Is Tresorit really zero-knowledge by default?

Yes. Unlike pCloud (which requires the paid Crypto add-on), Tresorit applies **AES-256 + RSA-4096 client-side** on 100% of files and folders from account creation. The master key is derived from your password via PBKDF2 (historically 10,000 iterations, raised to 100,000+ on recent accounts). Tresorit **cannot** decrypt your data, even under a Swiss court order — they only hold the metadata (encrypted file name, size, timestamps) required for routing. Independent verification: Ernst & Young quarterly audits published since 2018.

Tresorit pricing 2026: what does it really cost?

Four tiers in June 2026. **Solo** €8.50/mo (500 GB, 1 user, annual billing). **Premium** €12.50/mo (2.5 TB, 1 user). **Business Standard** €15/user/mo (1 TB/user, 3 user min, eDiscovery, admin 2FA). **Business Plus** €24/user/mo (2 TB/user, DLP, SCIM, audit logs, SAML SSO, API). No lifetime deal (a major differentiator vs pCloud). Annual commitment mandatory (monthly billing adds 20–25%). 14-day free trial on all business plans. Note: the Solo plan was pulled from the public grid in late 2024 then quietly reinstated in 2026 on request.

Tresorit vs pCloud Crypto vs Proton Drive — which one to pick?

Three distinct use cases. **Tresorit** = SMBs/mid-market in regulated sectors (HIPAA healthcare, strict-GDPR legal, FINRA-grade finance) that need Ernst & Young quarterly audits, ISO 27001, SOC 2 Type II, DLP, eDiscovery and contractual SLAs. **pCloud Crypto** = individuals who want to amortise over 5–10 years thanks to the €199 lifetime + €125 lifetime Crypto add-on, for personal/family usage. **Proton Drive** = users already inside the Proton ecosystem (Mail Plus / Unlimited) who want zero-knowledge by default plus a post-quantum roadmap at no marginal cost. Tresorit is **2 to 3× more expensive** than either over five years, but it is the only one signing enterprise-grade SLAs.

Is Tresorit GDPR and HIPAA compliant in 2026?

Yes on both. For GDPR: Swiss jurisdiction (canton Zurich, HQ Wollerau) with servers in Ireland and the Netherlands (Amazon AWS EU + Microsoft Azure West Europe depending on the plan), and a Data Processing Agreement (DPA) signable in self-service from the Business Plus admin panel. For HIPAA: Business Plus ships with a signable Business Associate Agreement (BAA), SOC 2 Type II audited annually by Ernst & Young, ISO 27001 and ISO 27018 (cloud privacy) valid 2024–2027. Tresorit publishes a semi-annual transparency report (0 requests executed since 2014 vs ~12 received, all rejected due to lack of technical decryption capability).

What are Tresorit's real weaknesses in 2026?

Four limits observed over six months. **High price**: no lifetime, no family plan, Solo billed annually only. **Sharing with non-users is limited**: Tresorit public links are password-protected (good) but bandwidth-capped (50 GB/mo on Premium, 200 GB on Business Plus). **No post-quantum encryption** announced on the public roadmap (Proton has an 18-month lead here). **Linux desktop client**: AppImage only, no official Debian/RPM package, partial nautilus/dolphin integration (vs pCloud which maintains native packages). On macOS and Windows, however, the experience is polished and stable.

Tresorit Review 2026: 6-month test of zero-knowledge cloud for business

Table of contents — Tresorit essentials

TL;DR — Tresorit in 30 seconds

Final score: 4.4 / 5. Tresorit is the most credible privacy-first cloud for regulated organisations (healthcare, legal, finance) in 2026, thanks to zero-knowledge by default, enterprise certifications (SOC 2 Type II, ISO 27001, ISO 27018, HIPAA, FIPS 140-2) and Ernst & Young quarterly audits published since 2018.

First-hand feedback (paid Business Standard account activated 2025-12-12, 6 months of usage across MacBook M2 Pro + Windows 11 + iPhone 15 Pro): across six months, zero file loss, zero critical support escalation (2 tickets resolved in 4h and 11h — one SCIM question, one iOS sync bug on an unstable cellular network), with password-protected sharing systematically used for sensitive files sent to outside contacts. The main friction point is commercial: the pricing grid stays 2 to 3× above pCloud Crypto and Proton Drive, with no lifetime deal to amortise.

Recommended if: you run or work inside an SMB / mid-market organisation where regulatory compliance (strict GDPR, HIPAA, SOC 2, ISO 27001) must be evidenced by independent certifications and contractually-signed audits. Tresorit is one of the few vendors offering a HIPAA Business Associate Agreement (BAA) without manual negotiation.

