Which Virtual Data Room Works in China? A Global-Access Guide (2026)

Quick answer: Google Drive, Dropbox, and OneDrive are blocked in mainland China, so the most common reason a cross-border deal stalls is that your counterparty literally cannot open the link you sent — and a blocked load looks exactly like a slow buyer. To share deal documents with someone in China, use a data room that is (1) reachable from China without a VPN, (2) openable in a plain browser with no app or account, and (3) able to show you who opened each file and from which country. You do not need a China-hosted server or an ICP license to share into China from an offshore room — you need reachability, not residency. Always test that the room loads from inside China before you send.

Last updated: June 2026

TL;DR: This guide is built around five field-tested frames — the Access Wall (a blocked load looks identical to an unresponsive buyer, so the deal stalls invisibly), Reachability vs Residency (being openable from China is a different question from being hosted and regulated in China — most people conflate them), the VPN Tax (forcing the China side onto a VPN is friction and often a corporate-IT violation, not a fix), the Silent-Drop Test (the one pre-send check that converts an invisible access risk into a known one), and the Location-Verified Counterparty (turning your access-location log into counterparty verification). The throughline: a deal-grade data room should be accessible from every country, China included — and the China case is simply the hardest test of whether yours actually is.

Why I wrote this

I'm Deqian Jia, co-founder of Peony, a data room company. The single most common cross-border support question we hear is not about features — it is some version of "my counterparty in China can't open the documents, what do I do?" It comes from founders raising from Chinese investors, from advisors selling a company to a Chinese strategic acquirer, from funds with Chinese LPs, and from operators running diligence on a target with China operations. And it is almost always the same root cause: the documents were shared through a tool that mainland China blocks, and nobody found out until the deal was already stalling.

At Peony we now serve more than 4,300 customers, and a meaningful share of them run processes where at least one party sits behind the Great Firewall. The reason this problem is so corrosive is that it is invisible from the sender's side: you send a link, you hear nothing, and you conclude the buyer has gone cold. In reality, the buyer never saw a single page. This guide is the playbook we give those teams — what actually breaks, how to share documents that the China side can genuinely open, how to confirm it before a live deal, and how to see who accessed what and from where. The framing throughout is deliberately practical and global: a good data room is one that works in every country, and China is the case that proves it.

Which virtual data room actually works in mainland China?

A data room "works in China" when three conditions are true at the same time. First, it is reachable on mainland networks without a VPN. Second, it loads fast enough behind heavy packet inspection that a reviewer does not give up halfway through your CIM. Third, it does not quietly depend on infrastructure the Great Firewall blocks — most importantly Google and Dropbox endpoints, because a surprising number of "secure sharing" tools embed a Google or Dropbox viewer under the hood, and that breaks in China even when the tool's own front door is open.

The practical answer follows directly: use a purpose-built data room that is hosted outside the firewall's block list, that opens in a plain browser with no app to install and no account for the recipient, and that shows you the viewer's country so you can confirm the counterparty actually got in. Then verify it from inside China before you send — every time, because network conditions on the mainland shift.

This is where the global-access principle matters. You should not think of this as buying a "China data room." You should think of it as refusing to use a room that fails in any country your counterparties live in. A room that is genuinely globally accessible handles China as a side effect of being built correctly; a room that is built around blocked infrastructure fails China specifically and conspicuously. We built Peony for the first case — globally reachable, browser-based, no recipient account — and customers run live mainland-China cross-border deals on it. Even so, the discipline below (test before you send) applies no matter which tool you choose.

Why can't my counterparty in China open my Google Drive, Dropbox, or Box link?

Because the most common tools are blocked. Google Drive, Dropbox, and OneDrive are inaccessible from mainland China without a VPN — China's Great Firewall blocks tens of thousands of Western sites by filtering traffic and blacklisting IP addresses, and the major Western file-sharing platforms are squarely on that list (vpnalert, 2026; Files.com, Great Firewall documentation). Box is a slightly different case — it is not banned the way Google and Dropbox are, but it has no mainland China presence, so access is inconsistent and frequently slow.

