Docs / Privacy and Security
What Tresor can and cannot see
A transparent breakdown of exactly what data Tresor can access, what's encrypted, and what metadata is stored.
What Tresor can and cannot see
In a nutshell: Tresor can see basic account information and operational metadata. Tresor cannot see your messages, chat titles, project names, project instructions, file contents, or anything you type and send.
What Tresor cannot see
These items are encrypted in your browser and stored only as unreadable ciphertext:
Data | Protected by |
|---|---|
💬 Your chat messages | End-to-end encryption + enclave processing |
📝 Chat titles | Client-side encryption |
📁 Project names | Client-side encryption |
📋 Project instructions | Client-side encryption |
📄 Uploaded file contents | End-to-end encryption |
📄 File names | Client-side encryption |
Even if someone compromised Tresor's database, they would find only encrypted data — useless without your personal keys.
What Tresor can see
Certain operational data is necessary for the service to function. Tresor can see:
Data | Why it's needed |
|---|---|
📧 Your email address | Account management, login, communication |
👤 Your name | Display in the interface and team features |
🕐 Timestamps | When messages, chats, and projects were created |
📊 Message counts | To enforce plan limits (e.g., 20/day on Free) |
🏷️ Plan and billing status | Subscription management |
🔢 Message IDs and chat IDs | Database operations and verification |
🌐 IP address (during requests) | Standard web server logs, not stored long-term |
📱 Basic analytics | Anonymous, privacy-friendly usage analytics |
What the AI model sees
The AI inside the enclave temporarily sees your decrypted messages during processing — that's how it generates a response. However:
The AI runs inside a sealed enclave that nobody can inspect.
Messages are processed in memory and not persisted in the enclave after the response is sent.
The AI providers (OpenAI, Meta, Mistral, etc.) do not receive your messages directly. Tresor's enclave infrastructure mediates the interaction.
Your data is never used to train AI models.
What happens in a data breach scenario
If Tresor's database were compromised, an attacker would find:
✅ Email addresses and names (like any account-based service)
✅ Encrypted blobs that are computationally infeasible to decrypt
❌ No chat content, titles, project information, or file contents in readable form
This is fundamentally different from most AI services, where a breach would expose conversation history in plain text.
A note about web search
When you use the web search feature, the search query (which you approve beforehand) leaves the enclave to reach a search provider. This is the one exception to the fully sealed model, and it's why Tresor asks for your explicit approval each time. See Web search.
Good to know
Tresor uses privacy-friendly analytics (PostHog) that you can decline during your first visit. If enabled, events are anonymous and contain no chat content.
Tresor does not sell, share, or monetize your data in any way.
For team workspaces, your teammates can see conversations and files in shared projects they've been given access to — but Tresor still cannot.
See Tresor's full Privacy Policy for the legal details.
Related articles
How Tresor protects your privacy — The full technical explanation.
Tresor vs. ChatGPT, Claude & others — How this compares to other services.
Verifying your conversation's privacy — See the proof for yourself.
Was this helpful?