Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Tresorit

VERIFIED
File sharing · Switzerland
Founded 2011 · tresorit.com ↗

Swiss-Post-owned (state-anchored) E2E encrypted enterprise cloud storage (Tresorit AG, Zurich), Swiss + EU DC options, ISO 27001.

In short

Tresorit, in the File sharing category, offers EU hosting with Ireland as its hosting location, but a US parent or sub-processor leaves material CLOUD Act exposure.

Assessment notes

Tresorit AG (Zurich, Pfingstweidstrasse 60b; CHE-349.825.210) is the enterprise-grade zero-knowledge end-to-end-encrypted cloud-storage product founded in 2011 by István Lám and Szilveszter Szebeni in Hungary and majority-acquired by Swiss Post (the Swiss state-owned postal operator) in 2021; Swiss Post is now sole shareholder, putting the company under Swiss government / state-anchored ownership; ISO/IEC 27001:2022 certified by TÜV Rheinland, GDPR + HIPAA + ITAR + FINRA + CCPA + CJIS + DORA + NIS2 + TISAX coverage, customer-selectable Swiss or EU data residency, contracts under Swiss law / Swiss Federal Act on Data Protection. The verified sub-processor list (2026-06) shows Tresorit's primary hosting is Microsoft Azure (a US-owned hyperscaler), which raises CLOUD Act exposure to material on a structural reading; in practice the zero-knowledge end-to-end encryption means Azure stores only ciphertext and Tresorit holds no keys, so compelled disclosure yields no readable content. State-anchored Swiss (Swiss Post) ownership, ISO/IEC 27001:2022 certified by TÜV Rheinland; the DPA is account-gated (paid plan + Subscription Owner role) with no standalone public URL, the key documentation gap.

CLOUD ACT
OWNERSHIP
SUB-PROCS
15 · 13 US
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Tresorit

Tresorit is the enterprise zero-knowledge end-to-end-encrypted cloud-storage product operated by Tresorit AG at Pfingstweidstrasse 60b, 8005 Zurich, Switzerland (CHE-349.825.210), with offices also in Budapest, Hungary and Munich, Germany. Founded in 2011 by Hungarian engineers István Lám and Szilveszter Szebeni, the company built its reputation around mathematically-provable client-side encryption: every file, file name, and metadata is encrypted on the user device before upload, so neither Tresorit nor any data-centre operator can access plaintext customer content. The company serves 11,000+ organisations with 4.9 / 4.5 G2 / Capterra ratings.

For an EU-sovereignty audit Tresorit's ownership story is unusually strong. In July 2021 Swiss Post (the Swiss state-owned postal and digital-services operator) acquired a majority stake; as of 2026 Swiss Post is the sole shareholder, making Tresorit a fully Swiss-state-anchored entity. This pushes the directory's other (Switzerland) classification into the highest end of that tier: Swiss jurisdiction with state-owned parent is structurally as close to "sovereign" as a vendor can credibly claim. The compliance footprint matches: ISO/IEC 27001:2022 certified by TÜV Rheinland (covering sales, development, maintenance, and support of E2E-encrypted cloud services), plus alignment with GDPR, HIPAA, ITAR, FINRA, CCPA, CJIS, DORA, NIS2, and TISAX, an unusually broad regulated-industry coverage including US healthcare (HIPAA), US defence-export controls (ITAR), US financial markets (FINRA), and US criminal-justice systems (CJIS) for the rare global customers who need that combination on top of a Swiss-jurisdiction base. Customer-selectable Swiss or EU data residency, contracts under Swiss law and the Swiss Federal Act on Data Protection.

Pricing in EUR: a Personal Plus tier starts at approximately €10/month for ~1 TB; Business plans start in the €14-30/user/month range across SecureCloud and Engage tiers; Enterprise is negotiated. Best fit: regulated enterprises (legal, financial-services, healthcare, defence), Swiss public-sector buyers, journalists and NGOs, and any organisation needing a Dropbox / Box / OneDrive replacement with mathematically-provable zero-knowledge encryption from a state-anchored Swiss vendor. Together with Proton Drive, Tresorit forms the directory's Swiss-encrypted file-sharing dual-pick; Proton wins on consumer / freemium and ecosystem breadth (Mail/VPN/Pass/Calendar/Docs), Tresorit wins on enterprise compliance breadth and the unique Swiss-Post state-owned governance.

SUB-PROCESSORS

Sub-processor map · 15

Source ↗
  • Amazon Simple Email Service (SES) US
    United States

    Transactional and notification emails (data in Ireland/EU)

  • DocuSign US
    United States

    Electronic signatures for agreements

  • Google reCAPTCHA US
    United States

    Fraud and misuse prevention during checkout

  • Microsoft Azure US
    United States

    Primary hosting (E2E-encrypted content stored in Ireland/EU) and application performance monitoring

  • Pardot (Salesforce) US
    United States

    Marketing campaigns for customers and subscribed visitors

  • PayPal US
    United States

    Online payments

  • Productboard US
    United States

    Customer feedback management

  • Salesforce US
    United States

    Customer relationship management (data in Ireland/EU)

  • SendGrid (Twilio) US
    United States

    Transactional and notification emails

  • Stripe US
    United States

    Payment processing

  • Twilio US
    United States

    Two-factor authentication (voice and SMS)

  • Zendesk US
    United States

    Customer support tools

  • Zuora US
    United States

    Subscription billing, invoicing and management

  • Tresorit GmbH EU
    Germany

    Affiliate sub-processor delivering Tresorit services

  • Tresorit Kft. EU
    Hungary

    Affiliate sub-processor delivering Tresorit services

13 of 15 sub-processors are US-incorporated. CLOUD Act exposure applies.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Capability matrix

Paid storage (from) 50 GB
Max file size 2 GB
Photo sync No
File versioning Yes
Link sharing Yes
Platforms iOS macOS Windows Android Linux Web
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
from €10/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    support.tresorit.com/hc…
    Open ↗
  • Terms of Service
    tresorit.com/legal…
    Open ↗
ALTERNATIVES

Alternatives in this category

Proton Drive
Switzerland · Founded 2014
EU-SOVEREIGN

Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE
kDrive (Infomaniak)
Switzerland · Founded 1994
EU-SOVEREIGN

Swiss kDrive cloud (Infomaniak, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, district-heating heat recycling.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE
Internxt
Spain · Founded 2020
EU-BASED

Valencia-based open-source zero-knowledge encrypted cloud (Internxt, 2020), post-quantum crypto, lifetime plans, 1 GB free, 1M+ users.

Public DPA Sub-processors Open source
FROM
€10/mo
billed annually
CLOUD ACT
MINOR