INDEX / DIRECTORY / SHEIN / DIGITAL

Shein DIGITAL

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-06-16
Digital Score 0.00 /10 E Shein - BDS-1000 39
Digital 0.00

Evidence-only forensic audit. Scoring happens downstream - see the main dossier for the composite assessment.

Digital Audit - Shein (Roadget Business Pte. Ltd. / SHEIN Group Ltd.)

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: Shein - operated globally by Roadget Business Pte. Ltd. (Singapore); European operations via Infinite Styles Services Co. Limited (Dublin, Ireland) Founder / Group: Founded 2008 in Nanjing, China by Chris Xu (Xu Yangtian); global HQ relocated to Singapore in 2022 Audit Date: June 2026 Evidence Base: Published corporate disclosures, regulatory and data-protection authority decisions, technology trade and security press, passive web-technology fingerprinting, parliamentary and congressional records, and NGO/civil-society reporting. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Shein procuring technology from Israeli-origin vendors - is a customer relationship and is recorded explicitly as such, weighted far lower than provision. No transitive guilt is imputed: an Israeli vendor’s other clients, its founders’ military backgrounds, or a parent group’s separate activities are not attributed to Shein. US-entity relationships (e.g. Amazon Web Services, Microsoft, Google, Cloudflare, Akamai) are not Israeli-origin and are noted only for completeness. Cyberattacks committed against Shein are recorded as digital context, not as provision.

Enterprise Technology Stack & Vendor Relationships

Core Infrastructure (Direction: Shein as customer of US/Chinese providers)

Passive web-technology fingerprinting of shein.com identifies a predominantly US-origin and Chinese-origin stack: Amazon Web Services for hosting and data-centre provision, Amazon Route 53 for DNS, Cloudflare as the current CDN/reverse proxy (Akamai previously), Nginx web servers, jQuery, DigiCert TLS certificates, and the Coremail email service.1 Analytics and advertising integrations detected include Google Analytics, Google Tag Manager, Google Ads, and Microsoft UET (Universal Event Tracking) - all US-origin vendors.1 None of these is an Israeli-origin entity.

Shein’s wider operational technology - including its supplier-facing platform and demand-forecasting/logistics systems - is widely reported as built in-house in China and Singapore and supplemented by Chinese and US hyperscale cloud services.23 Regulatory and tax reporting confirms the global operating entity is Singapore-registered Roadget Business Pte. Ltd., which holds Shein’s trademarks and operates the global website, while supply-chain and engineering operations remain concentrated in Guangzhou and Nanjing, China.45

Israeli-Origin Software & Services Vendors (Direction: Shein as customer)

One Israeli-origin technology vendor is documented in public trade sources as a Shein supplier. The direction is Shein as the customer procuring a commercial fraud-prevention product - not Shein providing any technology to an Israeli entity.

Riskified - Comparative fraud-technology trade coverage lists Shein among the merchant brands that use Riskified for e-commerce fraud prevention and chargeback protection.6 Riskified (Riskified Ltd., trading on NYSE as RSKD) was founded in 2012 by Eido Gal and Assaf Feldman, maintains dual headquarters in New York and Tel Aviv, and is Israeli-origin in its founding and R&D base.7 This is an inbound procurement (customer) relationship sourced from secondary trade comparison rather than a primary Shein or Riskified announcement; the contract scope, currency, and depth of integration are not publicly disclosed. No public evidence was identified of Shein supplying any technology, data, or service to Riskified or to any Israeli entity through this relationship.

Other Israeli-Origin Cybersecurity / Enterprise Vendors

No public evidence was identified confirming that Shein holds a licensing, subscription, or integration relationship with any other Israeli-origin cybersecurity, analytics, or enterprise software vendor - including Check Point, Wiz, SentinelOne, CyberArk, NICE, Verint, Claroty, Forter, Syte, Global-e, or Namogoo. General reporting confirms these are Israeli-founded firms, but none was independently linked to Shein’s environment in any record reviewed. No public evidence identified.

Procurement Transparency Constraints

Shein is a privately held group that does not publish an IT or security vendor list; its planned public listings (a 2023 confidential US filing, a 2024–2025 London prospectus process, and a 2025 pivot toward Hong Kong) did not result in a published prospectus disclosing the technology vendor stack.48 Vendor relationships below the level of passively fingerprintable web components or named trade-press mentions are not in the public domain. This is the principal evidence gap in this domain.

