Sync.com is one of the leading secure cloud storage services. It offers excellent security and privacy with its end-to-end (zero knowledge) encrypted network, along with large amounts of storage and bandwidth. At the same time, it has some limitations that may make it unsuitable for certain applications.
Since our last review, Sync.com has enhanced their service with much greater storage capacity (at a higher price per user). At the same time, they have simplified their pricing plans, making it easier to figure out which plan would be right for you.
As before, we cover both the good and the bad in this Sync.com review. If you are looking for a business caliber cloud storage solution, we think you’ll find this review useful.
- End-to-end encrypted with AES-256, RSA-2048, and TLS
- HIPPA, GDPR, PIPEDA compliant
- Supports 2FA
- 5 GB storage (free plan); 2 TB – unlimited (paid plans)
- Unlimited version tracking and restoration
- Unlimited file sizes
- Unlimited upload/download quota
- No Linux desktop client
- Limited sync folder options
- No monthly billing plans
- No integration with third-party products
To kick off this Sync.com review, let’s do a quick summary of the main features.
Sync.com feature summary
Below is a quick summary of the major features of Sync.com. Note that some of these features are only available with paid plans.
- Supported platforms include Windows, mac OS, Android, iOS, major web browsers
- End-to-end data encryption using AES-256, RSA-2048, and TLS
- 5 GB to unlimited amounts of file storage
- Unlimited upload/download
- Extensive options for controlling access to shared files
- Ability to recover deleted files or roll back entire account
- Synchronizes across all your devices and browsers
- Plans for every level of user from individual to enterprise
- 2FA support
- Vault for non-synced cloud storage
Sync.com, Inc. was founded in 2011 by the founders of the web hosting company Netfirms. Based in Canada, the company is 100% Canadian owned and operated. It is governed by Canadian laws, including PIPEDA, the Personal Information Protection and Electronic Documents Act. 2015 was the year when the company officially launched Sync.com desktop and mobile apps. According to their website, over 750,000 businesses and individuals use the service.
While Canada is a member of the Five Eyes Alliance (FVEY), its privacy protections are generally considered to be better than those of the United States. That said, many privacy advocates advise against using services based in any of the FVEY countries.
Where Sync.com data is stored
The servers where your data is stored are physically located in Toronto, Ontario, Canada. All data is encrypted in transit and at rest. Since Sync.com does not have access to your encryption keys, they are unable to decrypt your data. The company further states,
there is no unsecured data stored on our servers, and your data is not available to Sync.com, its employees, or its subcontractors.
Sounds good to us!
Sync.com Terms of Service
I reviewed the Sync.com Terms of Service (ToS) dated May 12, 2021. We were impressed with how easy to read it was, as well as with its lack of worrisome requirements.
Points of interest in the ToS:
- Certain third party code may be provided with the Software and that the license terms accompanying that code will govern its use.
- You are expected to refrain from using the service to violate intellectual property rights, as well as avoid breaking any other laws. However, unlike some competitors (MEGA cloud, for example) the Sync.com ToS does not claim the right to “remove data alleged to be infringing without prior notice, at our sole discretion.” Given the zero knowledge nature of the Sync.com system, doing this would presumably be impossible in any case.
- The company may collect personal data consisting of your name, email address, mailing address, telephone number, and payment information. They may also collect your IP address.
- Sync.com employees and third parties who work with them are required to follow the requirements of PIPEDA and the Ten Privacy Principles.
- The company logs your IP address and when you access the service. They state that the information is not linked to personal information gathered elsewhere on the site.
- They will provide your personal data to third parties under the following circumstances:
- As is reasonably required to fulfill your service or product requirements, provided such third parties shall be bound to appropriate privacy requirements;
- To comply with a legal process such as a law, regulation, search warrant, subpoena, court order or law enforcement request
- To resolve a contractual dispute regarding your use of any Sync product or service;
- To resolve issues related to the use of your account for illegal activities; or
- To protect the personal safety of other users or members of the public in an emergency.
Sync.com security audits & other third-party tests
I spoke to Sync.com support about this as I didn’t find any published results of third-party audits, penetration testing, or similar tests. The company reports that they have had some such testing done, but that they do not publish the results.
