Tresorit is a premium cloud storage service that features end-to-end (zero knowledge) encryption of your data, along with a full set of business-oriented features. In this review, we’ll take a closer look at this service to get a feel for what it can do and whether it is right for you.
- End-to-end encrypted with AES-256, TLS
- Based in Switzerland, a privacy-friendly jurisdiction
- GDPR compliant
- Supports 2FA
- 3 GB storage (free plan); 200 GB – 2,000 GB (paid plans)
- 24/7 support
- Telephone, email, live chat support
- Paid versions are expensive
- Not open source
- Complicated to use
Tresorit feature summary
Here is a quick summary of the major features of Tresorit, which we’ll cover more below. Note that some of these features are only available in one or more of the paid Tresorit plans.
- Supported platforms include Windows, Mac OS, Linux, Android, iOS, major web browsers
- End-to-end data encryption using AES-256 and TLS
- Massive amounts of file storage
- Fine control of synchronization with deleted version recovery
- Synchronizes across all your devices and browsers
- Administrative reports & analysis
- Third-party security tested with numerous industry certifications
- Plans for every level of user from individual to enterprise
- 2FA support
Tresorit is a venture-funded company founded in April 2011. The company is based in Switzerland, with their R&D center in Budapest, Hungary. Tresorit employs more than 80 staff across its facilities.
The company is subject to Switzerland’s strong data protection laws. This is a plus for users, as Switzerland is generally considered one of the most privacy-friendly countries in the world.
Where does Tresorit store user data?
By default, the data you store in Tresorit is encrypted and stored in data centers in Ireland. However, business and enterprise customers can opt to store their data in the US (East and West coast), the UK, Canada, Ireland, Germany, Switzerland and France. You can find out more about this on Tresorit’s Data Residency Options page.
Tresorit Terms of Service
I reviewed the Tresorit Terms of Service (ToS) dated June 19, 2019. While long, the document is written in English, without much legalese. It even includes a useful glossary of terms at the end of the document. Everything in the ToS is governed by Swiss law, excluding the Swiss conflict of law rules.
Points of interest in the ToS:
- Tresorit will get some of your Personal Data in the course of creating and managing your account. They may share that data with some trusted third parties.
- Business customers can designate a Recovery Administrator. The designated Recovery Administrator will, “…have access to the recovery key and might also reset Company Administered Users’ passwords and may be able to access, disclose, restrict or remove information in or from Company Administered User Accounts.”
- I found sections 5.3 and 5.4 of the ToS to be somewhat confusing. I asked Tresorit Customer Service to explain them. They explained that a company can require individual users of Tresorit to join the company’s Business Subscription. If that happens, control over the user’s account is transferred to the subscription holder (the company). If the user later leaves the Business Subscription, the subscription holder has the ability to delete the user’s stored data when they leave. As an independent contractor, I would be uncomfortable losing control of my personal Tresorit account to a client company.
- Certain Tresorit services may require you to install the Tresorit DRM service. Using Tresorit DRM may require you to install software on user computers, and submit to additional EULAs (End User License Agreements). Activating DRM may cause protection to be applied to files automatically, and those files will not be able to be opened or edited without an internet connection.
- Unless you instruct them otherwise in writing, the ToS gives Tresorit the right to, “…publish and identify Customer as a user of the Service, and Customer grants to Tresorit a non-exclusive, fully paid-up licence to use its logos and trademarks and agrees that Tresorit may use any logo and/or name associated with Customer on the Tresorit website and other marketing materials.”
- Tresorit needs to keep some data about your Tresorit Folders (Tresors) unencrypted. This data includes the name of the folder, its size, and the names of the members. While this isn’t ideal, they explicitly state that they have no way to connect this data to the encrypted data and filenames inside the folders.
- Tresorit also can store and access additional personal information when you send and deliver invitations.
- Likewise, they may acquire additional information about you if you download shared content.
- More concerning, Tresorit generates usage logs and analytics that contain details such as: IP address, browser type, operating system, identification number of your devices, access time, Tresorit client version, and error logs.
- You have the ability to opt out of some of this data collection by editing settings within the product.
- The company uses the data they collect for the operation of the service, for research and development of the service, and for marketing purposes.
- They can also use information they collect about you when required by law, or to protect their “…legal rights interests and the interests of others…”
- On mobile devices, Tresorit use mobile analytics software to record, “…information such as how often you use the mobile application, the events that occur within the mobile application, aggregated usage, and performance data.” They do state that this data is only used to produce aggregate insights which do not identify you.
- When it comes to data retention, Tresorit will keep your personal data, “as long as it is needed to fulfill the purposes specified above, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).” When you delete a Tresor, the encrypted data that was stored within it will be deleted within 90 days.
Tresorit security audits and other third-party tests
We’re always looking to see what kind of third-party testing a service has had done. Anyone can talk a good game about their service. But, if we are going to trust our data to them, we want to see that they have had some serious testing done by outsiders. In August and September 2019, Tresorit brought in a team from Ernst & Young (EY) to do that serious outsider testing. The independent security assessment they did included penetration testing, source code review, and a cryptographic review.
