Skip to main content
Sinosend is designed from the ground up to support your obligations under the General Data Protection Regulation (GDPR) and the UK GDPR. Whether you are transferring commercial documents across borders or sharing sensitive client files, you can use Sinosend with confidence that the underlying platform meets European data protection standards.

GDPR compliance at a glance

EU Data Residency

Store files in EU data centers. Select your preferred region on any individual transfer or set a default region for your account.

UK Data Residency

A UK data center is available for organisations subject to UK GDPR. Select it the same way as the EU region.

Data Processing Agreement

A DPA is available on request. Email support@sinosend.com to receive and sign a DPA for your organisation.

Right to Deletion

Delete your account and all associated data at any time from Account Settings. All files, metadata, and personal data are removed from Sinosend systems.

EU and UK data residency

By default, Sinosend stores your files in the data center region closest to you. If you need files to remain within the European Economic Area (EEA) or the United Kingdom, you can specify a region explicitly.

Set a data region for an individual transfer

1

Start a new transfer

Click New Transfer from your dashboard.
2

Open Advanced settings

In the transfer settings panel, click Advanced to expand the section.
3

Select your data region

Use the Storage region dropdown to choose EU (Frankfurt) or UK (London), or any other available region.
4

Complete and send the transfer

Finish adding files and recipients, then click Send. The files are stored exclusively in the selected region.
If your organisation always requires EU or UK storage, contact support@sinosend.com to set a default data region for your entire account so you do not need to select it on every transfer.

Data Processing Agreement (DPA)

Under GDPR, if Sinosend processes personal data on behalf of your organisation, it acts as a data processor and you act as the data controller. A Data Processing Agreement formalises this relationship and documents the safeguards Sinosend applies. To request a DPA, email support@sinosend.com with the subject line DPA Request and include your organisation name. The Sinosend compliance team will send you the agreement within two business days.
The availability of a GDPR-compliant DPA is noted on the Sinosend pricing page. There is no additional charge for the DPA itself.

What data Sinosend collects

Sinosend collects the minimum data necessary to operate the platform. Here is what is stored and why:
Data typeExamplesPurpose
Account informationName, email address, password hashAccount creation, authentication, and support
Transfer metadataFile names, file sizes, send date, expiry dateDisplaying transfers in your dashboard and powering search
Recipient informationRecipient email addressDelivering transfer notifications and controlling access
Access logsRecipient IP address, timestamp, city, countrySecurity monitoring, per-transfer access reports, audit trails
Billing informationPayment method details (handled by Stripe)Processing subscription payments — Sinosend never stores raw card numbers
File contents are encrypted at rest using AES-256 and are never read or analysed by Sinosend. Only transfer metadata (file name, size, type) is stored in queryable form.

Data retention

Data categoryRetention period
Transfer filesRetained for the duration of the transfer expiry you set. Files are deleted automatically when a transfer expires or is manually deleted.
Access logsRetained for 90 days by default. Paid plans can configure custom retention rules.
Account dataRetained while your account is active. Deleted in full when you delete your account.
Billing recordsRetained for seven years for statutory financial record-keeping obligations.
You can configure automated deletion policies for transfers by going to Account SettingsRetention rules.

Your right to deletion

You have the right to delete your Sinosend account and all associated personal data at any time. This covers your account profile, all transfers and uploaded files, recipient data associated with your transfers, and access logs.
1

Open Account Settings

Click your profile icon in the top-right corner and select Account Settings.
2

Scroll to Danger Zone

Scroll to the bottom of the Account Settings page to the Danger Zone section.
3

Select Delete Account

Click Delete Account and follow the confirmation prompts. You will be asked to type your email address to confirm the deletion.
Account deletion is permanent and irreversible. All files, transfers, team data, and account information are removed from Sinosend systems and cannot be recovered. Export any data you need to retain before proceeding.

Subprocessors

Sinosend uses the following third-party subprocessors to deliver the service:
SubprocessorRoleData involved
Alibaba CloudInfrastructure and file storageEncrypted file data and transfer metadata
StripePayment processingBilling and payment method information
Sinosend maintains Data Processing Agreements with all subprocessors. If your DPA requires a complete and up-to-date subprocessor list, it will be attached as a schedule to your signed agreement.
If you have a specific compliance question that is not covered here — such as a request for a security questionnaire, an ISO 27001 certificate, or a penetration test report — contact support@sinosend.com and the Sinosend compliance team will respond within two business days.