From your side, all of these produce the identical symptom: you send a link, and the person in Shanghai or Beijing sees a spinner that never resolves, or a download that times out. And here is the trap — a blocked load looks exactly like a slow or disengaged buyer. You assume the counterparty is busy, deprioritizing you, or negotiating quietly; in fact they physically cannot open the file and may be too polite, or too senior, to keep flagging it.

This is the Access Wall, and it is the most under-priced risk in a China cross-border deal. It does not show up on a checklist because it does not announce itself: there is no error message on your end, no bounce, no alert. The deal just moves slower than it should, and you misattribute the cause. The entire rest of this guide is, in effect, about tearing the Access Wall down and — just as important — making it visible so you can never again confuse "blocked" with "uninterested."

Reachability vs residency: do I need a China-hosted data room or an ICP license?

Almost certainly not — and this is the distinction that saves teams the most wasted effort. Reachability is the question "can my counterparty open this from China?" Residency is the question "is the data physically hosted and regulated inside China?" People conflate the two and conclude they need to stand up China-hosted infrastructure to do a single cross-border deal. They almost never do.

An ICP license is a hosting requirement. It is issued by China's Ministry of Industry and Information Technology (MIIT) and is mandatory for any website or app served from a server physically located in mainland China; a foreign company cannot obtain one directly, but needs a Chinese legal entity or local sponsor (Chinafy, 2025; China Briefing). Crucially, an ICP license is tied to where your server sits, not to whether Chinese visitors can reach you. Sharing documents into China from a room hosted in the US, Singapore, or Hong Kong does not require one. The trade-off for offshore hosting is purely performance: a foreign-hosted site is reachable from China but can load slowly through the firewall — which is exactly why "reachable" is necessary but not sufficient, and why you test load time, not just whether the URL resolves.

Data residency rules are a separate matter, and they only bite in specific situations. China's Personal Information Protection Law (PIPL) and Data Security Law govern processing the personal data of people in China at scale and transferring certain regulated data out of the country. If your deal involves moving large volumes of Chinese personal data, or a regulated Chinese data set, that is a question for local counsel — not something a data room alone resolves. For the ordinary cross-border case — sharing your own company's CIM, cap table, financials, and contracts with a Chinese acquirer or investor — you are firmly in reachability territory: you want an offshore room that is simply openable and fast enough from China.

How do I test that my data room loads in China before I send the link?

Run the Silent-Drop Test before any live deal. It takes a few minutes and it converts the invisible Access Wall into something you have actually checked:

1. Check reachability with a tool. Use a free "is it blocked in China" checker, or a global uptime monitor with a mainland-China node, and point it at your data room's URL. This tells you whether the room resolves from inside China at all.
2. Confirm with a real human load. Better than any tool: ask your counterparty (or a colleague, or a contact in China) to open a single non-sensitive test document and screenshot what they actually see. A real screenshot beats your assumption every time.
3. Measure load time, not just reachability. A room that technically resolves but renders each page in 40 seconds will lose a reviewer just as surely as one that is blocked. Time it.
4. Verify it works without a VPN. You cannot assume the other side has one — and as the next section explains, you should not want them to need one.

Do this a few days ahead of when you need the room live, so that if it fails you have time to move the documents before the deal clock is running. The discipline is the point: a blocked counterparty is the one deal risk you can fully eliminate in advance for the cost of one test.

How do I give a Chinese counterparty access without a VPN?

Share through a room that is reachable from China on its own, so a VPN never enters the conversation. This matters more than most Western teams expect, because telling the China side to "just use a VPN" is rarely the clean fix it sounds like. Many Chinese corporate networks block or throttle VPNs; a buyer's IT and compliance policy may prohibit them outright; and a senior counterparty is not going to install a consumer VPN to read your deck. Pushing the access problem onto the other party is what we call the VPN Tax — it adds friction, it can violate the counterparty's own rules, and it quietly signals that you were not prepared for a cross-border process.

