strong>Settings → Account → Change password</strong>. This re-derives a new AES-256 key for the account; existing files are re-encrypted under the new key transparently.

Decide what stays on Box

Most Box-to-Filen migrations are not full cutovers. Decide which folders to delete from Box (or downgrade the plan if the migration removes enough seats / storage), and which to keep for production workflows that need Box Sign / Box Relay / IdP-mapped ACLs.

  • Audit remaining Box footprint: Use Box's storage report to see what's left after the migration.
  • Plan the Box wind-down: Either downgrade the Box plan, delete migrated folders, or keep Box as production with Filen as long-term archive.

FAQ — Box to Filen

Does Box's server-side encryption survive the migration to Filen?

No, and that's the point. Box decrypts your file when it serves it through the API; the migration tool then re-encrypts it for upload to Filen, where Filen's zero-knowledge AES-256 takes over. The trust shift is intentional — after the move, no party except the Filen password holder can decrypt the data.

How long does a 1 TB Box-to-Filen migration take?

Plan for <strong>2–5 days per TB</strong> via CloudsLinker, throttled by Box's <strong>10 API calls/sec/user</strong> rate limit and the <strong>4 uploads/sec/user</strong> upload cap. The browser-and-upload manual method takes longer because each file is re-encrypted in the browser; expect 5–10 days per TB on a typical residential link.

What's Box's per-file upload cap on my plan, and will it block the migration?

<strong>Business: 5 GB. Business Plus: 15 GB. Enterprise: 50 GB. Enterprise Advanced: 500 GB.</strong> Files above your plan's cap could not be uploaded in the first place, so they are not on Box. But files near the cap that were uploaded as multipart will download fine via API. Inventory anything above 5 GB before starting.

Can CloudsLinker keep Box folder structure intact?

Yes. Folder hierarchy and file names transfer 1:1. What does <em>not</em> transfer: Box-specific permissions (Box Notes ACLs, Box Sign workflows, Box Relay automation). Filen does not have an equivalent permission model — it is per-account zero-knowledge storage, with sharing handled via per-file or per-folder share links.

Will Box Notes (.boxnote files) work on Filen?

No. <code>.boxnote</code> is a Box-proprietary format that only renders in the Box web app. Before migrating, export Box Notes to <code>.docx</code> or <code>.pdf</code> from inside Box; CloudsLinker can filter out the original <code>.boxnote</code> files in the transfer config so you don't end up with unreadable copies on Filen.

What is Filen's free tier, and is it enough to test the migration?

<strong>10 GB free</strong>, expandable to <strong>50 GB</strong> via referrals (one referral signup adds 10 GB; three more invites add 30 GB). That is enough to run a full dry run on a representative subfolder before committing to the paid plan you'll need for the full dataset.

Why does Filen need my password as an actual password, not just a token?

Because Filen's password derives the AES-256 encryption key used to encrypt every file on your device before upload. There is no separate API token because there is no server-side process that could authenticate one — Filen does not have a copy of your key on the server side to validate against. This is an architectural property of zero-knowledge encryption.

Is CloudsLinker an official partner of Box or Filen?

No. CloudsLinker is a third-party tool that uses Box's public OAuth API and Filen's public credential-based API under your authorization. You can revoke access from each cloud's settings at any time. Treat the migration as a one-time data transit window where a third party briefly holds tokens for both clouds, rather than an ongoing integration.

How do I revoke CloudsLinker after the migration?

<strong>Box:</strong> <code>account.box.com</code> → <strong>Account Settings → Security → Apps with Access</strong> → find CloudsLinker → <strong>Disconnect</strong>. <strong>Filen:</strong> there is no per-app revoke list (Filen credentials are account-equivalent), so the right action is to <strong>change the Filen password</strong> from <strong>Settings → Account</strong>. The old credentials are immediately unusable; the account password change re-derives the encryption key transparently.

Can I run incremental Box-to-Filen syncs after the initial migration?

Yes. CloudsLinker schedules hourly / daily / weekly incremental jobs that move only new or changed files. Set conflict policy to <strong>skip</strong> for the incremental runs. Useful when Box stays as production for active workflows and Filen is the long-term encrypted archive that needs to stay current.

Box → Filen at a glance

Box Filen
Free tier 10 GB (Free Personal) 10 GB; up to 50 GB via referrals
Max single file 5 GB (Business) / 15 GB (Business Plus) / 50 GB (Enterprise) / 500 GB (Enterprise Advanced) No published cap
Storage price (paid) From ~$15/user/mo (Business) for 100 GB/user $0.99/mo for 100 GB; $8.99/mo for 2 TB
Lifetime plans None 200 GB €49.99; 500 GB €119.99; 2 TB €278.99
Encryption at rest AES-256 server-side (Box holds keys) AES-256 zero-knowledge end-to-end (you hold the key)
Region / jurisdiction US (Box-controlled, US CLOUD Act applies) Germany (German jurisdiction, GDPR-aligned)
Connection method (CloudsLinker) OAuth via account.box.com Account credentials + 2FA
API rate limit 10 calls/sec/user; 4 uploads/sec/user No published per-second cap (single-key serial uploads)
Trash retention 30 days default (admin-configurable on Business+) 30 days
Native productivity suite Box Notes, Box Sign, Box Relay None — storage only, by design