They did point me to their GDPR Data Processing Addendum, which describes their obligations under the GDPR. This is good info, but not as good as third-party testing to confirm that they meet their obligations. They also told me that their data centers are SSAE 16 type 2 certified. And of course as mentioned elsewhere in this review, they state that they are compliant with HIPPA, GDPR, and PIPEDA.
Many privacy advocates use a Linux-based operating system for enhanced privacy and security. If that describes you, you will be disappointed to hear that Sync.com still does not offer a Linux desktop client. However, they do offer custom apps for most other operating systems:
- Mac OS
Finally, they provide a web client that works with most any browser, on any device, including Linux devices. Here is what the Sync.com browser client looks like:
If you intend to use the Sync.com web client, we recommend you do so with a secure browser that protects your privacy.
Sync.com hands-on testing
For this Sync.com review, I installed the desktop client on a system running Microsoft Windows, and used the web client on a system running Ubuntu Linux.
To install Sync.com you go to their website and create an account by giving them an email address and password. They confirm that address with an email message and take you to the web client. From there you can download desktop or mobile clients.
When you install the desktop client on a system, Sync.com creates a new folder called Sync on your system. The service syncs the contents of this folder, and none other. That means that anything you want to synchronize must be in this folder or in a subfolder of this folder. Depending on your circumstances, this could be a real problem, as you may not be able to change your file structure to accommodate the service.
Sync.com will work perfectly fine as installed. One thing I suggest you avoid is selecting the Email-based password recovery option. Located on the Account settings Security tab of the web client, this is the feature that makes it possible to recover your password by email.
Unfortunately, enabling or using this feature makes your password visible to Sync.com temporarily, voiding the zero-knowledge aspect of the service. Instead of relying on Sync.com to restore your password if you lose it, I recommend using one of these best password managers to remember the password for you.
Using Sync.com isn’t difficult. Drop files or folders into the Sync folder and the service will sync them to all your devices. They will also be visible in the web client. When you are using the desktop client, the Sync folder functions just like any other folder.
Like other sync solutions, you also get an icon in the system tray you can use to download files, preview them in the cloud without downloading them, open the Sync folder, and so on.
So far so good.
However, things aren’t quite so intuitive when you are using the web client. You have access to your synced files on the Files tabbed page of the client. But to drag and drop files, you need to first select Upload in a menu – and right-clicking files doesn’t give you a context menu. You need to use the menus provided in the client window to do most anything, including uploading files, creating folders, or sharing links.
Everything is here, including the ability to preview files and view version histories. It just feels a little clunky. For example, moving a file to a new folder requires you to select Move from the menu, then select the folder you want to move the file to in another menu, then click Move in that menu. It all works, but could be more convenient.
What about the other options that appear at the top of the web client?
The Vault tab
The Vault is a separate area of storage under your account. What makes it different is that the Vault is not synced between your devices. The contents of the Vault are only visible through the web client or mobile apps. You can use this when you want a file (or files) to be stored securely and privately out of sight, yet still accessible whenever and wherever you need it.
Another benefit to using the Vault is that files stored there don’t take up any space on your device unless you are actively using them. Indeed, the client promotes this:
Files added to the Vault do not get synced to your other devices – allowing you to free up space by archiving your files in the cloud.
The Sharing menu
The Sharing menu gives you access to additional tabbed pages: Team Shares, and Links.
- Team Shares allows you to create folders that are shared with members of your team. You control which users have access to each folder and what permissions they have for that folder.
- Links displays the links you have shared with others.
The Events tab
The Events tab tracks all the activity in your Sync folder. This can be useful when you are the only person with access to that folder, but even more valuable when a folder is shared with teammates.
The Users tab
As you might expect, the Users tab is where you control who has access to your Sync folder. It also keeps track of how much disk space each person is using.
Additional Sync.com features
Now that we’ve looked at the basic features of Sync.com, let’s look at some interesting additional Sync.com features.
Enhanced privacy links
Normally, links you share using Sync.com are encrypted with SSL while in transit. But if that isn’t enough protection for your situation, you can turn on enhanced privacy for the link. With enhanced privacy enabled, links are encrypted with SSL and a layer of end-to-end encryption. This seems like something that would always be turned on, but the feature comes with a couple of limitations.