Surveillance, Biometrics & Retail Technology

Facial Recognition & In-Store Biometrics

No public evidence was identified that Shein deploys facial-recognition, biometric-identification, gait-analysis, or in-store behavioural-analytics technology of Israeli origin (e.g. Oosto/AnyVision, BriefCam, Trigo, Trax). Shein is a digitally native, online-first retailer without a material owned brick-and-mortar estate, so the in-store loss-prevention, autonomous-checkout, and foot-traffic contexts in which Israeli retail-biometric vendors are typically deployed are largely absent from its model.2 This structural observation does not substitute for positive evidence. No public evidence identified.

Predictive Analytics, Customer Monitoring & App Data Collection

Shein operates extensive proprietary algorithmic systems for real-time trend detection, demand forecasting, dynamic pricing, and personalised recommendation, described across business and technology press as internally developed and drawing on data from its own app, social-media signals, and search data.39 Independent security and privacy researchers have repeatedly documented the breadth of the Shein mobile app’s data collection - including device identifiers, location/GPS data, sensor data, and broad permission requests (camera, storage, location, calendar, microphone) - and noted that the app’s embedded tracking libraries shift across versions.10 The third-party tracking and martech components reported in the app and on the website (Google, Microsoft) are US-origin.110 No Israeli-origin predictive-analytics, sentiment-analysis, social-media-monitoring, or workforce-surveillance tool was identified within this stack. No public evidence identified of an Israeli-origin component.

Third-Party Platform Deployment

No third-party managed service, advertising-technology platform, or retail-media network used by Shein and reported in public sources was identified as Israeli-origin. The advertising and analytics SDKs documented in Shein’s consumer applications are US hyperscaler and martech products.110 No public evidence identified.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Operations & Cloud Footprint

Public fingerprinting and reporting place Shein’s consumer-facing infrastructure on Amazon Web Services (US) with Cloudflare and previously Akamai (both US) for content delivery, alongside Chinese cloud ecosystems for core operations and data routing shaped by Chinese data-localisation requirements.12 No corporate filing, data-centre lease, co-location agreement, or infrastructure disclosure was identified placing Shein compute or storage infrastructure within Israel. No public evidence identified of any Shein data-centre operation, lease, or co-location within Israel.

Government Cloud Contracts (incl. Project Nimbus)

Not applicable. Project Nimbus is the Israeli-government cloud contract awarded to Google Cloud and Amazon Web Services; Shein is an enterprise customer of cloud providers, not a cloud provider, and would not be a participant or sub-provider in any such programme. No public evidence was identified of Shein involvement in any Israeli state-backed digital-infrastructure programme. No public evidence identified.

Data-Sovereignty or Resilience Services to Israeli State Institutions

No public evidence identified. Shein is a retail e-commerce platform, not a cloud or managed-services provider, and does not offer sovereign-cloud, data-resilience, or critical-infrastructure services to any state body, Israeli or otherwise.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence was identified of any contract, partnership, memorandum of understanding, or service agreement between Shein and the Israeli Ministry of Defense, the Israel Defense Forces (IDF), Shin Bet, Mossad, or any Unit 8200-linked commercial entity. Shein is a retail/e-commerce business and does not publicly operate in the defence-technology or security-services sector. No public evidence identified.

Provision of Technology / Data to the Israeli State or Military

No public evidence was identified of Shein providing surveillance technology, data, software, cloud capacity, or digital services to the Israeli state, military, or security services. This is the directionally serious Digital case, and no qualifying evidence of it was found. No public evidence identified.

Dual-Use Technology Provision

No public evidence was identified of Shein commercial technology being reported or confirmed as deployed for military, intelligence, or law-enforcement surveillance applications in Israel or the Occupied Palestinian Territories. Documented governmental scrutiny of Shein’s technology (notably the US House Select Committee on the CCP) has concerned potential Chinese-state data access and forced-labour supply-chain risk, not Israeli or occupation-territory surveillance applications.11 No public evidence identified.