Limits and quotas you should know

Box:

  • Per-file upload caps: 250 MB (Free Personal), 5 GB (Business), 15 GB (Business Plus), 50 GB (Enterprise), 500 GB (Enterprise Advanced, 2025).
  • API rate limit: 10 calls/sec/user, 4 uploads/sec/user. Enterprise license-based endpoints may also be subject to a 100,000 calls/month soft cap.
  • Trash retention: 30 days default; admin-configurable on Business and above plans.
  • Encryption: AES-256 server-side — Box holds the keys.
  • Region / jurisdiction: US-controlled infrastructure; subject to the US CLOUD Act.
  • Authentication for migration: OAuth 2.0 via account.box.com; tokens are revocable from Account Settings.

Filen:

  • Per-file upload cap: none published; multi-GB and multi-TB single files work via chunked client-side encryption.
  • Bandwidth: no published cap on uploads or downloads. Practical ceiling is your network speed and the on-device AES-256 encryption pipeline.
  • Free tier: 10 GB, with up to 40 GB added via referrals (one signup +10 GB, three invites +30 GB → 50 GB max free).
  • Paid plans: $0.99/mo for 100 GB, $8.99/mo for 2 TB monthly. Lifetime: 200 GB €49.99; 500 GB €119.99; 2 TB €278.99.
  • Trash retention: 30 days on the free plan; same on paid.
  • Encryption: AES-256 zero-knowledge end-to-end — key is derived from your password on-device. Filen cannot reset, recover, or read.
  • Region / jurisdiction: Germany — German company, German hosting, GDPR-aligned by default.
  • 2FA: TOTP-based (Google Authenticator / 1Password / etc.); enable before the first transfer.

Sources: Box: Maximum file size you can upload, Box: 15GB file size limit for Business Plus and above, Box: Large file size limit for uploads and downloads (Jan 2025), Box Developer: Rate Limits, Filen: Pricing, Filen: Encryption, Filen: Knowledge base, Filen Review 2026 (Cloudwards).

Conclusion

Box-to-Filen is worth doing carefully because the destination is zero-knowledge: once data lands in Filen, no one but you can decrypt it, including the migration tool's operator. For datasets under a few hundred gigabytes the manual download-then-upload path is fine and gives you per-file verification. Past that, CloudsLinker handles the round trip server-side and surfaces a log so you can spot-check counts. Either way, do a dry run on one folder, confirm the file count and a sample file open in the Filen web app, then commit to the bulk move. Once Filen has the data, revoke Box's API token (or downgrade the Box subscription if you're decommissioning) and store your Filen password somewhere recoverable — it is the encryption key, and Filen cannot reset it for you.

Start Your Free Trial at CloudsLinker

Online Storage Services Supported by CloudsLinker

Transfer data between over 49 cloud services with CloudsLinker

OneDrive

OneDrive

Google Drive

Google Drive

Google Photos

Google Photos

Shared Drive

Shared Drive

OneDrive for Business

OneDrive for Business

Dropbox

Dropbox

Box

Box

Mega

Mega

pCloud

pCloud

Yandex

Yandex

ProtonDrive

ProtonDrive

AWS

AWS

GCS

GCS

iDrive

iDrive

Storj

Storj

DigitalOcean

DigitalOcean

Wasabi

Wasabi

1fichier

1fichier

PikPak

PikPak

TeleBox

TeleBox

OpenDrive

OpenDrive

Backblaze B2

Backblaze B2

Fastmail file

Fastmail file

SharePoint

SharePoint

Nextcloud

Nextcloud

ownCloud

ownCloud

Premiumize me

Premiumize me

HiDrive

HiDrive

Put.io

Put.io

Sugar Sync

Sugar Sync

Jottacloud

Jottacloud

Seafile

Seafile

Ftp

Ftp

SFtp

SFtp

NAS

NAS

WebDav

WebDav

4shared

4shared

Icedrive

Icedrive

Cloudflare R2

Cloudflare R2

Scaleway

Scaleway

Doi

Doi

iCloud Drive

iCloud Drive

iCloud Photos

iCloud Photos

FileLU

FileLU

Zoho WorkDrive

Zoho WorkDrive

Telia Cloud / Sky

Telia Cloud / Sky

Drime

Drime

Filen

Filen

TeraBox

TeraBox

Didn' t find your cloud service? Be free to contact: [email protected]

Further Reading

Effortless FTP connect to google drive: Transfer Files in 3 Easy Ways

Explore three efficient methods to connect Google Drive with FTP, enabling seamless file transfers. This comprehensive guide provides detailed instructions, benefits, and tips for effective file management.

Learn More >

Google Photos to OneDrive: 3 Innovative Transfer Strategies

Learn three effective methods to transfer your Google Photos to OneDrive. Explore Web-Based Transfers, Rclone, and CloudsLinker for an efficient shift.

Learn More >

Google Photos to Proton Drive: 3 Effective Transfer Techniques

Discover three practical methods to move your Google Photos to Proton Drive. Learn about Web-Based Uploading, Rclone, and CloudsLinker for a smooth transition.

Learn More >
Back to Top

Ready to migrate from Box to Filen?

Contact Us