Is the Sandboxx app safe? (OPSEC & PERSEC)

When recruits leave for basic training, mail is the main form of communication they have …

...

When recruits leave for basic training, mail is the main form of communication they have throughout the duration of their training. Friends and family often send letters to their recruit to help motivate them and keep their spirits high. There are two main forms of writing letters to recruits at basic training; snail mail and Sandboxx. If you’re considering sending letters to your recruit with Sandboxx you might be concerned about the safety of using the app. Below we’ll answer the question, “Is the Sandboxx app safe?”

Army Operations Security (OPSEC)

In April 2018, the Army Operation Security made a Facebook post, discussing the safety of using Sandboxx to send letters to recruits at basic training. The Facebook page shares tips on how to keep your information protected.

Below we highlight some of the points made in their post.

Sandboxx overview

“You can submit a letter to a military member and even attach a photo. That letter will be printed and mailed to your service member who is at boot camp or deployed. Your service member can then respond.”

True.

Sandboxx is a mobile and desktop app that enables friends and family to quickly and easily send letters to their recruit at basic training, or a service member deployed overseas. Users compose their letter similar to an email or text, add a photo, and hit send.

After you hit send, we convert your letter into a physical piece of mail. We overnight your letter addressed to a basic training location. Letters that are addressed to other military bases are sent via traditional mail.

Included in every Sandboxx letter is reply stationery and a pre-addressed return envelope so that they can easily reply back to you.

Sandboxx offers two additional services: “Units”and “Travel”.

“Units” – a platform where you are able to connect with other members from your current or old unit, interact with them and post content and “Travel”, the app’s travel agency service allowing users to book their travel to their service member’s graduation ceremony.the “Units” feature of the app before. Be very cautious what you post there. Anything you post there is considered a “contribution”.”

True & False.

“Units” is no longer a feature of our app. Sandboxx users cannot post and share content within the app to other users. Sandboxx is not a social networking app. Letters composed and sent within the app are only visible to the letter receiver. 

Our “Travel” platform is in partnership with Priceline. You can book flights, hotels, and cars through this service.

The app requires you to enter your information and your service member’s information.

True.

To send a letter via Sandboxx, you will need to know their mailing address. This information is collected solely for the purpose of delivering your letter to its location. Similar to addressing a letter and sending it via USPS.

We may share your information with advertisers, investors, and third parties.

We looked at the privacy statement. “We may share your information with advertisers and investors … We may also share your information with such third parties for marketing purposes, as permitted by law.” The section “Data from Social Networks” lets users know how much PII is collected once you connect the app with your social media platforms. DOB, location, public data for contacts. Don’t forget about the mobile device data: device ID, manufacturer, model, location.

True.

Sandboxx is just like most apps that you use every day. We do collect data when you create a Sandboxx account and use our app. You can view more information on what data we collect and why on our privacy policy.

Other concerns about “Is the Sandboxx app safe?”

Sandboxx is not supported by the DoD or any military branch.

True.

By law, the DoD is not allowed to endorse an individual, for-profit business, non-profit organization, or any other non-Federal entity (including DoD contractors), product, or service.

Sandboxx is a for-profit business, by law, we can not be endorsed by the DoD.

Even though the DoD can not endorse any non-federal (government) entities such as Sandboxx, we do have contracts with Navy Exchange Command, Army Air Force Exchange Services, and Marine Corps Community Services.

Exchanges use some of their profits to fund various Morale, Welfare, and Recreation (MWR) activities. Military exchanges can work with a for-profit business, non-profit organization, or any other non-Federal entity (including DoD contractors), product, or service.

Sandboxx violates OPSEC .

False.

If you use Sandboxx to write letters we require that you provide us with a mailing address. This allows us to fulfill our contract with you. This leads people to believe that Sandboxx is not safe.

Recruit mailing addresses are not considered classified information or OPSEC. Basic training mailing addresses are public knowledge and classified as PERSEC. At Sandboxx, we encrypt and protect your PERSEC information. You can learn more about how we protect your PII here.

Deployed service member addresses (APO, DPO, FPO) are not considered public knowledge and can be deemed as OPSEC. But, deployed addresses do not contain the deployed military base or country of the service member.

Mail that is sent overseas to deployed service members is handled through the military mail system. It does not go through the international mail system. This means the exact location of your service member is not accessible.

Therefore, using Sandboxx to send letters to a deployed service member does not violate OPSEC since the location of the service member is still unknown through an APO/FPO/DPO address.

INCORRECT:

PFC JOHN DOE
123RD ENG 2ND PLT – B CO
APO AE 09398-9998
BAGHDAD, IRAQ

CORRECT:

PFC JOHN DOE
123RD ENG 2ND PLT – B CO
APO AE 09398-9998

Sandboxx sells your data.

False.

The security of our military is at the center of our mission. At Sandboxx, we are committed to protecting you and your recipient’s privacy. Sandboxx user data has never been sold, as it would go against why we exist.

We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts.

Also, we may allow selected third parties to use tracking technology on the Sites or Apps, which will enable them to collect data about how you interact with the Sites or Apps over time. This information can be used to, among other things, analyze and track data, determine the popularity of certain content, and better understand online activity.

Unless described in our Privacy Policy, we do not share, sell, rent, or trade any of your information with third parties for their promotional purposes.

Conclusion

Using Sandboxx to send letters to recruits or active duty service members does not violate PERSEC or OPSEC guidelines. However, the content within your letter may violate these guidelines. Writing a letter on Sandboxx is similar to writing a traditional snail mail letter. Any information you wouldn’t write in a traditional letter should not be written in a Sandboxx letter.

Sandboxx
The editorial team at Sandboxx.