Zum Inhalt springen
Unabhängig verifiziert · Quartalsweises Re-Audit
EU VETTED

Tresorit

VERIFIZIERT
Dateifreigabe · Switzerland
Gegründet 2011 · tresorit.com ↗

Swiss-Post-owned (state-anchored) E2E encrypted enterprise cloud storage (Tresorit AG, Zurich), Swiss + EU DC options, ISO 27001.

Kurzfassung

Tresorit aus der Kategorie Dateifreigabe bietet EU-Hosting mit Ireland als Hosting-Standort, doch ein US-Mutterkonzern oder Unterauftragsverarbeiter hinterlässt ein materielles CLOUD-Act-Risiko.

Bewertungsnotizen

Tresorit AG (Zurich, Pfingstweidstrasse 60b; CHE-349.825.210) is the enterprise-grade zero-knowledge end-to-end-encrypted cloud-storage product founded in 2011 by István Lám and Szilveszter Szebeni in Hungary and majority-acquired by Swiss Post (the Swiss state-owned postal operator) in 2021; Swiss Post is now sole shareholder, putting the company under Swiss government / state-anchored ownership; ISO/IEC 27001:2022 certified by TÜV Rheinland, GDPR + HIPAA + ITAR + FINRA + CCPA + CJIS + DORA + NIS2 + TISAX coverage, customer-selectable Swiss or EU data residency, contracts under Swiss law / Swiss Federal Act on Data Protection. The verified sub-processor list (2026-06) shows Tresorit's primary hosting is Microsoft Azure (a US-owned hyperscaler), which raises CLOUD Act exposure to material on a structural reading; in practice the zero-knowledge end-to-end encryption means Azure stores only ciphertext and Tresorit holds no keys, so compelled disclosure yields no readable content. State-anchored Swiss (Swiss Post) ownership, ISO/IEC 27001:2022 certified by TÜV Rheinland; the DPA is account-gated (paid plan + Subscription Owner role) with no standalone public URL, the key documentation gap.

CLOUD ACT
OWNERSHIP
SUB-PROCS
15 · 13 US
Geprüfte Signale
Jurisdiktion
  • EU-/Angemessenheits-Hosting
  • EU-/Angemessenheits-Betreiber
  • Keine US-CLOUD-Act-Exposition
Transparenz
  • Öffentlicher AVV
  • Unterauftragsverarbeiter offengelegt
  • Open-Source-Clients
  • Zertifizierung durch Dritte
JUMP TO
OVERVIEW

Über Tresorit

Tresorit is the enterprise zero-knowledge end-to-end-encrypted cloud-storage product operated by Tresorit AG at Pfingstweidstrasse 60b, 8005 Zurich, Switzerland (CHE-349.825.210), with offices also in Budapest, Hungary and Munich, Germany. Founded in 2011 by Hungarian engineers István Lám and Szilveszter Szebeni, the company built its reputation around mathematically-provable client-side encryption: every file, file name, and metadata is encrypted on the user device before upload, so neither Tresorit nor any data-centre operator can access plaintext customer content. The company serves 11,000+ organisations with 4.9 / 4.5 G2 / Capterra ratings.

For an EU-sovereignty audit Tresorit's ownership story is unusually strong. In July 2021 Swiss Post (the Swiss state-owned postal and digital-services operator) acquired a majority stake; as of 2026 Swiss Post is the sole shareholder, making Tresorit a fully Swiss-state-anchored entity. This pushes the directory's other (Switzerland) classification into the highest end of that tier: Swiss jurisdiction with state-owned parent is structurally as close to "sovereign" as a vendor can credibly claim. The compliance footprint matches: ISO/IEC 27001:2022 certified by TÜV Rheinland (covering sales, development, maintenance, and support of E2E-encrypted cloud services), plus alignment with GDPR, HIPAA, ITAR, FINRA, CCPA, CJIS, DORA, NIS2, and TISAX, an unusually broad regulated-industry coverage including US healthcare (HIPAA), US defence-export controls (ITAR), US financial markets (FINRA), and US criminal-justice systems (CJIS) for the rare global customers who need that combination on top of a Swiss-jurisdiction base. Customer-selectable Swiss or EU data residency, contracts under Swiss law and the Swiss Federal Act on Data Protection.

