Tresorit Review

Tresorit is a premium cloud storage service that features end-to-end (zero knowledge) encryption of your data, along with a full set of business-oriented features. In this Tresorit review update, we’ll take a closer look at this service to see what’s new, what it can do, and whether it’s right for you.

Tresorit feature summary

Tresorit is a feature-rich solution with strong security standards, which is why many consider it to be the best cloud storage service. Here is a quick summary of the major features of Tresorit, which we’ll cover more below. Note that some of these features are only available in one or more of the paid Tresorit plans.

• Supported platforms include Windows, Mac OS, Linux, Android, iOS, major web browsers
• End-to-end data encryption using AES-256 and TLS
• Massive amounts of file storage
• Fine control of synchronization with deleted version recovery
• Synchronizes across all your devices and browsers
• Administrative reports & analysis
• File Request feature to securely exchange documents with external users
• Third-party security tested with numerous industry certifications
• Plans for every level of user from individual to enterprise
• 2FA (two factor authentication) support

Company information

Tresorit is a venture-funded company founded in April 2011. The company is based in Switzerland, with their R&D center in Budapest, Hungary. Tresorit employs more than 80 staff across its facilities.

The company is subject to Switzerland’s strong data protection laws. This is a plus for users, as Switzerland is generally considered one of the most privacy-friendly countries in the world.

Where does Tresorit store user data?

By default, the data you store in Tresorit is encrypted and stored in data centers in Ireland. However, business and enterprise customers can opt to store their data in the US (East and West coast), the UK, Canada, Ireland, Germany, France, Switzerland, Netherlands, Singapore, and Dubai. You can find out more about this on Tresorit’s Data Residency Options page.

Tresorit Terms of Service

I reviewed the Tresorit Terms of Service (ToS) for this review. While long, the document is written in English, without much legalese. It even includes a useful glossary of terms at the end of the document.

Everything in the ToS is governed by Swiss law, excluding the Swiss conflict of law rules. Points of interest in the ToS:

• Tresorit will get some of your Personal Data in the course of creating and managing your account. They may share that data with some trusted third parties.
• Business customers can designate a Recovery Administrator. The designated Recovery Administrator will, “…have access to the recovery key and might also reset Company Administered Users’ passwords and may be able to access, disclose, restrict or remove information in or from Company Administered User Accounts.”
• I found sections 5.3 and 5.4 of the ToS to be somewhat confusing. I asked Tresorit Customer Service to explain them. They explained that a company can require individual users of Tresorit to join the company’s Business Subscription. If that happens, control over the user’s account is transferred to the subscription holder (the company). If the user later leaves the Business Subscription, the subscription holder has the ability to delete the user’s stored data when they leave. As an independent contractor, I would be uncomfortable losing control of my personal Tresorit account to a client company.
• Certain Tresorit services may require you to install the Tresorit DRM service. Using Tresorit DRM may require you to install software on user computers, and submit to additional EULAs (End User License Agreements). Activating DRM may cause protection to be applied to files automatically, and those files will not be able to be opened or edited without an internet connection.
• Unless you instruct them otherwise in writing, the ToS gives Tresorit the right to, “…publish and identify Customer as a user of the Service, and Customer grants to Tresorit a non-exclusive, fully paid-up licence to use its logos and trademarks and agrees that Tresorit may use any logo and/or name associated with Customer on the Tresorit website and other marketing materials.”

Tresorit Privacy Policy

I also reviewed the Tresorit Privacy Policy. Right at the top of the policy, Tresorit makes it clear that they are committed to protecting your privacy in accordance with the European Union’s GDPR. I like this, as well as the way the company organized this important policy document. The left side of each page contains the full, legally-binding sections of the document. The right side of each page contains a short, plain English summary of the meaning of each section.

Points of interest in the Privacy Policy:

• Tresorit needs to keep some data about your Tresorit Folders (Tresors) unencrypted. This data includes the name of the folder, its size, and the names of the members. While this isn’t ideal, they explicitly state that they have no way to connect this data to the encrypted data and filenames inside the folders.
• Tresorit also can store and access additional personal information when you send and deliver invitations.
• Likewise, they may acquire additional information about you if you download shared content.
• Tresorit generates usage logs and analytics that contain details such as: IP address, browser type, operating system, identification number of your devices, access time, Tresorit client version, and error logs. However, these logs are only stored locally on your device for troubleshooting purposes and Tresorit cannot access them. These logs are not sent to Tresorit.
• You have the ability to opt out of some of this data collection by editing settings within the product.
• The company uses the data they collect for the operation of the service, for research and development of the service, and for marketing purposes.
• They can also use information they collect about you when required by law, or to protect their “…legal rights interests and the interests of others…”
• On mobile devices, Tresorit use mobile analytics software to record, “…information such as how often you use the mobile application, the events that occur within the mobile application,
• aggregated usage, and performance data.” They do state that this data is only used to produce aggregate insights which do not identify you.
• Tresorit reserves the right to use your data for any other use where they get your permission or otherwise in accordance with applicable laws and the Privacy Policy.
• When it comes to data retention, Tresorit will keep your personal data, “as long as it is needed to fulfill the purposes specified above, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).” When you delete a Tresor, the encrypted data that was stored within it will be deleted within 90 days.