Offensive Cyber Capability & Cyberattacks Against Shein

No public evidence identified of Shein developing, licensing, or selling offensive cyber capability. Shein has instead been the victim of cyber incidents: a 2018 breach of its then-parent Zoetop exposed the credentials of approximately 39 million Shein accounts (plus 7.3 million ROMWE accounts), for which the New York Attorney General secured a US$1.9 million penalty in October 2022, finding that the company had failed to maintain reasonable security and had misled customers about the breach’s scope.1213 These incidents were committed to Shein and have no nexus to the provision of technology to Israel; they are recorded here as factual digital context only.

AI, Algorithmic & Autonomous Systems

Retail AI Systems

Shein’s AI/ML activity is extensively documented and confined to commercial retail applications: real-time trend detection from social-media and search signals, SKU- and micro-category-level demand forecasting, micro-batch production testing, dynamic pricing, and personalised recommendation, reportedly compressing the design-to-production cycle to as little as a few days and adding thousands of new styles per day.39 These systems are described as proprietary and developed primarily in-house in China and Singapore.23

AI/ML Provision to Israeli State Bodies

No public evidence identified of Shein providing AI capability, model access, training data, inference services, or data pipelines to any Israeli state, military, or security body.39

Training Data & Model Development Involving Israeli Population Data

No public evidence was identified of Shein AI models being trained on, or given access to, civilian population data, intercepted communications, or surveillance-derived datasets originating from Israel or the Occupied Palestinian Territories. No public evidence identified.

Autonomous Systems & Lethality

No public evidence identified. Shein does not operate in the defence, autonomous-systems, or weapons-technology sector, and no source associates it with autonomous targeting, fire-control AI, or kill-chain automation.

Technology Ecosystem & R&D Footprint

Israeli R&D Facilities

No public evidence was identified that Shein operates any R&D facility, engineering office, innovation lab, incubator, or accelerator within Israel. Shein’s documented technology and R&D operations are concentrated in China (Guangzhou, Nanjing), Singapore, and the United States.24 No public evidence identified of an Israeli R&D presence.

Acquisitions & Investments in Israeli Technology Companies

No public evidence was identified of Shein acquiring, or taking a corporate-venture stake in, any Israeli technology company, startup, or venture fund. Shein’s most prominent disclosed strategic deal in the period - a strategic agreement with Authentic Brands Group concerning Forever 21 (via SPARC) - is a US retail arrangement with no Israeli technology component identified.14 The Riskified relationship identified in this audit is a commercial procurement (customer) relationship, not an investment. No public evidence identified.

Patents & IP Co-Development with Israeli Institutions

No public evidence was identified of patent co-filing, technology licensing, or co-development arrangements between Shein and Israeli-domiciled entities or research institutions (Technion, Hebrew University, Weizmann Institute). No public evidence identified.

Supplier Code of Conduct - Technology Supply-Chain Provisions

No public evidence was identified of a Shein technology-supply-chain due-diligence framework specifically governing the national origin or geopolitical exposure of software vendors, cloud providers, or digital-infrastructure suppliers. Shein’s published responsible-sourcing material addresses its product/garment supply chain rather than its technology vendor base. No public evidence identified.

Civil Society Scrutiny & Regulatory History

NGO & Academic Scrutiny - Technology Supply Chain

No public evidence was identified of an NGO investigation, academic study, or UN report addressing Shein’s technology relationships with the Israeli state, Israeli defence entities, or Israeli-origin vendors. The Who Profits Research Centre database (focused on corporate involvement in the settlement economy) was reviewed and no Shein technology entry was identified.15 Civil-society scrutiny of Shein centres on labour rights and alleged Uyghur forced labour, consumer-data privacy and potential Chinese-state data access, environmental/overconsumption impact, and product safety - not on Israeli-origin technology procurement or provision.1116

BDS & Israel-Related Campaigns

No public evidence was identified of a BDS or NGO campaign targeting Shein on grounds of Israeli technology provision or operations in the Occupied Palestinian Territories. The Israel-related controversy publicly documented in relation to Shein runs in the opposite direction to typical BDS concerns: in October 2023, after the October 7 attacks, Shein faced an Israeli consumer backlash and boycott calls after its site sold Palestinian flags while Israeli-flag searches returned broken links, and the company subsequently postponed/halted marketing campaigns with Israeli influencers and was reported to have ended free shipping to Israel.1718 This is recorded as factual context and concerns Shein’s commercial/marketing conduct, not technology provision.