Summarizing the results of their testing, Mihaly Zala, Cybersecurity, Technology Risk and Technology Consulting Leader at EY stated that:
We paid specific attention to Tresorit’s claim regarding end-to-end encryption and to identify potential security deficiencies during the security review. Our assessment concluded that Tresorit ensures high confidentiality by encrypting data on the client-side and in a way that Tresorit servers and employees never receive cleartext data or the encryption keys
While the Security Evaluation Summary document published by EY states that, “Our work will not be performed in accordance with generally accepted auditing, review, or other assurance standards in [the relevant jurisdiction] and accordingly does not express any form of assurance,” it does appear that Tresorit is a secure place to store your data. To learn more about the testing done by EY, go here.
The intensive testing done by Ernst & Young shows that Tresorit is sound technically. Beyond this, the product has achieved several important certifications including:
- ISO 27001
For more information, visit the Tresorit Security page.
Tresorit covers all the important bases when it comes to apps. They have clients for the three key operating systems:
- Mac OS
Also mobile apps for Android, which look like this:
The iOS app is similar.
And here is the Tresorit web client, which works with any modern browser.
As you can see, the interface is clean and pretty consistent across devices and services.
Tresorit hands-on testing for the review
For this review I installed the desktop Tresorit client on a system running Microsoft Windows.
The Tresorit installation is straightforward. Download the desktop client you want from the Tresorit site, then launch it to start the installation process. You’ll need to enter an email address, username, and password, then respond to a verification email.
Once you do all that, Tresorit will start, and give you a quick walkthrough of the key things you will need to know. The first thing you will learn is that all your files are organized into encrypted Tresors. As the Tresorit Support pages explain,
Tresors are secure, encrypted parent folders to your files. Any local folder on your computer can be turned into a tresor which means the contents of that folder will be encrypted and protected in the cloud. You don’t need to change your existing folder structure – any file and folder can be synced directly, without moving them to a central location.
More importantly, files and folders can be mixed and matched to Tresors arbitrarily. That is, you can include files and folders in multiple Tresors any way that makes sense for you.
As the creator of a Tresor, you can share and manage it, even create links to it for easy access. This quick walkthrough is very useful, so don’t skip it!
Tresorit creates your first Tresor for you and displays it in the desktop app’s Tresors page. It will look something like this:
Once you have Tresorit installed and your default Tresor appears, you’ll want to take a look at the default settings.
While Tresorit will of course work fine with its default settings, there are a few things you may want to check. To do so, click Settings in the menu on the left side of the Tresorit window.
Depending on your threat model, and general attitude about privacy, you may want to disable the Send logs from this device and Send anonymous usage statistics from this device options.
Again, based on your threat model, you may want to disable Custom folder icons in Windows Explorer and, under Enable Tresorit Drive‘s Advanced settings, Disable image thumbnails on network folders.
Hit the Show tutorial button here if you need a refresher on Tresorit.
Tresors are very flexible, but that means there is a little more to using them than simply dumping files or folders into them. They can take two forms. They can be unsynchronized, or they can be synchronized with a folder on your device.
An unsynchronized Tresor acts like an encrypted folder that happens to exist in the cloud rather than on your device. You can copy files or folders into it, and you can share it with others, which we will talk about shortly.
A synchronized Tresor is associated with a file or folder on your device. Changes to this Tresor will be synchronized with the associated file or folder as you would expect.
Where it could get a little confusing is when you are dealing with subfolders within Tresors. While many products will automatically sync subfolders within a folder, Tresorit makes this optional. You must manually enable synchronization of each subfolder in a Tresor if you want them synchronized. Taking this approach might make for more work when setting up a Tresor, but it does have advantages.
For example, you could create a Tresor for a project where some of the files and folders for that project are shared with everyone who has access to the Tresor. You could also have unsynchronized subfolders within the Tresor that only you could see. This way, you could have all the files related to the project safely stored in one Tresor, with files you don’t want to share with the rest of the team stored in an unsynchronized subfolder.
Sharing a Tresor
Once you’ve created a Tresor that contains the files and folders you want to share, you have two options. You can either send an email to people inviting them to become members of the Tresor or you can send a link. While members have to have a Tresorit account, anyone with the link can view the contents of the Tresor. As you can see below, when you generate a link, you have various controls you can place on it, including an expiration date and optional password:
Additional Tresorit features
Now that we’ve looked at the basics, let’s look at some interesting additional features of Tresorit.
Data Residency Options
As I mentioned earlier, Tresorit offers business and enterprise customers the ability to specify where their data will be stored. Given that various regulations may require data to be stored in specific regions, the ability to specify data residency options can be crucial. For example, a company governed by the GDPR may be required to store their data within the European Union, while one governed by the CCPA may have to store data in California. Multinationals may need to store certain data in one region while other data must be in a different one.
As of January, 2020 Tresorit offered data storage in the following regions:
- USA – East
- USA – West
For more information on data residency, visit this page.
Tresorit Drive is a tool that connects to the file manager on your device. It allows users of any Tresorit plan to work on files that are stored in the cloud, without downloading or syncing them. Working this way is slower than working with files downloaded to your device. However, using Tresorit Drive gives you access when security policies, government regulations, or limited storage on mobile devices makes working with files on your device is not possible.
