rok1Q: Gdpr and dpa
1. Do you offer dpa for eu residents in accordance with gdpr?
2. In your terms of use you specify several types of data that is prohibited from being uploaded. Concurrently the data is supposed to be encrypted. Are iu checking the data being uploaded? Is it end to end encrypted like with Proton drive?
Thanks!
Rishi_Sinosend
May 29, 2026A: Some important questions here, lets break it down:
1. Do you offer a DPA for EU residents?
Yes. Our platform is compliant with GDPR (Article 28). We utilize European Commission-approved Standard Contractual Clauses (SCCs) to safeguard data transfers outside the EEA.
You can read our official GDPR Privacy Addendum and Authorized Sub-processor List here: https://sinosend.com/support If your organization requires a signed copy of our Standard DPA, please reach out to Marc Lau at [email protected]. We will just need a few basic company details from you to execute the document.
2. Encryption vs. Content Polling (Is it End-to-End Encrypted?)
To be transparent: Sinosend is encrypted in transit (SSL/TLS) and at rest (AES-256), but it is not End-to-End (E2E) encrypted from device-to-device like Proton Drive. Files are securely encrypted the millisecond they leave your browser and hit our servers. We chose this architecture deliberately for two reasons:
Core Features: E2E encryption makes our download analytics, instant file preview and file scanning complex , actually technically impossible.
Compliance & Data Integrity: Because we operate highly optimized channels into strict regions like mainland China (if you choose this region), we must ensure our network isn't abused for malicious activities (hence our terms of use policy)
3. Do you check the data being uploaded?
No. We respect user privacy and never manually read, look at, or spy on your files. However, our system automatically checks the cryptographic hash of uploaded files against global, automated illicit hash lists to prevent the distribution of CSAM (Child Sexual Abuse Material) and severe malware. Read more here : https://www.iwf.org.uk/our-technology/our-services/image-hash-list/
This is standard practice for enterprise cloud solutions (like OneDrive, Amazon S3, and IBM Cloud).
For us, this is a clear moral line: we refuse to let our network distribute CSAM. Because tools like Proton Drive are completely E2E encrypted, their servers only see scrambled noise, making it mathematically impossible for them to run these vital safety checks.
Utilizing automated, zero-human-eyeballs hash matching is the responsible way to protect our infrastructure, keep our global IP addresses whitelisted, and ensure your business deliveries never get caught up in platform-wide blocks.
Let me know if there is anything I might have missed (three of us came together to write this up for you and the other Sumolings :)
Thanks.
Yes i saw that, i asked the manager to let it go as you are only explaining to us your use case. I understand your reasoning.
No worries, I just contacted support via email.
Hi Rishi, just checking, wrote email to your support email, but no response. Did it perhaps land in spam?
Yes it was in SPAM, checking and reply soon!