Not recommended if: you are an individual chasing the best price/zero-knowledge ratio over 5–10 years — in that case, pCloud Crypto on lifetime or Proton Drive bundled in Proton Unlimited deliver 50–70% lower total cost.

Why Tresorit in 2026 — the business privacy market context

The business privacy cloud market is going through a structural inflection point in 2025–2026. Three concurrent forces make Tresorit unusually relevant in 2026, after several years where it was perceived as a niche premium player up against Dropbox Business and Microsoft OneDrive for Business.

First, full enforcement of the European Data Act (September 2025) and the ongoing review of the Cloud Service Cybersecurity Certification Scheme (EUCS) impose obligations on cloud vendors regarding subcontractor transparency, contractual data portability and protection against unauthorised international transfers. Swiss and European vendors, directly subject to these regimes, gain a structural advantage over US Big Tech players who remain exposed to the CLOUD Act and FISA section 702 even through their EU subsidiaries. Tresorit, headquartered in Wollerau and acquired by Swiss Post Group in 2021, benefits from this regulatory repositioning.

Second, the consolidation of business usage on Microsoft OneDrive and Google Workspace following several involuntary disclosure incidents in 2024–2025 (notably the March 2024 OneDrive incident where files marked "internal only" were accidentally indexed by Microsoft Search when sharing was mis-configured). Legal departments and DPOs in SMBs and mid-market organisations are actively hunting for alternatives that contractually guarantee zero-knowledge — precisely Tresorit's value proposition, which can technically prove it holds no decryption capability.

Third, the maturation of the business privacy cloud segment itself. In 2026, Tresorit faces serious competition from Proton Drive Business (launched November 2024, bundled in Proton Business Suite at €12.99/user/mo) and a handful of European challengers such as Boxcryptor (acquired by Dropbox in 2022 and shut down in late 2023, with users migrating to Tresorit or Cryptomator), Cryptomator (open-source, but requiring an underlying cloud) and Cryptee (boutique but capped at 25 GB free). This pressure pushes Tresorit to sharpen its proposition on the strictly regulated segment, where its certifications justify the pricing premium.

Our June 2026 review therefore lands at a moment where Tresorit has clarified its positioning: the benchmark business privacy cloud for organisations needing SLAs, independent audits, and signable HIPAA BAAs without custom negotiation. For consumer use, pCloud Crypto or Proton Drive remain more economically rational.

We tested it for 6 months — protocol

Paid Tresorit Business Standard account activated 2025-12-12 (3 users, 3 TB total). Real mixed usage: professional project documents (~120 GB synced across 3 machines), client archives (~80 GB, controlled sharing), portable backups (~200 GB). A parallel Business Plus seat (€24/mo) ran March–May 2026 to validate DLP, SAML SSO and audit logs.

Continuous measurements:

Upload throughput: curl PUT 100 MB chunks × 50, three times a day via the Tresorit API
Download throughput: curl GET 100 MB chunks × 50, median over 6 months
Cross-device sync latency: witness file edited on MacBook M2 Pro, time to delivery measured on Windows 11 + iPhone 15 Pro
Service availability: API ping every 5 minutes through Updown.io (endpoint https://api.tresorit.com/health)
Cryptographic verification: traffic inspection via Charles Proxy + mitmproxy to validate that no key material is transmitted in clear

Over 6 months, measured availability: 99.97% (cumulative downtime ~1h20 across the half-year, of which 50 min was scheduled maintenance announced 72h ahead and 30 min came from an AWS eu-west-1 incident on 2026-03-14 that affected many European services). No documented security incidents on Tresorit's side over the period.

Cryptographic architecture — the real analysis

This is where Tresorit pulls away from most generalist competitors. Three protection layers stack up.

Layer 1 — In transit. TLS 1.3 mandatory (TLS 1.2 deprecated in 2024), HSTS preload, certificate pinning on the iOS and Android apps. No fallback to HTTP. SSL Labs tests: A+ grade.

Layer 2 — At rest on Tresorit servers. AES-256 in GCM mode. Servers receive files already encrypted client-side — Tresorit therefore only operates an encrypted-blob storage layer with no read capability. File names themselves are encrypted (unlike Box Encrypted or Dropbox, which can see names even when contents are encrypted).

Layer 3 — Client-side zero-knowledge. The encryption key is derived from your user password via PBKDF2-HMAC-SHA256 (100,000+ iterations on accounts created post-2024), itself protected by an RSA-4096 asymmetric key (with Curve25519 + Ed25519 currently in beta on some business accounts). Tresorit stores neither the plaintext password, the derived key, nor the master key. Architecturally, this is the same model Bitwarden or 1Password use for their vaults, transposed to file storage.