Tresorit security audits and other third-party tests

We’re always looking to see what kind of third-party testing a service has had done. Anyone can talk a good game about their service.

But, if we are going to trust our data to them, we want to see that they have had some serious testing done by outsiders. In August and September 2019, Tresorit brought in a team from Ernst & Young (EY) to do that serious outsider testing. The independent security assessment they did included penetration testing, source code review, and a cryptographic review.

Summarizing the results of their testing, Mihaly Zala, Cybersecurity, Technology Risk and Technology Consulting Leader at EY stated that:

We paid specific attention to Tresorit’s claim regarding end-to-end encryption and to identify potential security deficiencies during the security review. Our assessment concluded that Tresorit ensures high confidentiality by encrypting data on the client-side and in a way that Tresorit servers and employees never receive cleartext data or the encryption keys.

While the Security Evaluation Summary document published by EY states that, “Our work will not be performed in accordance with generally accepted auditing, review, or other assurance standards in [the relevant jurisdiction] and accordingly does not express any form of assurance,” it does appear that Tresorit is a secure place to store your data. To learn more about the testing done by EY, go here.

It’s great to see more services undergoing third-party audits, a trend we also see with VPN services such as ExpressVPN.

The intensive testing done by Ernst & Young shows that Tresorit is sound technically. Beyond this, the product has achieved several important certifications including:

• ISO 27001
• GDPR
• HIPAA
• FedRAMP

For more information, visit the Tresorit Security page.

Tresorit apps

Tresorit covers all the important bases when it comes to apps. They have clients for the three key operating systems:

• Windows
• Mac OS
• Linux

Also mobile apps for Android and iOS, which look like this:

And here is the Tresorit web app, which works with any modern browser.

As you can see, the interface is clean and pretty consistent across devices and services.

Tresorit hands-on testing for the review

For this review I installed the desktop Tresorit client on a system running Microsoft Windows.

Installing Tresorit

The Tresorit installation is straightforward. Download the desktop client you want from the Tresorit site, then launch it to start the installation process. You’ll need to enter an email address, username, and password, then respond to a verification email.

Once you do all that, Tresorit will start, and give you a quick walkthrough of the key things you will need to know. The first thing you will learn is that all your files are organized into encrypted Tresors. As the Tresorit Support pages explain,

Tresors are secure, encrypted parent folders to your files. Any local folder on your computer can be turned into a tresor which means the contents of that folder will be encrypted and protected in the cloud. You don’t need to change your existing folder structure – any file and folder can be synced directly, without moving them to a central location.

More importantly, files and folders can be mixed and matched to Tresors arbitrarily. That is, you can include files and folders in multiple Tresors any way that makes sense for you.

As the creator of a Tresor, you can share and manage it, even create links to it for easy access. This quick walkthrough is very useful, so don’t skip it!

Tresorit creates your first Tresor for you and displays it in the desktop app’s Tresors page. It will look something like this:

Once you have Tresorit installed and your default Tresor appears, you’ll want to take a look at the default settings.

Configuring Tresorit

While Tresorit will of course work fine with its default settings, there are a few things you may want to check. To do so, click Settings in the menu on the left side of the Tresorit window.

General tab

Depending on your threat model, and general attitude about privacy, you may want to disable the Send logs from this device and Send anonymous usage statistics from this device options.

Advanced tab

Again, based on your threat model, you may want to disable Custom folder icons in Windows Explorer and, under Enable Tresorit Drive‘s Advanced settings, Disable image thumbnails on network folders.

About tab

Hit the Show tutorial button here if you need a refresher on Tresorit.

Using Tresorit

Tresors are very flexible, but that means there is a little more to using them than simply dumping files or folders into them. They can take two forms. They can be unsynchronized, or they can be synchronized with a folder on your device.

An unsynchronized Tresor acts like an encrypted folder that happens to exist in the cloud rather than on your device. You can copy files or folders into it, and you can share it with others, which we will talk about shortly.

A synchronized Tresor is associated with a file or folder on your device. Changes to this Tresor will be synchronized with the associated file or folder as you would expect.