The way to avoid the VPN Tax is to remove every reason the China side would need one:

• Host outside the block list so the room is reachable from China directly.
• Open in a normal browser — no desktop app, no mobile app to download from a store that may itself be restricted.
• Require no account for the viewer. They click your link, accept the NDA, and read. Account creation is a frequent silent failure point (verification emails and third-party sign-in can route through blocked services).
• Send personalized links, not one shared link, so you can grant, scope, and revoke access per person rather than per URL.

We built Peony so that a recipient anywhere — mainland China included — opens documents in the browser with no install and no signup. Combined with personalized links and a click-through NDA, the Chinese side gets in the same way, and as easily as, every other bidder in your process.

Can I see who opened my documents — and from which country?

Yes, and for a cross-border deal it is one of the most valuable things a data room does. Peony's page-level analytics show every viewer's name, email, location down to city and country, device, and operating system, along with which pages they read and for how long — no anonymous clicks. Two cross-border problems this solves directly:

First, confirmation. When you share with a counterparty who says they are in Shanghai, the access log lets you confirm the documents were actually opened from China — not sitting unopened, and not quietly forwarded to a party in another country. It turns "I think they looked at it" into "the Beijing team opened the financials twice on Tuesday and spent eleven minutes on the customer-contracts section."

Second, verification — the Location-Verified Counterparty check. Treat the location log as a due-diligence signal, not just an engagement metric. If a bidder represented themselves as a single Chinese strategic but your CIM is being opened from three different countries, that is worth a conversation before you release the next tranche of documents. The same feature that tells you the deal is progressing also tells you when something does not add up. This is, in fact, the exact pairing cross-border customers tell us they value most: the documents open reliably for the China side, and they can see who opened them and from where.

Is it safe to share a CIM, cap table, or financials with a counterparty in China?

It can be — if you control the room rather than the file. The unsafe path is the default one: emailing a CIM, or dropping it in a shared Drive link, hands over a copy you can no longer control and cannot track. A data room inverts that, and the controls matter more in a cross-border deal, not less, because your counterparty is far away and the stakes are high:

• Click-through NDA gating so no one sees a single page until they have accepted your confidentiality terms (NDA gating).
• Per-viewer dynamic watermarks — every page stamped with the viewer's email, IP, and timestamp, rendered server-side so it cannot be removed (watermarks).
• Download control — disable downloads entirely, or allow only watermarked copies, so the underlying file does not walk.
• Per-recipient revoke so a bidder who drops out loses access the same day (revoke access).
• The location and page-level audit trail so you know who saw what, when, and from where.

Together these give you both deterrence and a forensic trail — far more than an emailed PDF or a shared cloud link. The cross-border element does not change the security model; it raises the stakes, which is the whole argument for running a controlled room. (None of this is legal advice on cross-border data transfer; for regulated Chinese personal data, involve counsel.)

Data room vs Google Drive, Dropbox, and Box for a China deal

To be fair to the tools you already use: for internal storage and for sharing with counterparties outside China, Google Drive, Dropbox, and Box are good products, and nothing here says otherwise. The gap is specific to two conditions stacking up — a counterparty on a mainland-China network, and documents that are sensitive. When both are true, here is the honest head-to-head:

For a CIM, cap table, or diligence file going to a Chinese acquirer or investor, those are exactly the rows that decide whether the deal moves. For the full feature-by-feature view, see our data room vs cloud storage overview, and the specific data room vs Dropbox and data room vs Box comparisons. (Link-sharing tools such as DocSend sit in between — better tracking than a raw cloud link, but the same accessibility and control questions apply, so test them in China the same way.)

How much does a China-accessible data room cost?

Far less than the enterprise reputation suggests, and the pricing shape matters as much as the number for a single deal. Peony is $40 per admin per month on the Business plan, with unlimited storage, unlimited documents, per-viewer watermarks, NDA gating, page-level analytics with location, and per-recipient revoke all included rather than sold as add-ons. There are no per-page, per-user, or per-data-room fees, so one admin runs the entire cross-border process — however many Chinese bidders you invite — for $40 a month, cancellable when the deal closes.

