<h1>What Tresor can and cannot see</h1><blockquote>In a nutshell: Tresor can see basic account information and operational metadata. Tresor cannot see your messages, chat titles, project names, project instructions, file contents, or anything you type and send.</blockquote><h2>What Tresor cannot see</h2>These items are encrypted in your browser and stored only as unreadable ciphertext:<table style="min-width: 50px"><colgroup><col style="min-width: 25px"><col style="min-width: 25px"></colgroup><tbody><tr><th colspan="1" rowspan="1">Data</th><th colspan="1" rowspan="1">Protected by</th></tr><tr><td colspan="1" rowspan="1">💬 Your chat messages</td><td colspan="1" rowspan="1">End-to-end encryption + enclave processing</td></tr><tr><td colspan="1" rowspan="1">📝 Chat titles</td><td colspan="1" rowspan="1">Client-side encryption</td></tr><tr><td colspan="1" rowspan="1">📁 Project names</td><td colspan="1" rowspan="1">Client-side encryption</td></tr><tr><td colspan="1" rowspan="1">📋 Project instructions</td><td colspan="1" rowspan="1">Client-side encryption</td></tr><tr><td colspan="1" rowspan="1">📄 Uploaded file contents</td><td colspan="1" rowspan="1">End-to-end encryption</td></tr><tr><td colspan="1" rowspan="1">📄 File names</td><td colspan="1" rowspan="1">Client-side encryption</td></tr></tbody></table>Even if someone compromised Tresor's database, they would find only encrypted data — useless without your personal keys.<h2>What Tresor can see</h2>Certain operational data is necessary for the service to function. Tresor can see:<table style="min-width: 50px"><colgroup><col style="min-width: 25px"><col style="min-width: 25px"></colgroup><tbody><tr><th colspan="1" rowspan="1">Data</th><th colspan="1" rowspan="1">Why it's needed</th></tr><tr><td colspan="1" rowspan="1">📧 Your email address</td><td colspan="1" rowspan="1">Account management, login, communication</td></tr><tr><td colspan="1" rowspan="1">👤 Your name</td><td colspan="1" rowspan="1">Display in the interface and team features</td></tr><tr><td colspan="1" rowspan="1">🕐 Timestamps</td><td colspan="1" rowspan="1">When messages, chats, and projects were created</td></tr><tr><td colspan="1" rowspan="1">📊 Message counts</td><td colspan="1" rowspan="1">To enforce plan limits (e.g., 20/day on Free)</td></tr><tr><td colspan="1" rowspan="1">🏷️ Plan and billing status</td><td colspan="1" rowspan="1">Subscription management</td></tr><tr><td colspan="1" rowspan="1">🔢 Message IDs and chat IDs</td><td colspan="1" rowspan="1">Database operations and verification</td></tr><tr><td colspan="1" rowspan="1">🌐 IP address (during requests)</td><td colspan="1" rowspan="1">Standard web server logs, not stored long-term</td></tr><tr><td colspan="1" rowspan="1">📱 Basic analytics</td><td colspan="1" rowspan="1">Anonymous, privacy-friendly usage analytics</td></tr></tbody></table><h2>What the AI model sees</h2>The AI inside the enclave temporarily sees your decrypted messages during processing — that's how it generates a response. However:<ul class="accent-bullets"><li>The AI runs inside a sealed enclave that nobody can inspect.</li><li>Messages are processed in memory and not persisted in the enclave after the response is sent.</li><li>The AI providers (OpenAI, Meta, Mistral, etc.) do not receive your messages directly. Tresor's enclave infrastructure mediates the interaction.</li><li>Your data is never used to train AI models.</li></ul><h2>What happens in a data breach scenario</h2>If Tresor's database were compromised, an attacker would find:<ul class="accent-bullets"><li>✅ Email addresses and names (like any account-based service)</li><li>✅ Encrypted blobs that are computationally infeasible to decrypt</li><li>❌ No chat content, titles, project information, or file contents in readable form</li></ul>This is fundamentally different from most AI services, where a breach would expose conversation history in plain text.<h2>A note about web search</h2>When you use the web search feature, the search query (which you approve beforehand) leaves the enclave to reach a search provider. This is the one exception to the fully sealed model, and it's why Tresor asks for your explicit approval each time. See <a href="https://tresorai.productlane.com/docs/using-tresor/web-search" target="_blank" rel="noopener noreferrer" class="cursor-pointer box-border border-b hover:border-b-[2px] transition-all duration-75 " style="text-decoration: none; border-color: var(--portal-accent-color);">Web search</a>.<h2>Good to know</h2><ul class="accent-bullets"><li>Tresor uses privacy-friendly analytics (PostHog) that you can decline during your first visit. If enabled, events are anonymous and contain no chat content.</li><li>Tresor does not sell, share, or monetize your data in any way.</li><li>For team workspaces, your teammates can see conversations and files in shared projects they've been given access to — but Tresor still cannot.</li><li>See Tresor's full <a href="https://trytresor.com/legal/privacy" target="_blank" rel="noopener noreferrer" class="cursor-pointer box-border border-b hover:border-b-[2px] transition-all duration-75 " style="text-decoration: none; border-color: var(--portal-accent-color);">Privacy Policy</a> for the legal details.</li></ul><h2>Related articles</h2><ul class="accent-bullets"><li><a href="https://tresorai.productlane.com/docs/privacy-and-security/how-tresor-protects-your-privacy" target="_blank" rel="noopener noreferrer" class="cursor-pointer box-border border-b hover:border-b-[2px] transition-all duration-75 " style="text-decoration: none; border-color: var(--portal-accent-color);">How Tresor protects your privacy</a> — The full technical explanation.</li><li><a href="https://tresorai.productlane.com/docs/privacy-and-security/tresor-vs-chatgpt" target="_blank" rel="noopener noreferrer" class="cursor-pointer box-border border-b hover:border-b-[2px] transition-all duration-75 " style="text-decoration: none; border-color: var(--portal-accent-color);">Tresor vs. ChatGPT, Claude &amp; others</a> — How this compares to other services.</li><li><a href="https://tresorai.productlane.com/docs/privacy-and-security/verifying-your-privacy" target="_blank" rel="noopener noreferrer" class="cursor-pointer box-border border-b hover:border-b-[2px] transition-all duration-75 " style="text-decoration: none; border-color: var(--portal-accent-color);">Verifying your conversation's privacy</a> — See the proof for yourself.</li></ul>

Privacy and Security

A transparent breakdown of exactly what data Tresor can access, what's encrypted, and what metadata is stored.