Safety

Question

I generally love your product\u002D\u002D in fact, I bought 2 full 3 code stacks.  But my issue is that being in Hong Kong (China), there are inherent risks associated when it comes to the CIA triad (confidentiality, integrity, availability) for your international clients.  With particular regard to confidentiality and integrity\u002D\u002D China\u0027s 2017 Data Security Law means that any data has to be disclosed upon request to Chinese authorities.  As it stands, I would only use Sinosend for non\u002Dsensitive data. But in so doing, it defeats most of the use cases I personally have for this program.\u000a\u000aSo what are you doing to protect the interests and rights of your international clients?  Just saying that you have a server in London (which I don\u0027t believe you can exclusively select, nor are there any guarantees that it is stovepiped/firewalled) is insufficient.

Rishi_Sinosend · Answer

Great question, here is some background:\u000a\u000aSinosend was originally developed to solve the challenges of transferring large files securely between Hong Kong and Mainland China—hence the “Sino” in our name. Small businesses and larger enterprises  struggled to send files across borders efficiently, and we provided a solution to address this specific pain point.\u000a\u000aSince then, we’ve grown into a global file transfer service with customers around the world (with the possible exceptions of North Korea and Antarctica!). However, we’re still a small team, and AppSumo has given us the opportunity to reach more users and refine our focus. With that context, let me address your concerns regarding Availability, Integrity, and, most importantly, Confidentiality.\u000a\u000aAvailability is  less about government access to data and more about our redundancy and backup mechanisms. While we don’t currently advertise a formal SLA your data is stored in three separate zones within our operating region. This ensures that if one zone fails, your data will remain accessible through redundancy measures. We take this responsibility seriously and have implemented robust systems to minimize downtime or data loss.\u000a\u000aIntegrity ensures that your data remains unchanged during transfer or storage.  If Bob sends a message to Alice, how can Alice know the message has not been manipulated by a man in the middle? We solve this by using hashing and encryption technologies. For instance, an MD5 hash is calculated for your file, ensuring that if the data were tampered with during transit, the hashes would no longer match.\u000aSimilarly, encryption ensures that even if a file is intercepted or tampered with en route, it would not be readable without the decryption key.\u000aThis safeguards your data from unauthorized modifications, ensuring that what you send is exactly what your recipient receives.\u000a\u000aConfidentiality. this is the core of your question and understandably a  concern for anyone transferring  data. Here’s how we address confidentiality:\u000a\u000aYou referenced the 2017 China Data Security Law and the assumption that data in Hong Kong would automatically fall under Mainland China’s jurisdiction. However, it’s important to clarify:\u000a\u000aHong Kong operates under a separate legal system. The Personal Data (Privacy) Ordinance (PDPO) governs data privacy in Hong Kong, and it does not mandate the disclosure of data to Mainland China. Hong Kong data users are not required to hand over data to Mainland authorities unless there is a specific legal basis, such as a cross\u002Dborder agreement or something more substantial then a business to business file transfer service. Moreover, we do not store any data in Mainland China. Data may only be transferred to China if your intended recipient is located there, and even then, the data is typically ephemeral.\u000a\u000aTanner DeWitt a internaitoinal law firm has an interesting video on this https://www.tannerdewitt.com/data\u002Dtransfers\u002Dinvolving\u002Dhong\u002Dkong/\u000a\u000aAs with any jurisdiction, we are obligated to comply with lawful requests for data, such as subpoenas or court orders. This is true not only in Hong Kong but also in jurisdictions like the UK, EU, or the U.S., which have similar laws (e.g., the Computer Misuse Act (UK) or the Budapest Convention on Cybercrime). That said:\u000a\u000aWe do not proactively disclose data to authorities.\u000aWe aim to minimize the data we store and retain only what’s necessary to provide our service. You\u0027re also correct that simply stating we have servers in London does not fully address your concerns. While we currently manage server locations regionally, we are working on providing users with the ability to select specific data jurisdictions and one  day be fully GDPR compliant. This is part of our future roadmap.\u000a\u000aYou can try to encrypt your files before uploading,  as is something that some of our customers are doing, but this is tedious \u002D\u002D We do have a roadmap feature we\u0027re planning which is at\u002Dsource encryption prior to upload, stay tuned on this.\u000a\u000aUltimately, it is takes a little trust in an entity that you believe has your best interest in mind and is providing a service that you find valuable. \u002D\u002D As we grow we do plan to address this more in our sales copy and allow our users to choose their data jurisdiction\u000a\u000aThank you for your support, and please feel free to reach out with any further questions or suggestions!

Sinosend

Share Sinosend

Related questions