First, not all browsers support enhanced privacy. Second, the technology is limited to file sizes of less than 500 MB. Since Sync.com offers unlimited file size support, this could prevent you from sharing certain files using enhanced privacy.
Account rewind / restoring deleted files
Sync.com keeps track of files you deleted. The amount of time that they retain deleted files varies with the plan you have. This comes into play for recovering past versions of accidentally deleted files. It also plays into the account rewind feature, which can restore your entire set of files to their state at a previous time. This could be particularly useful in the case of ransomware attacks.
Control over bandwidth and monthly transfers
While Sync.com normally imposes no limits on your upload/download bandwidth or monthly transfer volumes, you can set those limits yourself. To do so, click the Sync icon in the System tray and select Preferences, then choose the Network tab. As you can see in the following image, you get control over upload and download speeds as well as monthly upload and download volume.
Get started bonus
If you are using the free version of Sync.com, you may see a Get started bonus option in the web client menu. Click this to see a list of achievements you can complete to earn an additional 1 GB of storage (going from 5 GB to 6 GB).
Sync.com provides support through an online form. Support hours are Monday through Friday 8AM to 8PM, with extended hours / priority support for Pro and Enterprise clients. I hit support with a question about third-party testing. They got back to me in a couple of hours with a useful response.
Before completing that online form, you might want to check out the Help Desk. It includes the answers to the most common questions, including step-by-step instructions for many processes.
How secure and private is Sync.com?
Sync.com ticks lots of the right boxes for a top-end cloud storage service. So let’s talk specifically about how secure and private it is.
Sync.com security is very strong. AES-256 end-to-end encryption with TLS means only someone with your encryption keys can read your data. By default, Sync.com does not have access to your encryption keys (which are protected with RSA-2048 encryption), making this a zero-knowledge system. You can configure the service to give the company access to your keys, but that is not the best way to go.
Use one of the best password managers to ensure you don’t lose your password, and stick with the zero-knowledge approach. If you choose a strong password and turn on 2FA, your data will be as secure as can be.
Okay, so we know that Sync.com is secure. What about protecting your privacy? The company is based in Canada, and stores your data in Canada. That looks fine on the face of it, because Canada has better privacy laws than the United States. However, since Canada is a member of the Five Eyes alliance, your data may still be at risk.
While local laws and the activities of spies affect the privacy of any service, you also need to consider the design of the service itself. After all, if a service doesn’t have personal information, or has it but can’t decrypt it, your privacy is protected regardless of the other factors. Let’s look at how this affects the data you store in Sync.com, and the personal data they have about you.
Data you store
Since the data you store in Sync.com is securely encrypted on your device, and Sync.com doesn’t know your encryption keys, the privacy of this data is strong. There are only a few ways anyone could possibly get their hands on this data:
- Hack your computer to get the data when it is not encrypted
- Crack the AES-256 encryption that protects it (still believed to be impossible)
- You opt out of the zero knowledge encryption, giving Sync.com access to this data
I suppose another possibility is that Sync.com is lying to you about not having access to your encryption keys. I have no reason to suspect that this is the case, but it would be nice if they had some kind of third-party verification of this, as Tresorit does.
- email address
- mailing address
- telephone number
- payment information.
They may also collect your IP address. As is typically the case, they may share any such data with third parties, government officials, and anyone else they think they need to. If you don’t like the idea of them collecting your IP address, you can use one of these best VPNs to prevent that. Since Sync.com will see the VPN’s IP address instead of yours, the rest of the data they collect won’t be associated with your real IP address.
To summarize the Sync.com privacy situation, they collect what personal data they need in order to provide you with the service, and the data you store on the service remains completely safe unless you opt to give the company access to it by enabling their email-based password recovery feature.
Sync.com offers a lot of different pricing plans, allowing them to cater to anyone from an individual who wants some free cloud storage, to large enterprises. They organize the plans into three categories:
There is far too much information about each plan for us to reiterate it here. Instead, let’s take a quick look at the various plans within each of these categories.
Note: If you want the full story on any particular plan, you can find it here.
There are three individual plans: Free, Solo Basic ($8/month), and Solo Professional ($20/month).
