Skip to content
NeoGuard
Tresorit logo

Tresorit

cloud storage by Tresorit AG (Swiss Post)
Try Tresorit →
End-to-end encrypted cloud storageSwiss jurisdiction (Zurich HQ, Swiss Post)Secure file sharing with access controlsBusiness admin tools and Data ResidencyMicrosoft 365 integrationCross-platform (Windows, macOS, Linux, iOS, Android)GDPR, HIPAA, nDSG, ISO 27001 compliant

In 2021, Swiss Post acquired a majority stake in Tresorit, making it one of the few cloud storage providers operating under Swiss law with zero-knowledge encryption. Your files are encrypted on your device before they leave it. Tresorit cannot read them, and neither can anyone who gains access to their servers.

That matters if you handle sensitive data: client contracts, medical records, financial documents, legal files. For businesses in Switzerland operating under the nDSG, Tresorit is one of the most straightforward paths to compliant file storage.

What Tresorit does

Tresorit is encrypted cloud storage and file sharing. You organize files into “Tresors” (encrypted containers), sync them across devices, and share them with granular access controls: password-protected links, expiry dates, download limits, and per-user permissions.

The core difference from Dropbox, Google Drive, or OneDrive: those services can access your files. Tresorit cannot. Encryption happens client-side before anything reaches their servers. This is zero-knowledge architecture: even Tresorit staff have no way to decrypt your data.

Who Tresorit is for

  • Freelancers and consultants handling client-sensitive documents (contracts, financials, project files). Tresorit lets you share files with clients securely without relying on email attachments or unencrypted cloud links. See: The Freelancer Security Setup
  • SMEs in regulated industries (legal, healthcare, finance) that need compliance-ready file storage without building their own infrastructure. See: Security Tools Every Founder Needs from Day One
  • Privacy-conscious individuals who want encrypted cloud storage without self-hosting

If you just need basic cloud storage for photos and documents and encryption is not a priority, mainstream alternatives (Google Drive, iCloud) are cheaper and more integrated. Tresorit is built for people who need the encryption.

Try Tresorit →

Key features

Zero-knowledge encryption

Every file is protected by end-to-end encryption before upload. The crypto stack uses AES-256-GCM for file contents, RSA-4096 for key exchange, and per-file integrity checks. Files are encrypted twice at rest (double encryption layer).

What makes this work is the key hierarchy. Each file gets its own encryption key. File keys are wrapped by shared folder keys, which are wrapped by account keys, which are wrapped by a tenant key. Compromising one layer does not expose the others. Your password never leaves your device: the server stores only a derived verifier, so even Tresorit’s own infrastructure cannot reconstruct your credentials.

This is fundamentally different from services like Dropbox that encrypt data at rest with keys they control. In a server breach scenario, attackers would get encrypted blobs with no practical path to decryption.

Granular sharing controls

When you share a file or folder, you control exactly how it can be accessed. Set passwords on share links, add expiry dates, limit the number of downloads, and restrict whether recipients can forward the link. For teams, per-folder and per-user permissions let you control who sees what.

Share links use a 128-bit secret embedded in the URL fragment. That is the part after the # sign in the address (e.g. tresorit.com/link**#secret-key**). Browsers never send this part to the server. Tresorit’s infrastructure sees that a link was accessed but cannot decrypt what was shared. This is a meaningful design difference from services where the provider can read shared content.

Business administration

On Business and Enterprise plans, admins get SSO integration, SIEM connectivity (pipe audit events into your existing security dashboard), remote wipe for lost devices, role-based access control, and policy templates that enforce company-wide sharing defaults. The Folder Takeover feature lets admins recover data when an employee leaves, preventing lockout.

Data Residency Options let admins mandate which country stores data, configurable per user group. A legal team’s files can be pinned to Swiss servers while a marketing team uses EU servers, all within the same organization. For businesses subject to the nDSG or cantonal data protection requirements, this is a practical compliance lever that most competitors do not offer at this granularity.

Compliance coverage

Tresorit is certified for GDPR, HIPAA, ISO 27001, and nDSG. Switzerland has EU adequacy status, meaning data stored with Tresorit is treated as intra-EU from a GDPR perspective. No Standard Contractual Clauses needed.

Cross-platform support

Tresorit is available on Windows, macOS, Linux, iOS, and Android, plus a web interface. Linux support is uncommon among mainstream encrypted cloud providers, and Tresorit’s desktop client covers it.

What Tresorit does not do

  • Tresorit is not a backup tool. It syncs files, but it does not do block-level sync or continuous versioning (free plans have limited versioning). Pair it with a dedicated backup solution for true redundancy.
  • Large files hit limits. The maximum file size is 10 GB. If you work with video, VM images, or large databases, this will be a constraint.
  • Sync performance is not instant. Tresorit re-uploads entire files on changes (no block-level delta sync). For large files edited frequently, this means noticeable delays compared to Dropbox.
  • Fewer integrations than mainstream alternatives. No Rclone or WebDAV support. If you need headless/server access or deep third-party integrations, Proton Drive (which supports Rclone) or Nextcloud may be a better fit.

Pricing

Tresorit is significantly more expensive than mainstream cloud storage, roughly 3-4x what you would pay for Dropbox or Google Drive at equivalent storage tiers. That is the trade-off for zero-knowledge encryption under Swiss jurisdiction. Plans range from a limited free tier through personal, professional, and business options.

Check Tresorit’s pricing page for current plans and rates.

Swiss relevance

Tresorit AG is registered in Zurich, and all customer contracts are governed by Swiss law. With Swiss Post as majority owner, the company operates under Swiss public-law frameworks, not the US CLOUD Act or UK Investigatory Powers Act.

For businesses subject to the nDSG, Tresorit’s client-side encryption directly addresses the requirement to implement “appropriate technical and organizational measures” for personal data protection (Art. 8 nDSG). Combined with Swiss jurisdiction and EU adequacy status, it is one of the lowest-friction paths to compliant file storage.

Tresorit also carries the Digital Trust Label, a Swiss-specific certification awarded by the Swiss Digital Initiative (founded by digitalswitzerland). The label audits trustworthiness across security, data protection, reliability, and fair user treatment. It is not a self-declaration: independent auditors verify compliance. Few cloud storage providers hold it, and it signals a level of accountability that international certifications alone do not cover.

The Swiss Post ownership is worth noting from both sides: it adds institutional credibility and long-term stability, but some privacy advocates view any government-adjacent ownership as a concern. Tresorit’s zero-knowledge architecture means Swiss Post cannot access your files regardless of ownership structure, but the philosophical point matters to some users.

Tips for getting the most out of Tresorit

  • Organize by client or project. Create separate Tresors per client or engagement. This keeps access control clean and makes it easy to revoke access when a project ends.
  • Set sharing defaults to restricted. Change the default from “anyone with the link” to password-protected with expiry dates for any external file sharing.
  • Enable 2FA. Use an authenticator app, not SMS, especially for admin accounts.
  • Plan around the 10 GB limit. If you work with large files, split them before upload (7-Zip or the split command on macOS/Linux).
  • Use Folder Takeover proactively (Business plans). Configure it before you need it, so departing employees’ data is immediately accessible.
  • Pair with a real backup. Tresorit syncs files but is not a backup solution. Use a separate tool (Restic, Backblaze B2) for off-site backups.
Try Tresorit →