Tresorit

End-to-end encrypted cloud storage. Swiss jurisdiction. Zero-knowledge architecture. Owned by Swiss Post since 2021.

Strong

https://tresorit.com · Reviewed 2026-04-03 · Editorial assessment by Mike Schneider — based on public security research and audits

What should journalists know about Tresorit?

Tresorit has the strongest security posture of any commercial cloud storage service. AES-256 client-side encryption with RSA-4096 key exchange. Zero-knowledge architecture — Tresorit cannot decrypt your files, file names, or folder structure. The encryption is not optional; every file is encrypted before it leaves your device. That is a meaningful difference from Dropbox (server-side encryption, Dropbox holds the keys) and Google Drive (Google can and does access file contents for indexing, AI features, and legal compliance). Swiss Post acquired a controlling stake in 2021, making Tresorit a subsidiary of the Swiss national postal service. That is unusual for a privacy company — but Swiss Post is government-owned, which means Tresorit operates under Swiss Federal Data Protection Act with no VC pressure to monetize data. Servers in Switzerland, Ireland, and the Netherlands. ISO 27001:2022 certified by TUV Rheinland. GDPR, HIPAA, CCPA, NIS2, and TISAX compliant. The tradeoffs are real. Tresorit costs 2-3x more than mainstream cloud storage per GB. No block-level sync — every file edit re-uploads the entire file because client-side encryption prevents delta syncing. Download speeds lag behind Dropbox and Google Drive. The web app lacks drag-and-drop upload. Files live in 'tresors' (encrypted containers), not a standard folder hierarchy, which adds friction. There is no Linux desktop client. Proton Drive is the closest competitor: also E2E encrypted, also Swiss, also zero-knowledge, and now includes Docs and Sheets. Proton is open-source and independently audited; Tresorit is closed-source. Proton's free tier is more generous (5GB vs 3GB). But Tresorit has stronger enterprise features — SSO, admin policies, data residency controls, dynamic watermarks — that Proton lacks. For solo journalists, Proton Drive is often the better value. For newsrooms that need admin controls and compliance certifications, Tresorit fills a gap no other E2E encrypted provider covers.

Best for

Encrypted storage for sensitive source documents, investigation files, and legal materials. Newsrooms needing enterprise-grade admin controls (SSO, device management, audit logs) with genuine zero-knowledge encryption. Secure file sharing with external collaborators via encrypted links with access controls and expiration.

Not for

Budget-conscious freelancers — Proton Drive offers similar encryption at lower cost with a more generous free tier. Heavy collaboration workflows — Google Docs and Sheets are far faster for real-time co-editing. Users who need fast sync for large files — the lack of block-level sync means slow uploads on file edits. Linux desktop users (no native client). Anyone who needs full-text search across file contents — encryption prevents server-side indexing.

Security & Privacy

Encryption in transit Yes

Data is scrambled while being sent to their servers

Encryption at rest Yes

Data is scrambled when stored on their servers

Data jurisdiction Switzerland. Company headquartered in Zurich. Offices in Budapest and Munich. Servers in Switzerland, Ireland, and the Netherlands. Subject to Swiss Federal Data Protection Act. Business plans offer data residency options (choose where your data is stored). Swiss Post ownership means the parent company is Swiss government-owned — subject to Swiss law, not EU or US jurisdiction for corporate decisions.

Where servers are located — affects which governments can request your data

Security rating Strong

Zero-knowledge encryption: Tresorit states it cannot decrypt file contents, file names, or encryption keys. Tresorit collects registration data (email, name, address), billing info, account metadata (folder names, sizes, member lists), access logs (IP, location, platform), and device information. Non-encrypted metadata is accessible to Tresorit. Business accounts with recovery master keys enabled allow a designated Recovery Administrator to access encrypted content — a deliberate enterprise feature, not a backdoor. Tresorit complies with Swiss law enforcement requests and may transmit personal data when legally required. No published transparency report with specific numbers on government data requests.

How to protect yourself:

Enable two-factor authentication. Business accounts: carefully evaluate whether to enable the recovery master key — it gives the Recovery Administrator access to encrypted content. Pay with methods that minimize payment metadata if anonymity matters. Use a strong, unique password — if lost without recovery options, files are permanently unrecoverable. Review sharing link permissions and set expiration dates. For highest-risk scenarios, combine Tresorit with a VPN to mask IP addresses in access logs. Verify that your data residency setting matches your jurisdictional needs.

AES-256 client-side encryption with RSA-4096 key exchange. Zero-knowledge architecture — Tresorit cannot decrypt file contents even under court order. ISO 27001:2022 certified by TUV Rheinland. GDPR, HIPAA, CCPA, NIS2, TISAX compliant. Swiss jurisdiction under Federal Data Protection Act. Non-convergent encryption prevents content matching across users. Primary limitation: closed-source code with no publicly available independent security audit of the encryption implementation. Business recovery master key feature creates a potential access path for designated administrators. Metadata (IP, device info, account data) is not encrypted and can be disclosed under Swiss legal process.

Who Owns This

Owner Tresorit AG (Zurich, Switzerland). Founded 2011 by Istvan Lam, Szilveszter Szebeni, and Gyorgy Szilagyi. Majority owned by Swiss Post Communications Services since July 2021. Swiss Post is the sole shareholder. CEO: Istvan Hartung (since June 2023). ~100 employees.

Funding Series B (€11.5M, 2018). Acquired by Swiss Post in 2021. No longer venture-backed. Operates as an independent subsidiary of Swiss Post.

Business model Subscription. Revenue from personal plans ($14-34/month), business plans ($15-25/user/month), and enterprise contracts. Free Basic tier (3GB) as lead generation. Additional revenue from Tresorit Engage (secure data rooms) and eSign products.

Known issues

Closed-source — no independent code audit of client-side encryption implementation is publicly available (unlike Proton Drive, which is open-source and audited by Securitum). Download speeds significantly slower than mainstream cloud storage, with files frequently stalling near completion. No block-level sync due to E2E encryption — every file edit re-uploads the entire file. Web app lacks drag-and-drop file upload. No Linux desktop client. No full-text search across encrypted file contents. 'Tresor' container model adds friction compared to standard folder hierarchies. No published transparency report with specific numbers on government data requests — unlike Proton, which publishes annual figures. The Swiss Post acquisition raised questions in privacy communities about government ownership of a privacy company, though Swiss Post has no history of data access issues.

Pricing

Personal Essential: ~$14/month for 1TB. Personal Pro: ~$34/month for 4TB. Business: $15/user/month (10+ users, 1TB/user). Small Business: $25/user/month (2-9 users). Enterprise: custom pricing. Free Basic tier: 3GB, 2 devices, 500MB file size limit. Annual billing saves ~20%.

This is an editorial assessment based on publicly available information as of 2026-04-03, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.

Something wrong or outdated? Report it.