Data-Protection & Consumer-Protection Enforcement

Shein and its operating subsidiaries have been the subject of multiple European regulatory actions:

None of these actions concerns Israeli-origin technology relationships or provision of technology to Israeli state entities.

Export Controls & Sanctions Authorities

No public evidence was identified of any action by export-control, sanctions, or customs authorities in any jurisdiction relating to Shein technology sales, services, or data transfers to Israeli state entities. No public evidence identified.

Evidence Gaps

  1. Full IT and security vendor stack (highest priority) - Shein is privately held and publishes no vendor list; no IPO prospectus is in the public record. Passive fingerprinting covers only the consumer-facing web/app stack, so embedded Israeli-origin components within managed services cannot be positively excluded.
  2. Depth of the Riskified relationship - Shein’s use of Riskified is sourced from secondary trade comparison rather than a primary announcement; contract scope, data flows, and current status are undisclosed.
  3. Chinese- and Singaporean-language disclosures - Guangzhou/Nanjing and Singapore regulatory filings may contain procurement detail not captured in English-language sources.
  4. App tracking-SDK currency - Researchers note Shein’s embedded tracking libraries shift across app versions; a point-in-time SDK inventory cannot be treated as stable.
  5. Patent databases - USPTO/EPO/WIPO holdings were not exhaustively queried for any Israeli co-assignee or co-inventor.

End Notes

Footnotes

  1. https://w3techs.com/sites/info/shein.com ↩ ↩2 ↩3 ↩4 ↩5

  2. https://www.highperformr.ai/company/shein ↩ ↩2 ↩3 ↩4 ↩5

  3. https://onlycommerceinsights.com/sheins-fast-fashion-data-model/ ↩ ↩2 ↩3 ↩4 ↩5

  4. https://en.wikipedia.org/wiki/Shein ↩ ↩2 ↩3

  5. https://www.publiceye.ch/en/topics/fashion/opaque-and-tax-optimised-sheins-corporate-structure ↩

  6. https://www.chargeflow.io/blog/riskified-vs-forter ↩

  7. https://en.wikipedia.org/wiki/Riskified ↩

  8. https://finance.yahoo.com/news/shein-clears-uk-regulatory-hurdle-154634690.html ↩

  9. https://kr-asia.com/unveiling-sheins-secret-artificial-intelligence-and-the-complexities-behind-its-usd-66-billion-valuation ↩ ↩2 ↩3

  10. https://axis-intelligence.com/is-shein-safe-honest-security-privacy-review/ ↩ ↩2 ↩3

  11. https://chinaselectcommittee.house.gov/media/press-releases/select-committee-releases-interim-findings-shein-temu-forced-labor ↩ ↩2

  12. https://www.cshub.com/attacks/news/shein-fined-us19mn-over-data-breach-affecting-39-million-customers ↩

  13. https://ag.ny.gov/press-release/2022/attorney-general-james-secures-19-million-e-commerce-shein-and-romwe-owner-zoetop ↩

  14. https://www.prnewswire.com/news-releases/authentic-brands-group-and-shein-announce-strategic-agreement-for-forever-21-301969611.html ↩

  15. https://www.whoprofits.org/involvement/view/10 ↩

  16. https://committees.parliament.uk/work/7636/environmental-audit-fast-fashion/ ↩

  17. https://www.algemeiner.com/2023/10/18/online-retailer-shein-halts-campaigns-israeli-influencers-after-only-selling-palestinian-flags/ ↩

  18. https://www.jpost.com/business-and-innovation/article-769165 ↩

  19. https://www.cnil.fr/en/cookies-placed-without-consent-shein-fined-150-million-euros-cnil ↩

  20. https://en.agcm.it/en/media/press-releases/2025/8/PS12709 ↩

  21. https://digital-strategy.ec.europa.eu/en/news/commission-designates-shein-very-large-online-platform-under-digital-services-act ↩

  22. https://digital-strategy.ec.europa.eu/en/news/commission-launches-formal-proceedings-against-shein-under-digital-services-act ↩