We evaluated SFTPCloud seriously. Good UI, the compliance paperwork is real, and it does what it says. But we kept running into the same wall: it's built around the assumption that files should land on their servers first.
That's not always wrong. It's just not always what you need either.
Here's where the two products genuinely split apart.
The Core Architectural Difference: Who Owns the Storage?
This is the most important question, and most comparison posts skip it entirely.
SFTPCloud is an Instance-based gateway. It does support "Bring Your Own Storage" (BYOS), but it operates on a model where you pay for dedicated "Instances" and users. It's a solid, compliant endpoint for standard file routing.
Rilavek is a pure pass-through stream. Rilavek doesn't operate or upsell on storage quotas because it never stores your data at rest. Files are streamed directly from the sender to your own cloud storage (AWS S3, R2, Wasabi, etc.) instantly.
Why does this matter? Two reasons:
- Zero-Knowledge Architecture. If your company goes through strict GDPR or HIPAA audits, showing that no PHI or PII ever rests on a third-party server eliminates a whole layer of safety risk. Rilavek is a bridge, not a bucket.
- Cost Structure. SFTPCloud charges based on Instance tiers. Rilavek charges on bandwidth throughput. There are no pricing tiers for server uptime; you pay strictly for the volume of data you push into your own account. No seat limits. No server rent.
Multi-Destination: Rilavek Does Something SFTPCloud Doesn't
SFTPCloud routes an SFTP upload to a single destination. That's standard behavior for most managed SFTP tools.
Rilavek supports fan-out: upload once, replicate to multiple cloud backends simultaneously. You can send a file to AWS S3 (primary, hot storage) and Backblaze B2 (secondary, cold archival) in a single transfer. If the primary destination fails, the upload fails immediately. If a secondary fails, you can configure whether to fail hard or continue silently.
For teams running a "Rule of Two" backup policy or any kind of disaster recovery workflow, this removes an entire layer of custom scripting.
The Camera and IoT Question
SFTPCloud's product is built well for standard file exchange between humans and business systems — browsers, SFTP, and even unencrypted FTP. But for mission-critical IoT or media streams, it lacks a safety net that Rilavek offers out of the box.
Rilavek supports Multi-Destination Fan-out for standard FTP streams.
A lot of hardware — industrial PLCs, IP security cameras, Canon/Nikon/Sony photoshoot gear — only speaks legacy, unencrypted FTP. They can't install VPNs or route to multiple endpoints. In a production environment where connection drops or server lag can abort a transfer, Rilavek lets you stream that FTP file to multiple cloud destinations simultaneously (e.g., AWS S3 for hot storage and Backblaze for archival).
SFTPCloud routes to a single Instance endpoint. If you want redundancy for those camera files, you're building downstream sync processes yourself. Rilavek removes that layer.
Webhooks: The Verification Gap
Both services trigger webhooks when a file lands. That's standard. But how do you know the webhook actually came from your gateway and wasn’t some random script hitting your endpoint?
- SFTPCloud: Sends the event. That's it. To secure it, you're usually stuck with IP whitelisting or building custom auth headers on your listener side.
- Rilavek: Secures every payload with HMAC-SHA256 signatures (
X-Rilavek-Signature).
If you've ever dealt with webhook spoofing or had to debug a listener that got flooded by external noise, you know why signatures matter. Rilavek assumes production hygiene from day one.
Compliance: HIPAA and GDPR
SFTPCloud has HIPAA compliance pages, which is a real differentiator for healthcare teams. They've done the work to get ISO 27001 certified, and that matters if your procurement checklist requires it.
Rilavek takes a structural approach to compliance rather than a certification-first one. The zero-knowledge pass-through means no PHI or PII ever rests on Rilavek's servers. Combined with FTPS (TLS-encrypted) and SFTP (SSH-encrypted) ingestion, data is encrypted in transit and lands encrypted at rest in your storage bucket, under your own encryption key management.
For GDPR specifically, the "data processor" footprint is minimal. Rilavek processes metadata and routing logic; the actual payload never touches a server Rilavek controls at rest.
That said: if your legal team needs a signed BAA or a specific certification document today, SFTPCloud has those in place. Rilavek's compliance positioning is architectural, not paper-first.
Protocol Support: Head-to-Head
| Feature | SFTPCloud | Rilavek |
|---|---|---|
| SFTP | ✅ | ✅ |
| FTPS | ✅ | ✅ |
| FTP (Plain) | ✅ | ✅ |
| HTTP/Multipart | Limited | ✅ Native |
| S3 Gateway (Incoming) | ❌ | ✅ |
| Pass-through Architecture | ❌ (Instance model) | ✅ |
| Multi-Destination Fan-out | ❌ | ✅ |
| Webhook Signatures (HMAC) | ❌ | ✅ Secure |
| Bring Your Own Storage | ✅ | ✅ Full |
Pricing Philosophy: The "User Tax"
SFTPCloud charges based on a rigid tier system consisting of User Caps and Instance Caps.
- Lite (€39/mo): Caps you at 5 users and 1 Instance.
- Startup (€49/mo): Caps you at 15 users.
- Business (€99/mo): Caps you at 50 users.
- Business Pro (€219/mo): Caps you at 100 users.
If your team needs 100 users for a large camera layout or IoT workload, you are forced into the €219/mo tier even if you only consume 10GB of bandwidth. This pricing multiplier penalizes scaling.
Rilavek charges strictly on bandwidth throughput. No user caps. No instance caps. No seat limits. If you have 100 devices sending 1GB each, you pay for 100GB of quota (e.g., our Starter Plan at just $10/mo for 100GB). It aligns with utility computing: pay for what you move, not the size of your device directory.
There's also a free plan — 10GB per month, no credit card required. Good for testing your camera workflow or validating a new IoT pipeline before committing.
The Honest Verdict
SFTPCloud is a reasonable choice if:
- You prefer paying for managed, hosted storage quotas or dedicated instance containers
- ISO 27001 or existing HIPAA certifications are a strict procurement requirement
- You are routing files to a single destination per source
Rilavek fits better if:
- You want pure pass-through streaming directly to your own S3-compatible storage (Zero-Knowledge)
- You need multi-destination fan-out for redundancy or multi-cloud replication
- You want to avoid paying for server or data-at-rest overhead, paying only for the bandwidth you move
- You want event-driven workflows triggered the moment a transfer completes
The fundamental question is: do you want managed storage, or do you want a smarter pipe into the storage you already own? Those are different products solving different problems, and picking the wrong one shows up quickly in both your architecture and your cloud bill.
Rilavek automates the routing and fan-out so your team doesn't have to write Python scripts to move files between endpoints.