Pricing in EUR: a Personal Plus tier starts at approximately €10/month for ~1 TB; Business plans start in the €14-30/user/month range across SecureCloud and Engage tiers; Enterprise is negotiated. Best fit: regulated enterprises (legal, financial-services, healthcare, defence), Swiss public-sector buyers, journalists and NGOs, and any organisation needing a Dropbox / Box / OneDrive replacement with mathematically-provable zero-knowledge encryption from a state-anchored Swiss vendor. Together with Proton Drive, Tresorit forms the directory's Swiss-encrypted file-sharing dual-pick; Proton wins on consumer / freemium and ecosystem breadth (Mail/VPN/Pass/Calendar/Docs), Tresorit wins on enterprise compliance breadth and the unique Swiss-Post state-owned governance.

SUB-PROCESSORS

Unterauftragsverarbeiter-Karte · 15

Quelle ↗
  • Amazon Simple Email Service (SES) US
    United States

    Transactional and notification emails (data in Ireland/EU)

  • DocuSign US
    United States

    Electronic signatures for agreements

  • Google reCAPTCHA US
    United States

    Fraud and misuse prevention during checkout

  • Microsoft Azure US
    United States

    Primary hosting (E2E-encrypted content stored in Ireland/EU) and application performance monitoring

  • Pardot (Salesforce) US
    United States

    Marketing campaigns for customers and subscribed visitors

  • PayPal US
    United States

    Online payments

  • Productboard US
    United States

    Customer feedback management

  • Salesforce US
    United States

    Customer relationship management (data in Ireland/EU)

  • SendGrid (Twilio) US
    United States

    Transactional and notification emails

  • Stripe US
    United States

    Payment processing

  • Twilio US
    United States

    Two-factor authentication (voice and SMS)

  • Zendesk US
    United States

    Customer support tools

  • Zuora US
    United States

    Subscription billing, invoicing and management

  • Tresorit GmbH EU
    Germany

    Affiliate sub-processor delivering Tresorit services

  • Tresorit Kft. EU
    Hungary

    Affiliate sub-processor delivering Tresorit services

13 von 15 Unterauftragsverarbeitern sind in den USA registriert. CLOUD-Act-Risiko anwendbar.
CERTIFICATIONS

Rahmenwerke & Zertifizierungen

ISO/IEC 27001
AKTIV
FEATURES

Funktionsmatrix

Bezahlter Speicher (ab) 50 GB
Max. Dateigröße 2 GB
Fotosynchronisierung Nein
Dateiversionierung Ja
Link-Freigabe Ja
Plattformen iOS macOS Windows Android Linux Web
INTEGRATION & ZUGRIFF
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Preise & Tarife

KOSTENPFLICHTIG
ab €10/Monat
Preisseite ansehen ↗
PUBLIC DOCUMENTS

Öffentliche Dokumente

Anbieter veröffentlicht keinen öffentlichen AVV. Ohne öffentlich zugänglichen Auftragsverarbeitungsvertrag können kleine EU-Kunden den Verarbeitervertrag nicht selbst abschließen. Dies wird als fehlender öffentlicher AVV vermerkt (siehe So prüfen wir).
  • Auftragsverarbeitungsvertrag (AVV)
    — fehlt
    fehlt
  • Liste der Unterauftragsverarbeiter
    support.tresorit.com/hc…
    Öffnen ↗
  • Nutzungsbedingungen
    tresorit.com/legal…
    Öffnen ↗
ALTERNATIVES

Alternativen in dieser Kategorie

Proton Drive
Switzerland · Gegründet 2014
EU-SOUVERäN

Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.

Öffentl. AVV Subprozessoren Open Source
FROM
€4/Mt.
CLOUD ACT
NONE
kDrive (Infomaniak)
Switzerland · Gegründet 1994
EU-SOUVERäN

Swiss kDrive cloud (Infomaniak, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, district-heating heat recycling.

Öffentl. AVV Subprozessoren Open Source
FROM
€4/Mt.
CLOUD ACT
NONE
Internxt
Spain · Gegründet 2020
EU-ANSäSSIG

Valencia-based open-source zero-knowledge encrypted cloud (Internxt, 2020), post-quantum crypto, lifetime plans, 1 GB free, 1M+ users.

Öffentl. AVV Subprozessoren Open Source
FROM
€10/Mt.
jährliche Abrechnung
CLOUD ACT
MINOR