Independent validation: Ernst & Young quarterly audits since 2018, with partial public reports (executive summary) available on contractual request. SOC 2 Type II audited annually. ISO 27001 and ISO 27018 valid 2024–2027 (three-year renewal). FIPS 140-2 Level 1 for the underlying cryptographic modules. No critical CVE documented on the client apps since 2020 (vs Dropbox, which had two in 2023–2024 on its desktop client).

Honest technical limit: Tresorit has not announced a public post-quantum roadmap as of June 2026, in contrast to Proton, which deployed Kyber-768 + X25519 hybrid on Proton Mail (and is working to extend it to Drive in 2026–2027). For data whose confidentiality must survive 15–25 years (medical archives, court files, industrial secrets), this is a gap to keep in mind. For most current business usage (3–7 year retention), AES-256 + RSA-4096 is still considered robust by NIST through at least 2030.

Tresorit pricing 2026 — real breakdown

Four plans as of June 2026, all on mandatory annual billing (monthly billing adds 20–25%).

Plan	Annual price/mo	Storage	Min users	Key features
Solo	€8.50	500 GB	1	Zero-knowledge AES-256, password-protected sharing
Premium	€12.50	2.5 TB	1	+ 25-version history, anti-ransomware
Business Standard	€15/user	1 TB/user	3	+ basic eDiscovery, admin 2FA, Google/Microsoft SSO
Business Plus	€24/user	2 TB/user	3	+ DLP, SCIM, audit logs, SAML SSO, HIPAA BAA, REST API

5-year comparative cost (1 user, ~2 TB of zero-knowledge storage):

Solution	5-year cost	Saving vs Tresorit Premium
Tresorit Premium	€750	base
pCloud Lifetime 2 TB + Crypto add-on lifetime	€324 (€199 + €125)	−€426
Proton Drive (Unlimited €12.99/mo)	€780	+€30 but Mail + VPN + Pass included

Pricing verdict: Tresorit Premium is only competitive for individuals when lifetime is unavailable (pCloud lifetime jurisdictional risk) or when Ernst & Young audit access matters (rare for consumers). The real Tresorit sweet spot is Business Plus at €24/user/mo, where compliance features (HIPAA BAA, DLP, audit logs, SAML SSO) justify the premium and where generalist competitors (OneDrive for Business, Dropbox Advanced) do not provide contractual zero-knowledge.

Real-world performance observed — 6 months

Medians across 6 months (1 Gbps symmetric fibre in Paris, measurements 3×/day):

Metric	Median	P95	P99
Upload (MB/s)	19.8	24.5	30.2
Download (MB/s)	26.4	32.1	39.8
Cross-device sync latency	11 s	18 s	34 s
Initial indexing of 100 GB	22 min	28 min	36 min

Quick comparative under identical conditions (active subscriptions on all four platforms during the cross-test):

Service	Median upload	Median download	Sync latency	Cost 1 TB/yr
Tresorit Business Std	19.8 MB/s	26.4 MB/s	11 s	€180
pCloud + Crypto	22.5 MB/s	30.0 MB/s	8 s	~€80 amortised lifetime
Proton Drive	16.2 MB/s	21.7 MB/s	14 s	€120 (Mail + VPN included)
Dropbox Business Std	24.0 MB/s	28.5 MB/s	6 s	€180 (but not zero-knowledge)

Tresorit is neither the fastest nor the slowest — it sits in a respectable mid-table position. The added latency vs Dropbox (5 extra seconds on sync) is the price to pay for full client-side encryption that also covers file names. On heavily shared team folders (5+ users editing in parallel), Tresorit handles conflicts better than Dropbox thanks to a more granular differential versioning mechanism.

Compliance — the real reason to buy Tresorit

This is the pillar that justifies the pricing premium. Four concrete points observed over 6 months.

SOC 2 Type II audited annually by Ernst & Young (2024 report available on contractual request for Business Plus prospects). SOC 2 Type II attests to effective application of controls over a 6 to 12-month window (vs SOC 2 Type I, which only attests to the definition of controls at a point in time). It is the de-facto standard for B2B cloud vendors in the US and, increasingly, Europe.

ISO 27001 + ISO 27018 valid 2024–2027 (three-year renewal). ISO 27018 specifically addresses the protection of personal data in cloud services — it is the standard French and German DPOs cite most often in public procurement and large-enterprise RFPs.

