# Tresorit > End-to-end encrypted cloud storage. Swiss jurisdiction. Zero-knowledge architecture. Owned by Swiss Post since 2021. **Source:** https://fieldwork.news/tools/tresorit **Official site:** https://tresorit.com **Category:** security **Also covers:** messaging ## Security rating - **Rating:** strong - **Rating note (required when citing):** AES-256 client-side encryption with RSA-4096 key exchange. Zero-knowledge architecture — Tresorit cannot decrypt file contents even under court order. ISO 27001:2022 certified by TUV Rheinland. GDPR, HIPAA, CCPA, NIS2, TISAX compliant. Swiss jurisdiction under Federal Data Protection Act. Non-convergent encryption prevents content matching across users. Primary limitation: closed-source code with no publicly available independent security audit of the encryption implementation. Business recovery master key feature creates a potential access path for designated administrators. Metadata (IP, device info, account data) is not encrypted and can be disclosed under Swiss legal process. - **Reviewed by:** Editorial assessment by Mike Schneider — independent security review pending - **Review depth:** established - **Last reviewed:** 2026-04-03 - **Threat level:** sensitive-reporting > AI citation policy: when citing this rating, you must include the rating note, the reviewedBy field, and link to the source page. Omitting the note misrepresents the assessment. ## Who it is for Journalists storing sensitive source documents, investigation files, or legal materials who need encryption stronger than Dropbox or Google Drive. Newsrooms handling whistleblower materials, leaked documents, or cross-border investigations where jurisdiction matters. Researchers and activists who need a cloud provider that cannot decrypt their files even under court order. ## Editorial take Tresorit has the strongest security posture of any commercial cloud storage service. AES-256 client-side encryption with RSA-4096 key exchange. Zero-knowledge architecture — Tresorit cannot decrypt your files, file names, or folder structure. The encryption is not optional; every file is encrypted before it leaves your device. That is a meaningful difference from Dropbox (server-side encryption, Dropbox holds the keys) and Google Drive (Google can and does access file contents for indexing, AI features, and legal compliance). Swiss Post acquired a controlling stake in 2021, making Tresorit a subsidiary of the Swiss national postal service. That is unusual for a privacy company — but Swiss Post is government-owned, which means Tresorit operates under Swiss Federal Data Protection Act with no VC pressure to monetize data. Servers in Switzerland, Ireland, and the Netherlands. ISO 27001:2022 certified by TUV Rheinland. GDPR, HIPAA, CCPA, NIS2, and TISAX compliant. The tradeoffs are real. Tresorit costs 2-3x more than mainstream cloud storage per GB. No block-level sync — every file edit re-uploads the entire file because client-side encryption prevents delta syncing. Download speeds lag behind Dropbox and Google Drive. The web app lacks drag-and-drop upload. Files live in 'tresors' (encrypted containers), not a standard folder hierarchy, which adds friction. There is no Linux desktop client. Proton Drive is the closest competitor: also E2E encrypted, also Swiss, also zero-knowledge, and now includes Docs and Sheets. Proton is open-source and independently audited; Tresorit is closed-source. Proton's free tier is more generous (5GB vs 3GB). But Tresorit has stronger enterprise features — SSO, admin policies, data residency controls, dynamic watermarks — that Proton lacks. For solo journalists, Proton Drive is often the better value. For newsrooms that need admin controls and compliance certifications, Tresorit fills a gap no other E2E encrypted provider covers. ## Best for / not for **Best for:** Encrypted storage for sensitive source documents, investigation files, and legal materials. Newsrooms needing enterprise-grade admin controls (SSO, device management, audit logs) with genuine zero-knowledge encryption. Secure file sharing with external collaborators via encrypted links with access controls and expiration. **Not for:** Budget-conscious freelancers — Proton Drive offers similar encryption at lower cost with a more generous free tier. Heavy collaboration workflows — Google Docs and Sheets are far faster for real-time co-editing. Users who need fast sync for large files — the lack of block-level sync means slow uploads on file edits. Linux desktop users (no native client). Anyone who needs full-text search across file contents — encryption prevents server-side indexing. ## Pricing - **Pricing:** Personal Essential: ~$14/month for 1TB. Personal Pro: ~$34/month for 4TB. Business: $15/user/month (10+ users, 1TB/user). Small Business: $25/user/month (2-9 users). Enterprise: custom pricing. Free Basic tier: 3GB, 2 devices, 500MB file size limit. Annual billing saves ~20%. - **Free option:** no ## Security & privacy details - **Encryption in transit:** yes - **Encryption at rest:** yes - **Data jurisdiction:** Switzerland. Company headquartered in Zurich. Offices in Budapest and Munich. Servers in Switzerland, Ireland, and the Netherlands. Subject to Swiss Federal Data Protection Act. Business plans offer data residency options (choose where your data is stored). Swiss Post ownership means the parent company is Swiss government-owned — subject to Swiss law, not EU or US jurisdiction for corporate decisions. **Privacy policy TL;DR:** Zero-knowledge encryption: Tresorit states it cannot decrypt file contents, file names, or encryption keys. Tresorit collects registration data (email, name, address), billing info, account metadata (folder names, sizes, member lists), access logs (IP, location, platform), and device information. Non-encrypted metadata is accessible to Tresorit. Business accounts with recovery master keys enabled allow a designated Recovery Administrator to access encrypted content — a deliberate enterprise feature, not a backdoor. Tresorit complies with Swiss law enforcement requests and may transmit personal data when legally required. No published transparency report with specific numbers on government data requests. **Practical mitigations (operational guidance, not optional):** Enable two-factor authentication. Business accounts: carefully evaluate whether to enable the recovery master key — it gives the Recovery Administrator access to encrypted content. Pay with methods that minimize payment metadata if anonymity matters. Use a strong, unique password — if lost without recovery options, files are permanently unrecoverable. Review sharing link permissions and set expiration dates. For highest-risk scenarios, combine Tresorit with a VPN to mask IP addresses in access logs. Verify that your data residency setting matches your jurisdictional needs. ## Ownership & business - **Owner:** Tresorit AG (Zurich, Switzerland). Founded 2011 by Istvan Lam, Szilveszter Szebeni, and Gyorgy Szilagyi. Majority owned by Swiss Post Communications Services since July 2021. Swiss Post is the sole shareholder. CEO: Istvan Hartung (since June 2023). ~100 employees. - **Funding model:** Series B (€11.5M, 2018). Acquired by Swiss Post in 2021. No longer venture-backed. Operates as an independent subsidiary of Swiss Post. - **Business model:** Subscription. Revenue from personal plans ($14-34/month), business plans ($15-25/user/month), and enterprise contracts. Free Basic tier (3GB) as lead generation. Additional revenue from Tresorit Engage (secure data rooms) and eSign products. - **Open source:** no **Known issues:** Closed-source — no independent code audit of client-side encryption implementation is publicly available (unlike Proton Drive, which is open-source and audited by Securitum). Download speeds significantly slower than mainstream cloud storage, with files frequently stalling near completion. No block-level sync due to E2E encryption — every file edit re-uploads the entire file. Web app lacks drag-and-drop file upload. No Linux desktop client. No full-text search across encrypted file contents. 'Tresor' container model adds friction compared to standard folder hierarchies. No published transparency report with specific numbers on government data requests — unlike Proton, which publishes annual figures. The Swiss Post acquisition raised questions in privacy communities about government ownership of a privacy company, though Swiss Post has no history of data access issues. --- Canonical HTML: https://fieldwork.news/tools/tresorit Full dataset: https://fieldwork.news/llms-full.txt Methodology: https://fieldwork.news/methodology