Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Tresorit eSign

VERIFIED
E-signature · Switzerland
Founded 2011 · tresorit.com/m/esign ↗

E-signature module of Swiss-Post-owned Tresorit, the directory's only zero-knowledge E2E option with eIDAS Qualified signatures (via Evrotrust QTSP); runs on Azure (default EU region Ireland).

In short

Tresorit eSign, in the E-signature category, offers EU hosting with Ireland as its hosting location, but a US parent or sub-processor leaves material CLOUD Act exposure.

Assessment notes

Tresorit eSign is the electronic-signature module of Tresorit AG (Zurich; sole shareholder Swiss Post, the Swiss state-owned operator) and is the directory's only e-signature option combining zero-knowledge end-to-end encryption with eIDAS Qualified Electronic Signatures, the latter issued through a partnership with the EU Qualified Trust Service Provider Evrotrust (Bulgaria) rather than by Tresorit itself; ISO/IEC 27001:2022 certified, runs on Microsoft Azure with a default EU storage region of Ireland and customer-selectable EU residency. CLOUD Act exposure is material because Azure is a US-owned hyperscaler in the at-rest path, but the zero-knowledge architecture means Azure holds ciphertext only and Tresorit holds no keys; held at 4/5 by that US storage sub-processor and the absence of a public standalone DPA URL (request-based), with state-anchored Swiss-Post ownership and the E2E + QES combination as the offsetting strengths. For pure-EU-sovereignty buyers the one category option with no US-owned infrastructure in the at-rest path is Skribble (CH, cloud_act_exposure: none); the Namirial-group QTSPs (Universign FR, Signaturit ES) are no longer a cleaner alternative here, since their 2025 Bain Capital (US private-equity) ownership and AWS-at-rest hosting put them at material too, without Tresorit's zero-knowledge mitigation.

CLOUD ACT
OWNERSHIP
SUB-PROCS
10 · 7 US
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Tresorit eSign

Tresorit eSign is the electronic-signature module of Tresorit AG (Pfingstweidstrasse 60b, 8005 Zurich; CHE-349.825.210), the zero-knowledge end-to-end-encrypted cloud-storage company that has been a wholly-owned subsidiary of Swiss Post (the Swiss state-owned postal and digital-services operator) since 2021. Launched as a product around 2022, eSign is the directory's only e-signature listing that combines genuine zero-knowledge, end-to-end encryption of the document workflow with full eIDAS Qualified Electronic Signatures (QES). Tresorit is not itself a Qualified Trust Service Provider; the QES tier is issued through a partnership with Evrotrust, an EU-listed QTSP (Bulgaria), and obtaining a qualified signature requires ID/passport plus video identification of the signer, in line with eIDAS. The product also offers simple electronic signatures, Long Term Validation (signature validity guaranteed for 5, 10, or more years), drag-and-drop fillable fields, and signing from any device without a Tresorit account.

For an EU-sovereignty audit the posture mirrors Tresorit's storage listing. The infrastructure is Microsoft Azure, with the default data-at-rest region in Ireland (EU) and customer-selectable EU residency (Germany, France, Netherlands and others) on Business and Enterprise plans; the company is ISO/IEC 27001:2022 certified (TÜV Rheinland) and aligned with GDPR plus a broad regulated-industry set. The directory records cloud_act_exposure: material because Azure is a US-owned hyperscaler sitting in the at-rest path, but the zero-knowledge architecture means Azure stores ciphertext only and Tresorit holds no keys, so compelled disclosure yields no readable content. The two transparency gaps carried over from the storage listing apply here too: there is no public standalone DPA URL (the DPA is delivered to business customers on request) and the sub-processor list is published via the Tresorit help centre rather than a dedicated legal page. Ownership is Swiss-state-anchored (ownership_signal: other: Switzerland, with Swiss Post as sole shareholder).

Pricing is paid: licences are around €5/month per user, with per-signature pricing of roughly €0.3 for a simple electronic signature and €2.5 for an EU Qualified electronic signature, and a small free quota (about 10 simple and 6 qualified signatures) for evaluation. Best fit: regulated teams (legal, healthcare, finance, security-conscious businesses) already standardised on Tresorit's encrypted storage who want qualified signatures inside the same end-to-end-encrypted workspace rather than bolting on a separate signing platform. Buyers whose priority is the cleanest ownership-and-sub-processor story for purely-EU workflows should look to Skribble (Switzerland, no CLOUD Act exposure); the Namirial-group QTSPs Universign (France) and Signaturit (Spain), once the benchmark here, now carry the same material exposure (AWS at rest) plus a US-private-equity parent (Bain Capital, 2025) and, unlike Tresorit eSign, no zero-knowledge encryption to offset it. Tresorit eSign's differentiator remains the zero-knowledge-encryption-plus-QES combination, which none of the other listed options match.

SUB-PROCESSORS

Sub-processor map · 10

Source ↗
  • Amazon Simple Email Service (SES) US
    United States

    Transactional and notification emails (data in Ireland/EU)

  • Microsoft Azure US
    United States

    Primary hosting (E2E-encrypted content stored in Ireland/EU) and application performance monitoring

  • SendGrid (Twilio) US
    United States

    Transactional and notification emails

  • Stripe US
    United States

    Payment processing

  • Twilio US
    United States

    Two-factor authentication (voice and SMS)

  • Zendesk US
    United States

    Customer support tools

  • Zuora US
    United States

    Subscription billing, invoicing and management

  • Evrotrust Technologies AD EU
    Bulgaria

    EU Qualified Trust Service Provider; issuance of eIDAS Qualified Electronic Signatures and signer identity verification

  • Tresorit GmbH EU
    Germany

    Affiliate sub-processor delivering Tresorit services

  • Tresorit Kft. EU
    Hungary

    Affiliate sub-processor delivering Tresorit services

7 of 10 sub-processors are US-incorporated. CLOUD Act exposure applies.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Capability matrix

Qualified signature (QES) Yes
Advanced signature (AES) No
Audit trail Yes
Templates No
ID verification Yes
API / webhooks No
INTEGRATION & ACCESS
REST API No
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
from €5/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    support.tresorit.com/hc…
    Open ↗
  • Terms of Service
    tresorit.com/legal…
    Open ↗
ALTERNATIVES

Alternatives in this category

Eversign (Xodo Sign)
Austria · Founded 2017
US-LINKED

Vienna-launched e-signature platform (eversign GmbH, 2017), acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
DIRECT
Signaturit (Namirial)
Spain · Founded 2013
EU-HOSTED

Barcelona-based Spanish digital-trust group (Signaturit, a Namirial company; parent Namirial acquired by Bain Capital, US PE, 2025), 4 QTSPs with highest eIDAS qualifications; platform hosted at rest on AWS.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL
Signicat
Norway · Founded 2006
EU-HOSTED

Trondheim-based pan-European eIDAS QTSP for digital identity, e-ID and qualified e-signatures; Nordic Capital-owned, EEA-hosted on US hyperscalers.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL