




有朋友询问“Sugram 畅聊版”是否安全。就以这个我从未听说过的软件为例,说明我的判断过程。

  1. 看看这个软件的介绍:

Sugram 畅聊版是一款为用户提供安全即时通讯服务的工具。

1. 畅聊:提供文本、语音、图片、视频、名片和位置等聊天方式。
2. 安全加密:五层端到端加密、全方位算法保障与安全防范。
3. 保护隐私:云端不保存通讯记录,服务器全球部署保证接入的速度和安全,同时提供阅后即焚和截屏提醒等保护用户隐私。
4. 简洁体验:专注即时通信,提供稳定的核心基础功能。


2. 试着打开公司的网站。我使用brave浏览器(见简明网络安全(3)|浏览器安全),直接报告我说,这家公司的网站没有使用https认证:https://www.sugramapp.com/



3. 用不那么苛求安全的edge浏览器打开公司网站。网站显示,开发商名叫“ 武汉珺苍琴网络科技有限公司”,有备案号,留了一个google邮箱。所以,应该是一家武汉的公司,但没有自己的公司邮箱。

4. 检查网站上的TOS——term of service,或者说服务条款。这是一个很重要的工作,你得看看一个加密聊天服务,到底如何承诺保护你的数据。


Information Collection and Use 信息收集和使用(这是要看的重点)

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected (信息收集)

Personal Data (个人信息:这个软件要收集个体识别信息,比如电子邮件,电话号码,并用cookies来跟踪用户的使用情况,甚至可能收集其他方面的使用情况。总之,在这个说明上,并未说明这些数据的具体内容。)

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

Email address Phone number Cookies and Usage Data

Usage Data (自动采集你所有的身份数据,包括手机号,手机型号,唯一序列号,ip地址,操作系统,浏览器类型等等。

When you access the Service with a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data (“Usage Data”). 数据收集得十分全面。

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our Service. (这里说明,也许还会使用——几乎肯定会使用——其他技术来分析和跟踪用户。)

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use: (这里并不是说明,而是举例。)

Session Cookies. We use Session Cookies to operate our Service. Preference Cookies. We use Preference Cookies to remember your preferences and various settings. Security Cookies. We use Security Cookies for security purposes.

Use of Data 这是对数据的使用,下面的说明几乎没有任何具体的地方。或者说,可以任意、无限地使用你的数据。

Sushine Tech Ltd. uses the collected data for various purposes:

To provide and maintain our Service To notify you about changes to our Service To allow you to participate in interactive features of our Service when you choose to do so To provide customer support To gather analysis or valuable information so that we can improve our Service To monitor the usage of our Service To detect, prevent and address technical issues

If you are from the European Economic Area (EEA), Sushine Tech Ltd. legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Sushine Tech Ltd. may process your Personal Data because:

We need to perform a contract with you You have given us permission to do so The processing is in our legitimate interests and it is not overridden by your rights For payment processing purposes To comply with the law

Retention of Data (您的数据将会被保留下来……)

Sushine Tech Ltd. will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Sushine Tech Ltd. will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

Transfer of Data (我加红了一个地名,Macao,这可不是五虎上将之一的马超,而是澳门。所以,世界各地的数据都将汇聚澳门,也就是说,会脱离美国或欧美的隐私保护法管辖。)

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Macao and choose to provide information to us, please note that we transfer the data, including Personal Data, to Macao and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Sushine Tech Ltd. will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Data (数据披露:当然,根据澳门的法律或你懂的……)

Business Transaction

If Sushine Tech Ltd. is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, Sushine Tech Ltd. may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Sushine Tech Ltd. may disclose your Personal Data in the good faith belief that such action is necessary to:

To comply with a legal obligation To protect and defend the rights or property of Sushine Tech Ltd. To prevent or investigate possible wrongdoing in connection with the Service To protect the personal safety of users of the Service or the public To protect against legal liability

Security of Data (下面这段话的意思是:数据可能不安全,你不可以告我)

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100 secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Our Policy on “Do Not Track” Signals under the California Online Protection Act (CalOPPA) (我们不支持”别跟踪我“标签,说了也白说,继续跟踪你)

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Your Data Protection Rights under the General Data Protection Regulation (GDPR) (欧盟之内,可以找我们删除数据。但有点麻烦)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Sushine Tech Ltd. aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.

If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete. The right to object. You have the right to object to our processing of your Personal Data. The right of restriction. You have the right to request that we restrict the processing of your personal information. The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machinereadable and commonly used format. The right to withdraw consent. You also have the right to withdraw your consent at any time where Sushine Tech Ltd. relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Service Providers (下面的话大概说,我们和商业伙伴共享数据)

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Servicerelated services or assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.


We may provide paid products and/or services within the Service. In that case, we use thirdparty services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our thirdparty payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCIDSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCIDSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Apple Store InApp PaymentsTheir Privacy Policy can be viewed at https://www.apple.com/legal/privacy/enww/ Google Play InApp PaymentsTheir Privacy Policy can be viewed at https://www.google.com/policies/privacy/ WeChatTheir Privacy Policy can be viewed at https://www.wechat.com/en/privacy_policy.html AlipayTheir Privacy Policy can be viewed at https://render.alipay.com/p/f/agreementpages/alipayglobalprivacypolicy.html

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.




4.1 上载、传送或分享含有下列内容之一的信息:

(a) 反对宪法所确定的基本原则的;

(b) 危害国家安全,泄露国家秘密,颠覆国家政权,破坏国家统一的;

(c) 损害国家荣誉和利益的;

(d) 煽动民族仇恨、民族歧视、破坏民族团结的;

(e) 破坏国家宗教政策,宣扬邪教和封建迷信的;

(f) 散布谣言,扰乱社会秩序,破坏社会稳定的;

(g) 散布淫秽、色情、赌博、暴力、凶杀、恐怖或者教唆犯罪的;

(h) 侮辱或者诽谤他人,侵害他人合法权利的;

(i) 含有虚假、诈骗、有害、胁迫、侵害他人隐私、骚扰、侵害、中伤、粗俗、猥亵、或其它道德上令人反感的内容;

(j) 含有中国法律、法规、规章、条例以及任何具有法律效力之规范所限制或禁止的其它内容的;


4.11 违反遵守法律法规、社会主义制度、国家利益、公民合法利益、公共秩序、社会道德风尚和信息真实性等“七条底线”要求的行为;

4.12 从事任何违反中国法律、法规、规章、政策及规范性文件的行为。







Sugram 畅聊版是一款为用户提供安全即时通讯服务的工具。

1. 畅聊:提供文本、语音、图片、视频、名片和位置等聊天方式。
2. 安全加密:五层端到端加密、全方位算法保障与安全防范
3. 保护隐私:云端不保存通讯记录,服务器全球部署保证接入的速度和安全,同时提供阅后即焚和截屏提醒等保护用户隐私。
4. 简洁体验:专注即时通信,提供稳定的核心基础功能。






版权所有:Eddy Zhang

这个博客是由普通读者支持的。若您或您的教会愿意支持跨文翻译的事工,请使用 https://paypal.me/eddyemma 或以下二维码。