That flat shape is the right economic fit for a one-time raise or sale. Traditional enterprise data rooms can run into five figures per deal and frequently quote per page or per user, which is how teams sharing with a handful of counterparties end up overpaying badly. You are not signing an annual enterprise contract to share documents with one Chinese acquirer. For the broader cost picture, see our data room vs cloud storage and best data rooms for startups guides.

Bottom line

Sharing deal documents into mainland China fails for one under-priced reason, and it is not the one most teams worry about. It is not, usually, a security or compliance problem — it is an access problem: Google Drive, Dropbox, and OneDrive are blocked, Box is slow and inconsistent, and a blocked load looks exactly like a buyer who has gone quiet, so the deal stalls and you never learn why. The fix is to treat global accessibility as a requirement, not a nice-to-have: share through a room that is reachable from China without a VPN, opens in a browser with no app and no account, and shows you who opened each file and from where — then run the Silent-Drop Test before you send so a blocked counterparty is never a surprise.

Two distinctions keep you out of the weeds. Reachability is not residency — you almost never need a China-hosted server or an ICP license to share into China from an offshore room. And a VPN is not a fix — it is a tax you push onto a counterparty whose network may not even allow it. Get those right and the China side of your deal becomes the same as every other side: they open the link, accept the NDA, read the documents, and you can see that they did. We built Peony — used by 4,300+ customers — for exactly that global-access standard, and the access-location log that proves a counterparty opened your files from where they said they would is the feature cross-border teams come back for.

Related resources

• What is a virtual data room? — the category primer: what a VDR is and when you need one over a shared drive
• Data room vs cloud storage — the parent comparison: where Drive, Dropbox, and Box stop and a data room starts
• Data room vs Dropbox — the head-to-head for teams currently sharing deal files on Dropbox
• Data room vs Box — the head-to-head for Box-standardized teams running due diligence
• Secure file sharing guide — the controls (NDA gate, watermark, revoke, audit) that make document sharing defensible
• Best data rooms for startups — picking a room for a fundraise, including cross-border rounds
• Shenzhen hardware founder checklist — protecting IP and documents when you work with mainland-China factories
• China startup accelerators — the China side of the early-stage funding map
• M&A data room — the full sell-side data-room playbook for a cross-border process
• Top Dropbox alternatives — where Dropbox falls short for deal sharing, and what to use instead

Frequently asked questions

Which virtual data room actually works in mainland China?

A data room "works in China" when three things are true at once: it is reachable on mainland networks without a VPN, it loads fast enough behind heavy filtering that a reviewer does not give up, and it does not quietly depend on Google or Dropbox infrastructure that the Great Firewall blocks. That last point catches people out — Google Drive, Dropbox, and OneDrive are blocked in mainland China, so any link or embedded viewer that calls their servers fails there even if your own tool is fine. The practical answer is to use a purpose-built data room hosted outside the firewall's block list, confirm it loads from inside China before you send the link, and pick one that shows you the viewer's country so you can prove the counterparty actually got in. We built Peony — used by 4,300+ customers — to be globally accessible and to open in any browser with no app install and no account for the recipient, which removes the most common China failure points; even so, always run the load test before a live deal, because network conditions in China change.

Do I need a China-hosted data room or an ICP license to share documents with a Chinese buyer?

Almost never. An ICP license is a hosting requirement — it applies when your website or app runs on a server physically located in mainland China, and it is issued by China's MIIT to a local entity. Sharing documents with a counterparty who is in China, from a data room hosted outside China (in the US, Singapore, or elsewhere), does not require an ICP license. What you need is reachability: a room the Chinese side can open without hitting the Great Firewall's block list. The common mistake is conflating reachability (can they load it from China?) with residency (is the data physically hosted and regulated in China?) — they are different questions. For most cross-border M&A and fundraising you want an offshore-hosted room that is simply reachable and fast enough from China. Data-residency rules — China's PIPL and Data Security Law — only enter the picture if you are processing the personal data of people in China at scale or transferring regulated Chinese data out, in which case you want local counsel, not just a data room.

Why can't my counterparty in China open my Google Drive, Dropbox, or Box link?