The Free plan (also referred to as the Starter plan), is of course their free offering. It gives you 5 GB of data, 5 GB of monthly data transfer, 30-day file history and recovery, along with many of the features of the paid plans. It should certainly be sufficient for testing out the service and might even be good enough to serve as your complete cloud sync solution.
The Solo Basic plan runs $96/year. It gives you 2 TB of data, unlimited data transfer, 180-day file history and recovery, along with better privacy and data protection features.
The Solo Professional plan will cost you $240/year but offers a lot. Specifically, 6 TB of data, unlimited data transfer, 365-day file history and recovery, and custom branding, as well as all the features of the Solo Basic plan.
There are two team plans: Teams Standard and Teams Unlimited. These plans each support two or more users. The plans in this category include HIPAA, GDPR, and PIPEDA compliance.
Teams Standard is $5/user/month, but is billed annually. It gives you 1 TB of storage, unlimited monthly shared data transfer, and 180-day file history and recovery. You also get a ton of business-oriented features.
Teams Unlimited is $50/user/month, once again billed annually. Its features match those of Teams Standard, with a few additions: 365-day file history and recovery, custom branding, VIP immediate response, and unlimited shared storage.
Unfortunately, there isn’t a set enterprise plan with standard pricing. Instead, Sync.com would like you to contact them to discuss your organization’s needs. If this sounds useful to you, you can find the relevant form here.
Sync.com review conclusion
When your top priority is security and privacy, Sync.com is a strong solution. With excellent security technology and a privacy-protecting zero knowledge design, it is easy to see why the service has a great reputation. However, there are some drawbacks to Sync.com that may be a problem for you.
Is Sync.com right for you?
If you are an individual user, Sync.com looks very promising. Technically it is solid. If you just need a small amount of cloud storage, the free 5 GB plan is particularly appealing. If this describes you, you probably don’t care about third-party penetration testing or industry certifications. And the requirement to put everything you want protected in the Sync folder probably won’t cause headaches either.
If you are looking for a corporate cloud storage service, Sync.com has both benefits and drawbacks. Benefits include plans with unlimited storage and bandwidth, along with lots of team-oriented capabilities. On the downside, you may have applications that require a specific file structure and aren’t suited to putting all their data in Sync.com’s Sync folder. Likewise, the lack of published third party penetration testing and certifications may cause you to look for a different solution. You’ll need to evaluate this based on your organization’s unique requirements.
What if Sync.com doesn’t meet your needs? In this case, you’ll want to check out our roundup of the best cloud storage solutions. Alternately, you can go direct to our individual reviews of other cloud storage services using the links below:
Other cloud storage reviews from Restore Privacy:
MEGA Cloud Review
This Sync.com review was last updated on June 15, 2021.
I’ve been using Sync for 7 or 8 years. The number one reason for me, as a church treasurer, is that the Canada Revenue Agency requires all electronic records to be stored on Canadian servers. I don’t have that guarantee with any other cloud storage providers that I’ve found.
I see others have complained about Sync’s apps, but I have always used the Sync app on my Android and used it with no problems. Very useful for those pesky meetings where I get asked a question no one thought to give me a heads-up on.
The only thing I don’t like about Sync is that if I want to have two accounts (and I do), I can’t use both accounts with the same user on my laptop. I have to associate each Sync account with a separate user, which becomes very confusing and frustrating due to the extra steps of logging in and out of WIndows and forgetting “who” I am depending on the task at hand.
This is a good question, since they’re not open source (I think?), there’s no real way to know
Do they encrypt file names and folder names besides file content?
How can you tell if indeed a file has been encrypted?
So they encrypt file names and folder names besides file content?
How can you tell if indeed a file has been encrypted?
Sync.com doesn’t work that well with the new Mac M1 computers (works better with Apple mobile devices, however). The app consistently does not recognize that I’m online, so no syncing or backup occurs. When something is backed up (manually), the contents of individual folders are often incomplete — missing numerous individual files. Support is not exactly supportive — I get marketing boilerplate and pasted material from their online help files in respone to a help request — which I already checked before I emailed — rather than addressing the stated issue. When I have been asked to provide further info (screenshots) I never hear back from them with any further insight or a solution.