Making security simple
How Tresorit ensures data security and compliance
How Tresorit always keeps you in control
![Encryption]()
Encryption
End-to-end encryption
Using end-to-end encryption, Tresorit encrypts every file and relevant file metadata on your devices with unique randomly generated encryption keys. These keys are never sent to our servers in an unencrypted format. Accessing files is only possible with a user’s unique decryption key.
Zero-knowledge authentication
Tresorit uses an authentication scheme in which your password never leaves your device, keeping you in control of your most confidential security information.
Cryptographic key sharing
Tresorit is based on industry-standard public key cryptography that has been thoroughly analyzed by experts and declared secure. Public key cryptography guarantees that even Tresorit cannot access the shared keys. This key sharing is based on, among others, RSA-4096 with OAEP padding scheme (see RFC2437) and PKI certificates, combining it with a tree of symmetric keys.
Client-side integrity protection
Tresorit guarantees that a file’s content cannot be modified without your knowledge, even if somebody hacks our system. Tresorit clients apply cryptographic authentication (in the form of HMAC or AEAD) to all encrypted data. The key is only known to the user’s client and those they share the file with, but not the server.
![Privacy]()
Privacy
Swiss privacy laws
Tresorit handles data under Swiss privacy laws that provide more substantial protection than similar laws in the US or even the EU.
Non-convergent cryptography
Only a few providers offer end-to-end encryption, but some of these sacrifice confidentiality by using so-called convergent cryptography. The non-convergent cryptography used by Tresorit makes it impossible to determine when your content matches others’ content in the cloud, which could leak valuable data about you to outside observers.
![Compliance]()
Compliance
ISO 27001
Tresorit has certification for compliance with ISO 27001:2022. Tresorit was audited and certified by TÜV Rheinland, an independent third-party auditor. Our compliance with this internationally recognized standard and code of practice is evidence of our commitment to information security at every level of our organization.
GDPR and DPA
The GDPR highlights encryption as one of the technologies to ensure data protection and compliance. With Tresorit’s end-to-end encryption technology, your encryption keys that unlock your data are stored on the client-side, on your device. Unlike in-transit or at-rest encryption, only you and those you share with have access to the information.
HIPAA
With its zero-knowledge, end-to-end encrypted technology, Tresorit offers a HIPAA compliant cloud storage solution. Tresorit signs HIPAA Business Associate Agreements (BAA) with customers seeking HIPAA compliance to safeguard Protected Health Information (PHI).
CCPA
The California Consumer Privacy Act is the newest regulation in a world-wide push for increased data security. The CCPA is the first such law in the US and came into force on January 1, 2020. Any entity that handles the data of residents of California must abide by its guidelines. As a champion of privacy, Tresorit has supported the CCPA since its inception and can help companies remain compliant.
![Control]()
Control
Define security policies
The owner and admins of a Tresorit Business Account can apply policy templates to a set of users and create different policies for each template. Also, the admins can modify these policies at any moment. Policy templates include 2-Step Verification, IP filtering, Timeout policies, Allowed Devices, and Sharing policies.
Monitor devices and user statistics
Admins can monitor and decide which devices are allowed to be used to access files within your company, and where users are allowed to log into their company account from to safeguard business-critical documents.
Revoke access from users and devices
Tresorit Advanced Control enables Tresorit Business admins to enhance their organization’s security by resetting their users’ lost passwords and revoking access from lost or stolen devices.
![Productivity]()
Productivity
Making Remote Work Safe
Tresorit includes several functionalities to safeguard your data when teams work from home or anywhere else. Access to files and tresors can be controlled at a granular level, ensuring only those files are only accessible to those that need them. Previous versions and deleted files can be restored quickly, ensuring no information is lost. Detailed reporting allows admins to see who had accessed files and when.
Secure external collaboration
Secure external collaboration with partners, especially in privacy-critical industries, such as law or healthcare, is vital. Tresorit ensures all data remains encrypted even when shared with partners. Support productive collaboration with shared data rooms. File downloads can be limited and access revoked at any time. Tresorit also helps ensure that all external communication remain compliant with data privacy regulations.
Single Sign-On
With a massive increase in the number of cloud services used by organizations, there is an increased security risk associated with the reuse of passwords and the differing security of the solutions used. SSO integration with Azure AD and Okta allows one-step sign-in to Tresorit for your employees and streamlined administration for your admins.
Integrations
Tresorit includes a range of integrations to support your productivity. Replace risky email attachments and generate end-to-end encrypted secure links directly in Outlook with the Tresorit plugin. Or connect your directory service to our Active Directory integration to synchronize users and Tresor memberships.