Because Google Drive, Dropbox, and OneDrive are blocked by China's Great Firewall — they are inaccessible from mainland networks without a VPN, and the firewall blocks tens of thousands of Western sites by filtering traffic and blacklisting IP addresses. Box is not banned the same way, but it has no mainland China presence, so access is inconsistent and often slow. From your side the result is identical: you send a link, and the person in Shanghai or Beijing sees a spinner that never resolves or a connection that times out. The dangerous part is that a blocked load looks exactly like a slow or disengaged buyer — you assume the counterparty is dragging their feet when in fact they physically cannot open the file. We call this the Access Wall, and it is the single most under-priced risk in a China cross-border deal. The fix is to share through a room that is reachable from China without a VPN, and to test that it loads before you send.

Virtual data room vs Google Drive, Dropbox, and Box for a China deal — what's the real difference?

For internal storage and for sharing with counterparties outside China, Google Drive, Dropbox, and Box are perfectly good — this is not an argument to abandon them. The difference shows up the moment a counterparty is on a mainland-China network and the moment the documents are sensitive. First, accessibility: Drive, Dropbox, and OneDrive are blocked in China; a data room reachable without a VPN is not. Second, control: a deal-grade data room adds a per-viewer watermark, a click-through NDA gate before anyone sees a file, download control, and per-recipient revoke — none of which a shared Drive or Dropbox link gives you. Third, visibility: a data room shows you who opened each document and from which country and city, where a Drive link shows you almost nothing. For a CIM, cap table, or diligence file going to a Chinese acquirer or investor, those three gaps are exactly the ones that matter. Our data room vs cloud storage, vs Dropbox, and vs Box comparisons cover the full feature-by-feature view.

How do I test whether my data room loads inside mainland China before I send the link?

Run what we call the Silent-Drop Test before any live deal. First, use a free "is it blocked in China" checker — a China firewall test or a global uptime checker with a mainland-China node will tell you whether your room's URL resolves from inside China. Second, and better, ask your counterparty or a colleague in China to open one non-sensitive test document and screenshot what they see — a real load, not your assumption. Third, check the load time, not just reachability: a room that technically resolves but takes 40 seconds per page will lose a reviewer. Fourth, confirm it works without a VPN, because you cannot rely on the other side having one. Do this a few days before you need the room live, so you have time to switch tools if it fails. The whole point is to convert an invisible risk — a counterparty who silently cannot get in — into a known one you have checked off.

How do I give a Chinese acquirer or investor access without making them install a VPN?

Share through a room that is reachable from China on its own, so a VPN is never part of the ask. This matters more than people realize: many Chinese corporate networks block or discourage VPNs, and a buyer's IT policy may forbid them outright, so "just use a VPN" can be a non-starter that stalls your deal — what we call the VPN Tax. Pick a data room that is hosted outside the Great Firewall's block list, opens in a normal browser with no app to download, and requires no account for the viewer — they click your link, accept the NDA, and read. Send each person a personalized link rather than one shared link, so you can set permissions and revoke individually. We built Peony so a recipient anywhere — including mainland China — opens documents in the browser with no install and no signup; combined with personalized links and a click-through NDA, the China side gets in the same way every other bidder does.

Can I see who opened my documents and from which country or city?

Yes — and for a cross-border deal this is one of the most useful things a data room gives you. Peony's page-level analytics show every viewer's name, email, location down to city and country, device, and operating system, plus which pages they read and for how long — no anonymous clicks. For a deal with a counterparty who says they are in Shanghai, that means you can confirm the documents were opened from China rather than forwarded to an unknown third party in another country, see exactly which bidder is actually working your CIM, and prove access when you need an audit trail. This is the feature cross-border teams tell us matters most: it turns "I think they looked at it" into "the Beijing team opened the financials twice on Tuesday." A shared Google Drive or Dropbox link gives you almost none of this.

I'm worried our financials leaked — how do I verify a counterparty is where they say they are?

