I mean, the rest of the app is Open Source but the one piece where foul play could happen, we’ll just have to take the devs’ word for it. I don’t think the devs have any nefarious agenda but they live in continental China - a country notorious for its surveillance and pressure it puts on corporations to give it access to customer data.
I know it won’t be obligatory to use it but I would like to… so I’m looking for some extra reassurance.
I can’t think of what could reasonably reassure you about data privacy for any data stored in mainland China. I believe that it is Chinese law that the gov’t can access any corporate data for national security purposes, and given the control there over social media, I assume that you would not (or could not justifiably) be reassured by public statements by the devs. Even in the US the gov’t can prevent companies from publicly disclosing data requests in certain instances. Do you want them to have a warrant canary or something? Would you trust their warrant canary if they did, given their location in China?
Maybe encrypted graph as Roam recently released would be a solution?
While the many of the devs do live in continetal china, I bleive the company is registered in the US. They are goign to use zero knowledge end to end encryption I believe which makes it so that even they can’t access your data. Even if they wanted to.
Thank you for the question!
Logseq,Inc. is a US company, currently, we have 6 team members in China and 4 members in US and Europe and we’re going to hire more globally soon.
For the coming file sync service, all the files will be end-to-end encrypted on local devices and then uploaded to aws s3 servers, which are located in the US too. Nobody including us can decrypt any files because only the users will have the key to decrypt the files.
Hopefully, this can answer your questions 
Thanks tienson. This is exactly what I wanted to know.
While this problem is resolved in any case by e2e encryption let me remind you that in the US there is a law that requires US companies to release user data to authorities when required.
Incidentally, in Italy we even been declared illegal to use Google Analytics on your site if it is set up to send data to the US exactly because of this law: US companies can’t protect their users privacy but with e2e encryption (and expect it to be declared illegal in the future if it will be massively adopted).
Also let me remind you that the scandal on the mass surveillance of people all over the world is that of the US NSA and the man who revealed it, Edward Snowden, is a political refugee in Russia because in the US they would sentence him to life imprisonment.
cc @Aryan
I also think it could seriously impede logseq growth in certain sectors or industries.
Would some kind of light partnership with a well trusted actor - ie that has a lot to lose and is not based in China - be possible, for instance for auditing the code serverside or for checking what actually goes in the releases compared to the git repos. For instance, NextCloud or another well known open source company ?
I know it is not “fair” to logseq, just a possible way to move forward and toward professional customers.
It’s probably too late to suggest that some version of Logseq use the #Holochain database integrity engine for sync. It’s completely distributed. There are no severs to maintain (have to have another business model). No law or government agency can even get access to the data through the developer. By design, all data and communication from node to node is encrypted. Holochain is still in beta development and hasn’t yet had security certification, but the foundational design meets security requirements.
Basically, if you design your database using Holochain you get security and multiple device sync built into the application. No “extra charge.”