Dear Ronen and community,

is there any data/information privacy statement available?
I want to know if SandboxIE is gathering any information from my computer system and sent it to another system.
Thanks for responding to my question in advance.

Isn't it enough that every Sandboxie program window that has anything to do with Internet says it isn't collecting or transmitting your information?

Not to mention, if you're this worried about Sandboxie spying on you, use a FW and see if Sandboxie's trying to send your personal information over the internet.

Afaik, Sandboxie only does 2 things as of now.
It checks the Sandboxie site for a newer version of Sandboxie (if you allow it), and every 90 days Sandboxie verifies your licensing information against a white/black list.

Well, tzuk, basically you're saying "just trust me." And personally, I do.

But just as there are varying definitions of "vegetarian," there are also varying definitions of "personal." What's your definition? If the license key is sent to sandboxie.com during activation, it may not be "personal," but it is personally identifiable since it's uniquely linked to a name, address, and credit card.

I would understand if your first instinct is to dismiss privacy concerns outright. But not everyone has heard of tzuk or Sandboxie before, and you could probably put reasonable people at ease with just a few quick sentences, along the lines of:

During activation, your license key, system code, and version number are sent to sandboxie.com. The system code is a non-reversible, unique hash generated from your current computer configuration - it cannot be used to deduce your actual hardware. The collected information will only be used to determine the activation status of your software and will not be used to identify, track, or contact you. IP addresses are logged and purged after 90 days.

Although I'm sure you have other priorities, you could eventually stick something standard like this on your site and in the EULA. Those that don't care will continue not caring, and those that are hesitant to buy will hopefully be reassured.

Thanks. Your paragraph is very nice and I may incorporate it into the licensing FAQ or the product activation notes at some point. But I don't think it says "trust me" any more or any less than the one-line privacy statement that appears in the program.

None of your personal information is stored on Sandboxie.com -- not your name, not your email, not your credit card; nothing -- and that is stated succintly in the one-liner. If someone does not believe that, and does not trust me, I don't know why a longer or a shorter paragraph should make a difference?

Thanks!


My fault - I didn't mean to suggest outright distrust, but more of a healthy caution, especially for those new to Sandboxie.

You're right that, logically, the one-liner is an efficient summary. But I think sometimes people also want, for reassurance, to hear things explicitly instead of having to infer. (Similar experience with wives or significant others, anyone? )

Perhaps the one-liner is a bit like saying, "Don't worry." Whereas a paragraph explains, "Don't worry, because I'm only sending x and y, which you can see are quite innocuous, and I've taken these other steps to protect your privacy." The paragraph provides explicit supporting details and adds transparency to the process.

Providing a few details can also help because "personal" means different things to different people. For example, Microsoft used to collect the machine name when activating, but some people raised concerns (.pdf link) because it could sometimes contain the user's real name.

Exactly as Mike said - Saying only what you send is not the same as saying "no personal information". The definition of "personal information" or "personally identifiable information" is very subjective and is the topic of much debate. Some would argue for example, that a name or IP by itself is not considered personally identifiable. But combined they can become personally identifiable etc.

Recently the topic of "Side Channel" privacy leakage is quite hot, where commercial companies use harmless looking information like TimeZone or Browser Plugin information to build a unique trackable fingerprint of a surfer.

On the top of the sandboxie web page it says 'Trust No Program', which I find interesting given the vein of this topic. Although technically you're trusting anything you run on your computer, heck, you're trusting Microsoft by running Windows!

Considering I'm not actually doing anything wrong -- I think -- that is if you believe me that Sandboxie knows nothing about you except your Product Key -- then I think we're spending way too much time on this topic debating what is personal and what is not.

Personally, I think the one-liner is fine, and I will incorporate Mike suggestion into the online pages, and I think we can leave it at that?

And actually on second review I think the original poster asked if Sandboxie was generally collecting data as part of normal use, and sending it somewhere, i.e. not specifically related to activation.