Use the access-location log as a verification tool, not just an analytics dashboard — what we call the Location-Verified Counterparty check. When a viewer opens your data room, Peony records the country and city of access alongside their email and the timestamp. If a bidder represented that they are a Chinese strategic but the financials are being opened from three other countries, that is a signal worth a conversation before you share more. Combine the location log with a per-viewer dynamic watermark — every page stamped with the viewer's email, IP, and time — so that if a page does leak you can trace it to the exact person who opened it, and with download control and per-recipient revoke so a departed bidder loses access immediately. None of this stops a determined leak by itself, but together the location log, the watermark, and revoke give you both deterrence and a forensic trail, which is far more than an emailed PDF or a shared cloud link can offer.

Is it safe to share a CIM, cap table, or financials with a counterparty in China?

It can be, if you control the room rather than the file. Emailing a CIM or posting it to a shared Drive link is the unsafe path — once it lands you have no control and no record. A data room flips that: gate every document behind a click-through NDA so no one sees a page until they have agreed to confidentiality; apply a per-viewer watermark so every page carries the viewer's identity; disable downloads, or allow only watermarked ones, so the file does not walk; and keep per-recipient revoke so access ends when the relationship does. Add the location and page-level audit trail, and you know who saw what, when, and from where. The cross-border element does not change the security model — it raises the stakes, because your counterparty is far away and the documents are sensitive, which is exactly why control and audit matter more, not less. None of this is legal advice on cross-border data transfer — for regulated Chinese personal data, involve counsel.

My Chinese investor says they can't open the link I sent — what do I do right now?

First, work out whether the tool is the problem. If you sent a Google Drive, Dropbox, or OneDrive link, that is almost certainly the cause — all three are blocked in mainland China — so move the documents into a room that is reachable from China before you try anything else. Do not tell the investor to "just use a VPN"; many Chinese corporate networks block VPNs, and it makes you look unprepared. Second, re-share through a data room that opens in a plain browser with no app and no account, and send a personalized link. Third, confirm it worked: ask them to open one test page and tell you it loaded, and check your access log to see the open registered from their country. Fourth, going forward, run the load test before you send, not after — the cost of a stalled day in a live deal is far higher than the few minutes the check takes. We built Peony to remove these failure points for cross-border teams, but the immediate fix for anyone is the same: stop sharing through blocked tools.

How much does a data room for a single cross-border China deal cost?

Far less than the enterprise data-room reputation suggests. Peony is $40 per admin per month on the Business plan — with unlimited storage, unlimited documents, per-viewer watermarks, NDA gating, page-level analytics with location, and per-recipient revoke included, not sold as add-ons — and there are no per-page, per-user, or per-data-room fees, so one admin can run the entire cross-border process for $40 a month. That matters for a single deal: you are not signing an annual enterprise contract or paying a per-seat fee for every bidder on the Chinese side. Traditional enterprise data rooms can run into five figures per deal and often quote per page or per user, which is why teams sharing with a handful of counterparties overpay badly. For a one-time raise or sale, a flat monthly room you can cancel when the deal closes is almost always the right economic shape.

Is it worth paying for a data room just to share documents with one Chinese buyer?

If the documents are sensitive and the deal matters, yes — and the math is lopsided. The cost is $40 for a month. The downside it removes is a deal that silently stalls because your buyer cannot open a blocked link, a CIM that leaks with no way to trace it, or a counterparty you cannot confirm ever accessed the room. On a $20M sale or a priced fundraise, a single avoided week of delay or one prevented leak dwarfs the subscription. The honest exception: if you are sharing one non-sensitive, already-public document with someone you fully trust who happens to have reliable access — they are outside mainland China, say, or on a network where your existing tool works — a data room may be more than you need, and a simple secure link is fine. The moment the file is confidential, the counterparty is behind the Great Firewall, or you need to know who opened it, the room pays for itself on the first deal.

About the author: Deqian Jia is the co-founder of Peony, the data room platform used by 4,300+ customers across M&A, fundraising, and cross-border document workflows. Peony is built for global access — documents open in any browser, anywhere, with no app install and no account for the recipient — with page-level analytics that show who opened each file and from which country. Contact: hello@peony.ink.