Where it could get a little confusing is when you are dealing with subfolders within Tresors. While many products will automatically sync subfolders within a folder, Tresorit makes this optional. You must manually enable synchronization of each subfolder in a Tresor if you want them synchronized. Taking this approach might make for more work when setting up a Tresor, but it does have advantages.

For example, you could create a Tresor for a project where some of the files and folders for that project are shared with everyone who has access to the Tresor. You could also have unsynchronized subfolders within the Tresor that only you could see. This way, you could have all the files related to the project safely stored in one Tresor, with files you don’t want to share with the rest of the team stored in an unsynchronized subfolder.

Sharing a Tresor

Once you’ve created a Tresor that contains the files and folders you want to share, you have two options. You can either send an email to people inviting them to become members of the Tresor or you can send a link. While members have to have a Tresorit account, anyone with the link can view the contents of the Tresor. As you can see below, when you generate a link, you have various controls you can place on it, including an expiration date and optional password:

Additional Tresorit features

Now that we’ve looked at the basics, let’s look at some interesting additional features of Tresorit.

Gmail and Outlook integration

One particularly powerful capability of the business versions of Tresorit is the way it can encrypt email attachments and password protect files sent through Gmail and Outlook. You get end-to-end encryption and data residency options (see below) that let you continue using your existing workflows while securely communicating with co-workers and external partners.

Learn more about Tresorit for Gmail and Tresorit for Outlook today.

Note: See also our guide on alternatives to Gmail.

Data Residency options

As I mentioned earlier, Tresorit offers business and enterprise customers the ability to specify where their data will be stored. Given that various regulations may require data to be stored in specific regions, the ability to specify data residency options can be crucial. For example, a company governed by the GDPR may be required to store their data within the European Union, while one governed by the CCPA may have to store data in California. Multinationals may need to store certain data in one region while other data must be in a different one.

Tresorit offers data storage in the following regions:

• Canada
• France
• Germany
• Ireland
• Switzerland
• Netherlands
• Singapore
• Dubai
• UK
• USA – East
• USA – West

Dubai is an interesting location, since the country is known for intense censorship and internet regulation (prompting many to use a VPN for Dubai censorship evasion). For more information on data residency, visit this page.

Tresorit Drive

Tresorit Drive is a tool that connects to the file manager on your device. It allows users of any Tresorit plan to work on files that are stored in the cloud, without downloading or syncing them. Working this way is slower than working with files downloaded to your device. However, using Tresorit Drive gives you access when security policies, government regulations, or limited storage on mobile devices makes working with files on your device is not possible.

Note: In March 2021 Tresorit boosted Tresorit Drive for Windows to version 2.0. This version is faster and more stable than previous versions.

Admin Center Dashboard

The Admin Center Dashboard allows business and enterprise customers to monitor and control your organization’s Tresorit account and its users. Among other capabilities, you can set user policies, monitor the activities of users, and generate reports on it all.

Active Directory integration

Synchronize users, Tresors, and Tresor memberships using Active Directory in business and enterprise installations.

File Request feature

File Request allows Tresorit users to create encrypted request links that can be sent to anyone without a Tresorit account to safely upload content to the requester. As described on their website,

With File Requests, you can collect and receive files in a secure environment, even if the other person doesn’t have a Tresorit account. All uploaded files get encrypted on the uploaders’ device and saved to the cloud.

This is a great addition to the existing lineup of features.

Tresorit support

Tresorit provides email, chat, and telephone support. Based on online commentary, most users find Tresorit support to be good to excellent.

For this Tresorit review, I emailed support and found the response time to be acceptable (less than 24 hours), with detailed responses to my questions.

This support is provided seven days a week, with priority email support available to business and enterprise customers. They also provide live chat support seven days a week during business hours.

Business users have access to scheduled phone support, while enterprise customers have full phone support, Monday through Friday, 9AM to 6PM CET.

How secure and private is Tresorit?

Tresorit is a strong, professional service. So let’s talk specifically about how secure and private it is.

Tresorit security

Tresorit’s security is about as tight as you can get. AES-256 end-to-end (zero-knowledge) encryption means that it is secure against anyone reading your encrypted data if you don’t want them to. And the recent testing by Ernst & Young backs this up. That said, with business and enterprise plans, a company-designated Recovery Administrator may be able to decrypt and read your stored data.

Tresorit privacy

When thinking about privacy on cloud storage services it is helpful to look at two different aspects: the data you store there, and the personal data you provide or that they can gather in the normal course of doing business.

Data you store

Since the data you store in Tresors is encrypted on your device, is encrypted in transit between your device and Tresorit servers, and remains encrypted while on their servers, that data is private. However, to make the Tresor system work, the company collects some data about your Tresors, including the name of the Tresor, its size, and the names of the members. Only you, people you share Tresor access with, and any Recovery Administrators can read it.

