Privacy by architecture

Zero-access by design

Zero-access means Tresor is built so your content is not accessible to Tresor staff or our cloud providers. Your data is readable only where it must be: in your browser and inside secure, attested enclaves that run the AI.

Only you hold the encryption keys
Enforced by architecture, not policy
Verifiable via attestation receipts

Join the beta Explore the product

In plain English

Only you and the people you authorize can access your content.

Tresor cannot "peek" into chats or documents.

Cloud providers cannot "peek" either.

This is enforced by architecture, not by "trust us" policy.

How it works

Your organization holds the keys

Tresor uses organization and project encryption keys that are created for your workspace and projects. Keys are controlled by your organization, and Tresor is not able to use them to read your content.

When you add a teammate, the required keys are wrapped for that teammate so they can access the same content. When you remove someone, access can be revoked.

Sensitive metadata is encrypted in your browser

Things like project titles, file names, and descriptions can be encrypted client-side (in the browser) before they ever reach the database.

The server stores encrypted data, not readable labels.

Content is processed only inside secure enclaves

To generate answers, the AI needs to work on readable text somewhere. Tresor uses confidential computing enclaves (hardware-protected environments) so plaintext is only handled inside a locked runtime.

This runtime is isolated from operators and the cloud host.

Enclave access is gated and short-lived

Enclaves can receive the minimum keys they need only when they prove they are running approved code (via attestation) and only for a limited time.

Outside enclaves, stored artifacts remain encrypted.

Frequently Asked Questions

Quick answers about Tresor and our Zero-Access approach.

Only you and the teammates you authorize. Tresor staff cannot access your content, and our cloud providers cannot access it either.
Tresor is designed so that your organization controls the keys needed to access content. In practice, keys are issued and shared with your authorized users (for example by wrapping keys per user), rather than being available to Tresor operators.
Not in the "messaging app" sense. In classic end-to-end encryption, the server never sees plaintext. In Tresor, plaintext is processed inside secure enclaves so the AI can work. The important part is that plaintext is not available to Tresor staff or the cloud provider, and data is encrypted outside enclaves.
Your workspace is designed to run with EU data residency, and sensitive processing happens in EU-hosted confidential computing environments.
Tresor is built for teams. Access is controlled by your organization: invite someone and they can be granted access to specific projects; remove someone and access can be revoked. You can apply role-based controls (for example who can create projects, invite members, export content).
To operate a service, some minimal data may exist outside the encrypted content layer, such as: account and billing data, seat count and plan, basic system events needed for reliability and abuse prevention. Tresor's goal is to keep user content and sensitive labels outside operator reach.
Zero-access is meant to remove that dependency. Support should not require content access. If you choose to share something (for example a snippet you paste into a ticket), that shared text is visible in that support channel.
Integrations can introduce new data paths. Tresor can keep its own platform zero-access, but if you connect external tools (storage, email, CRMs), those tools have their own access and retention rules. The safest approach is to treat connectors as explicit trust decisions.
Tresor can provide verifiable signals (for example attestation evidence or receipts) showing that requests were processed in an approved confidential runtime. This makes "by design" more than a promise.
Zero-access does not protect against: a compromised user device, an authorized teammate copying data elsewhere, or content you intentionally export or send to third parties. It's designed to prevent the most common failure mode in mainstream AI tools: provider and cloud-operator access to customer content.

Join the Beta

Ready to work with truly confidential AI?

Join professionals who trust Tresor to keep their sensitive work private.

Join the Beta

Zero-access by design

In plain English

How it works

Your organization holds the keys

Sensitive metadata is encrypted in your browser

Content is processed only inside secure enclaves

Enclave access is gated and short-lived

Frequently Asked Questions

01. Who can access my chats and documents?

02. Does Tresor hold the encryption keys?

03. Is this end-to-end encryption?

04. What does "EU-native" mean here?

05. What about my teammates, admins, and permissions?

06. What can Tresor still see?

07. Can Tresor support or support engineers view my content to help me?

08. What about integrations and connectors?

09. How can I verify these guarantees?

10. What are the limits of zero-access?

Ready to work with truly confidential AI?