Admin Center Dashboard
The Admin Center Dashboard allows business and enterprise customers to monitor and control your organization’s Tresorit account and its users. Among other capabilities, you can set user policies, monitor the activities of users, and generate reports on it all.
Active Directory integration
Synchronize users, Tresors, and Tresor memberships using Active Directory in business and enterprise installations.
Tresorit provides email, chat, and telephone support. Based on online commentary, most users find Tresorit support to be good to excellent.
For this Tresorit review, I emailed support and found response time to be acceptable (less than 24 hours), with detailed responses to my questions. This support is provided Sunday through Friday, with priority email support available to business and enterprise customers.
They also provide live chat support six days a week (Sunday-Friday).
Business users have access to scheduled phone support, while enterprise customers have full phone support, Monday through Friday, 9AM to 6PM CET.
How secure and private is Tresorit?
Tresorit is a strong, professional service. So let’s talk specifically about how secure and private it is.
Tresorit’s security is about as tight as you can get. AES-256 end-to-end (zero-knowledge) encryption means that it is secure against anyone reading your encrypted data if you don’t want them to. And the recent testing by Ernst & Young backs this up. That said, with business and enterprise plans, a company-designated Recovery Administrator may be able to decrypt and read your stored data.
When thinking about privacy on cloud storage services it is helpful to look at two different aspects: the data you store there, and the personal data you provide or that they can gather in the normal course of doing business.
Data you store
Since the data you store in Tresors is encrypted on your device, is encrypted in transit between your device and Tresorit servers, and remains encrypted while on their servers, that data is private. However, to make the Tresor system work, the company collects some data about your Tresors, including the name of the Tresor, its size, and the names of the members. Only you, people you share Tresor access with, and any Recovery Administrators can read it.
Note: In terms of privacy, we generally recommending using a good VPN service to conceal your IP address and location from third parties.
Tresorit breaks up their plans into two broad categories: For individuals, and For teams. Note that all Tresorit plans are zero-knowledge, end-to-end encrypted, meaning that not even Tresorit can read what you store in your Tresors.
Tresorit Individual plans
There are three individual plans: Basic, Premium, and Solo.
This is Tresorit’s entry-level plan. It is somewhat limited, in that you can only install it on two devices. But beyond that, it is pretty impressive, giving you 3 GB of storage, file sharing (50 links per month, 250 MB per link), synchronization between device, and offline access to your data.
Premium: $10.42/month, billed annually; $12.50 per month, billed monthly
If you like what Tresorit offers, but the Basic plan is too limited for you, the Premium plan gives you a step up in features and capabilities. It gives you everything that is in the Basic plan, syncs up to 5 devices and gives you 200 GB of file storage. With this plan you also get a 90-day rolling activity log that lets you track changes and restore previous versions of files.
Solo: $24/month, billed annually; $30/month, billed monthly
The Solo plan is designed to provide secure collaboration for professionals. It gives you everything that is in the Premium plan, plus:
- Sync up to 10 devices
- 2,000 GB of file storage
- Unlimited tracking and restoration of previous versions
- The ability to monitor the activities of everyone collaborating on a project
- Tiered access control with different access levels/rights
- Email verification for shared files
- Documented GDPR compliance
Tresorit Team plans
Tresorit also offers three team plans: Small Business, Business, and Enterprise.
Small Business: $20/user/month, billed annually; $25/user/month, billed monthly
Designed for teams of 2-9 people, this plan lets you set custom team rights and policies. It includes 1,000 GB (1 TB) of data storage and secure file sharing. You also get the ability to restore files that were deleted or being held in a ransomware attack.
Business: $12/user/month, billed annually; $15/user/month, billed monthly
This plan is for teams of 10 or more. It gives you everything in the Small Business plan, along with a number of additional features. Interestingly, this plan used to be priced at $24/user/month. The price cut currently in effect (January 2020) makes it significantly less expensive on a per user basis than the Small Business plan.
Enterprise: $24/user/month, billed annually; $30/user/month, billed monthly
The Enterprise plan is designed for 100+ users. It gives you everything in the Business plan, plus various customization options, a dedicated account manager, even API access.
Tresorit review conclusion
Tresorit looks to be a great service for business and enterprise users. It seems designed for a business environment where the goal is to protect the organization from outsiders while complying with relevant regulations and maintaining organizational control over the use of the service.
Is Tresorit right for you?
If you represent a business or other large organization that needs a flexible system for sharing data and protecting it from outsiders, Tresorit could be a great solution. There are plans that allow you to manage and analyze the use of the service by your employees. Third party penetration testing, along with source code and cryptographic reviews lend confidence in the service. And a slew of certifications and numerous data residency options makes it ideal for multinationals and other organizations that can justify the price.
If you are looking for a personal cloud storage service, Tresorit is probably not a good match. The free plan is too limited, and the paid plans are relatively expensive. You probably don’t need the sharing capabilities or compliance with international standards. A less expensive, less complicated service that gathers less personal data would probably be a better choice.