Personal data

As described in their privacy policy, Tresorit does have access to, and will make use of some personal information that you supply. This can include usage logs and analytics.

They may share any such data with third-parties, government officials, and anyone else they think they need to in order to protect their “…legal rights interests and the interests of others…”

Note: In terms of privacy, we generally recommend using a good VPN service to conceal your IP address and location from third parties.

Tresorit prices

Tresorit breaks up its plans into two broad categories: For individuals, and For teams. Note that all Tresorit plans are zero-knowledge, end-to-end encrypted, meaning that not even Tresorit can read what you store in your Tresors.

Tresorit Individual plans

There are now four individual plans: Send, Basic, Premium, and Solo. Yes, I know that you don’t see the Basic plan here. I’ll explain how to get to it in a minute.

Send: Free

This isn’t actually a Tresorit plan like those we have been discussing here. Instead, it is a free tool for sending large files or files (up to 5 GB), with encryption and other security features that put it ahead of competitors like WeTransfer and Hightail.

Basic: Free

This is Tresorit’s entry-level plan. It is somewhat limited, in that you can only install it on two devices and have access to a total of three simultaneous tresors. But beyond that, it is pretty impressive, giving you 3 GB of storage, file sharing (50 links per month, 250 MB per link), synchronization between devices, and offline access to your data.

But the question remains: how do you get Tresorit Basic? As the company explains here, Tresorit Basic is what you get when you take the free 14-day trial of either Premium, Solo, or Business plans, but cancel before the trial period ends. In that case, instead of booting you out of the system altogether, the company converts your trial subscription into a Tresorit Basic subscription.

Premium: $10.42/month, billed annually; $12.50 per month, billed monthly

If you like what Tresorit offers, but the Basic plan is too limited for you, the Premium plan gives you a step up in features and capabilities. It gives you everything that is in the Basic plan, syncs up to 5 devices and gives you 500 GB of file storage. With this plan you also get Tresorit for Outlook and Gmail, a rolling activity log that lets you track changes and restore previous versions of files.

Solo: $24/month, billed annually; $30/month, billed monthly

The Solo plan is designed to provide secure collaboration for professionals. It gives you everything that is in the Premium plan, plus:

• Sync up to 10 devices
• 2,500 GB of file storage (2.5 TB)
• Maximum file size of 10 GB
• Unlimited tracking and restoration of previous versions
• The ability to monitor the activities of everyone collaborating on a project
• Tiered access control with different access levels/rights
• Email verification for shared files
• Documented GDPR compliance

Tresorit Business plans

Tresorit also offers three team plans: Business Standard, Business Plus, and Enterprise.

Business Standard: $14.50/user/month, billed annually; $18/user/month, billed monthly

Designed for teams of at least 3 people, this plan lets you set custom team rights and policies. It includes 1,000 GB (1 TB) of encrypted data storage for each user along with secure file sharing. You also get Tresorit for Outlook and Gmail, as well as the ability to restore files that were deleted or being held in a ransomware attack.

Business Plus: $19.17/user/month, billed annually; $24/user/month, billed monthly

This plan is also designed for teams of 3 or more. It gives you everything in the Business Standard plan, along with a number of additional features like 2 TB of encrypted storage per user, detailed logs, cu7stom branding, and more.

Enterprise: $24/user/month, billed annually; $30/user/month, billed monthly

The Enterprise plan is designed for 50+ users. It gives you everything in the Business plan, plus various customization options, a dedicated account manager, even API access. It also includes the new Tresorit Content Shield, a tool for protecting your data when it is shared outside the organization.

For more details on all the paid Tresorit plans, visit their pricing page.

Tresorit review conclusion

Tresorit looks to be a great service for business and enterprise users. It seems designed for a business environment where the goal is to protect the organization from outsiders while complying with relevant regulations and maintaining organizational control over the use of the service.

Is Tresorit right for you?

If you represent a business or other large organization that needs a flexible system for sharing data and protecting it from outsiders, Tresorit could be a great solution. There are plans that allow you to manage and analyze the use of the service by your employees. Third party penetration testing, along with source code and cryptographic reviews lend confidence in the service. And a slew of certifications and numerous data residency options makes it ideal for multinationals and other organizations that can justify the price.

If you are looking for a personal cloud storage service, Tresorit is probably not a good match. The free plan is too limited, and the paid plans are relatively expensive. You probably don’t need the sharing capabilities or compliance with international standards. A less expensive, less complicated service that gathers less personal data would probably be a better choice. See our guide on the best cloud storage here.

Here are our other cloud storage reviews:

MEGA Cloud Review

Sync.com Review

Nextcloud Review

IDrive Review

pCloud Review

SpiderOak Review

NordLocker Review