Priviy

The Priviy team

A privacy-focused technical editorial team. We test cloud storage before recommending. No copy-pasted product sheets, no hidden sponsored mentions.

EG

Eric Gérard

Main editor, Priviy

Independent editor for 12 years. Former network admin in an industrial SME. I built a cloud storage test bench with continuous upload/download measurements, encryption verification and jurisdiction audit on the main players (pCloud, Proton Drive, Tresorit, Sync.com). On Priviy, every price/performance ratio comes from a reproducible measurement, not from an editor sheet.

My journey started in 2010 as a network admin in a French industrial SME (three sites, two Cisco ASA firewalls, 80 SMB shares and an off-site backed-up Synology NAS). That's where I saw the gap between cloud providers' marketing promise ("end-to-end encrypted") and the technical reality (TLS in transit + AES at rest with server-held keys = NOT zero-knowledge). I earned the Cisco CCNA certification in 2014 then moved to independent tech publishing. On Priviy I work self-taught on cloud applied cryptography: reading NIST specifications (FIPS 140-3, SP 800-38D for AES-GCM, SP 800-56A for ECDH), auditing Proton whitepapers (Proton Security Model, Proton Drive Security Architecture), Tresorit (cryptographic architecture whitepaper), pCloud (Crypto Whitepaper). I dissect the European rulings that change the game: Schrems II (July 2020), pending Schrems III, EU-US Data Privacy Framework (July 2023), Trans-Atlantic Data Privacy Framework and its risk of being struck down by the CJEU. Usage side: pCloud Lifetime 2TB account active since September 2024 (18 months of continuous measurements), Proton Drive Plus 200GB in parallel since November 2024, and a 1-month Tresorit Business test on a work machine. I publish under my full name and personally answer technical questions.

12+ years in tech publishing and affiliate marketing

A question on a provider's encryption or a cloud threat model? Email me directly at contact@priviy.com — I'll reply personally.

Areas of coverage

  • Cloud storage privacy: pCloud, Proton Drive, Tresorit, Sync.com, Nextcloud
  • Client-side encryption (zero-knowledge): Crypto add-on, Cryptomator, Boxcryptor
  • Legal audit: commercial registers, US CLOUD Act, jurisdiction switching
  • Network benchmarks: iperf3-equivalent, Wireshark capture, Updown.io monitoring
  • Self-host alternatives: Nextcloud on Contabo/Hetzner VPS

Our extended team

Beyond Eric, our technical articles go through a review loop by external consultants anonymised at their request. They are not co-authors: they are reviewers paid per deliverable to verify cryptographic and legal claims before publication.

  • Legal reviewer — Privacy & data protection EEA

    11 years of digital law experience (tech-specialised law firm, two years in-house at a European SaaS scale-up), GDPR expertise, Schrems II/III, international data transfers to the United States, analysis of Standard Contractual Clauses (SCC 2021/914) and Transfer Impact Assessments (TIA). Verifies our jurisdictional claims (place of establishment vs server location vs parent company location) before publication. Average review time: 5 business days.

  • Cryptography reviewer — End-to-end & post-quantum

    12 years in applied cryptography (former security engineer at a European encrypted messaging platform), expertise in client-side E2E schemes (OpenPGP, MLS, Signal Protocol adapted to cloud), key derivation audits (PBKDF2, Argon2id, HKDF), libsodium / OpenPGP.js / NaCl implementation review in open-source clients. Verifies our technical analyses on Proton Drive, Tresorit and Cryptomator cryptographic architectures before publication. Average review time: 7 business days.

Editorial standards

Every article published on Priviy follows the process below, with no exception or shortcut.

  • Legal + cryptographic peer review before publication

    Any article containing jurisdictional claims (place of establishment, CLOUD Act applicability, SCC transfers) is reviewed by our legal reviewer. Any article containing measurable cryptographic claims (encryption scheme, KDF parameters, threat model) is reviewed by our cryptography reviewer. Unverifiable claims are removed.

  • Mandatory primary sources

    Every figure or technical parameter cited must link to the provider's official documentation (whitepaper, security architecture doc, public source code) or a published independent audit (Securitum for Proton, Ernst & Young for Tresorit, CRYPSIS / Palo Alto Unit 42 for pCloud). Marketing statements are never reproduced without documentary verification.

  • First-hand testing minimum 14 days on a real account

    No provider review is published without 14 days of paid-account usage: account creation, desktop + mobile setup, reproducible test set upload (50 GB mixed), upload/download measurement three times per day, encrypted sharing test, account recovery test, migration test. All raw measurements are archived locally.

  • Maximum 90-day revision cycle

    No article stays published more than 90 days without revision of its technical and legal content. The frontmatter date (datePublished / dateModified) reflects the last real verification, not a cosmetic CI build.

  • Conflicts of interest disclosed on every page

    Pages containing affiliate links carry a top disclaimer: permanent banner + rel="sponsored nofollow" HTML attribute on every commercial link. The potential commission never changes the score: pCloud (medium commission) is rated 4.6/5 on the Lifetime review while Proton Drive (lower commission) remains recommended as zero-knowledge by default. No exception.

See our testing process in detail

Read the full methodology