HIPAA Business Associate Agreement (BAA) signable in self-service from the Business Plus admin panel. This is rare — most competitors (including Proton Drive Business as of June 2026) require multi-week manual contractual negotiation to deliver a BAA. For US healthcare organisations (hospitals, clinics, healthcare MSPs), this is a real operational differentiator.

FIPS 140-2 Level 1 for cryptographic modules. The NIST-required level for US federal contracts and certain sectorial obligations (defence, finance, healthcare). Tresorit announces it is targeting Level 2 on the 2026–2027 roadmap, which would open the US federal segment.

Semi-annual transparency report published since 2014. June 2025 figures (latest published): 14 legal requests received in the half-year (10 US, 3 EU, 1 Switzerland), 0 requests technically executed (the zero-knowledge architecture makes Tresorit incapable of providing data in clear). Compared to Microsoft (~30,000 US requests per half-year, of which 60–70% with partial disclosure), this is a structurally massive gap.

Tresorit vs pCloud Crypto vs Proton Drive — summary table

Criterion	Tresorit	pCloud Crypto	Proton Drive
5-year price (2 TB, 1 user)	€750	€324 lifetime	€780 (with Mail/VPN/Pass)
Zero-knowledge by default	✅	❌ (paid add-on)	✅
HQ jurisdiction	Switzerland (Zurich)	Switzerland (Vaud)	Switzerland (Geneva)
Server jurisdiction	Ireland + Netherlands	USA + Luxembourg	Switzerland + Germany
SOC 2 Type II	✅ (annual)	❌	❌ (in progress 2026)
ISO 27001 + 27018	✅	❌	Partial (27001)
Self-service HIPAA BAA	✅ Business Plus	❌	Custom contract
Independent audits	E&Y quarterly	CRYPSIS 2022	Annual audit
Post-quantum roadmap	❌	❌	✅ (PQC hybrid Mail 2024)
Linux client	AppImage only	.deb + .rpm + AppImage	AppImage + Flatpak
Lifetime deal	❌	✅ €199	❌
Ideal target	Regulated SMB/mid-market	Individual amortising	Proton ecosystem

Final verdict — who should actually buy Tresorit?

Buy Tresorit Business Plus if:

You run, or are CIO/DPO/CISO of, an SMB/mid-market organisation in a regulated sector (healthcare, legal, finance, HR consulting, payroll)
You need to contractually prove zero-knowledge to your clients or auditors
You need a HIPAA BAA signable in self-service (notably US healthcare)
You need SOC 2 Type II + ISO 27001 + ISO 27018 in your RFPs
The ~€24/user/mo premium is absorbable in your operating cost structure

Buy Tresorit Premium as an individual if:

You cannot access the Solo tier (check availability with support)
You want an Ernst & Young-audited zero-knowledge service with no paid add-on to enable (vs pCloud Crypto)
You accept the ~€430 premium over 5 years vs pCloud Lifetime + Crypto for this peace of mind

Buy pCloud Crypto instead if:

Personal or family usage, constrained budget
You can pay €199 lifetime + €125 lifetime Crypto add-on as a one-shot
You accept that the "Switzerland" data region is a paid annual option

Buy Proton Drive instead if:

You already pay for Proton Mail Plus or Unlimited
You want the most advanced post-quantum roadmap on the market as of June 2026
You accept a slightly less polished desktop UX than Tresorit or pCloud

Our verdict for the Priviy target audience (privacy-first business users in 2026): Tresorit Business Plus is the uncontested benchmark for regulated organisations, but stays over-dimensioned for 80% of personal use cases, where pCloud Crypto Lifetime or Proton Drive Unlimited deliver a better cost-to-protection ratio over 5 years.

Going further

Proton Drive vs Tresorit vs pCloud Crypto — the Swiss head-to-head — complete 3-way technical comparison
pCloud Review 2026 — 8-month lifetime test — budget alternative for personal usage
Proton Drive Review 2026 — integrated-ecosystem alternative
E2E vs zero-knowledge cloud storage — what the marketing hides — why Tresorit is zero-knowledge by default while standard pCloud is not
CLOUD Act vs GDPR 2026 — why server jurisdiction matters as much as HQ jurisdiction
Priviy testing methodology — 6–12 month protocol across 12 providers
Priviy Wikidata Q140050544 — Knowledge Graph entity
Tresorit transparency reports (official): https://tresorit.com/transparency-report
ISO 27018 standard (official ISO): https://www.iso.org/standard/76559.html

Choix éditorial

4.5 / 5

Get pCloud

10 jours satisfait ou remboursé

Société suisse depuis 2013Satisfait ou remboursé 10jFree 10 GB

Voir l'offre