Tresor AI - Privacy Policy

1. Who is responsible for your data

Tresor S.A., a societe anonyme incorporated under the laws of the Grand Duchy of Luxembourg, registered with the Luxembourg Trade and Companies Register (RCS) under number B305693, with registered office at c/o House of Startups, 9, rue du Laboratoire, L-1911 Luxembourg, Grand Duchy of Luxembourg ("Tresor", "we", "us" or "our"), is the controller for the personal data described in this Policy, except where Section 3 states otherwise.

You can reach us at privacy@tresor.co.

This Policy applies to our websites (including tresor.co), the Tresor Workspace, the Tresor Confidential Inference API, and related services (together, the "Services"). It forms part of our Terms of Service.

2. The zero-access design: what Tresor cannot see

The Services are built so that the content of your work - your prompts, uploaded documents, conversations, project contents, and AI responses ("Content") - is encrypted on your device before transmission and is processed only inside attested confidential computing environments (secure enclaves) running on hardware such as AMD SEV-SNP and Intel TDX. The encryption keys for your Content are not available to Tresor outside those enclaves.

As a result, Tresor staff, our infrastructure providers, and third parties cannot read your Content in plaintext, and we cannot disclose plaintext Content in response to legal demands, because we have no technical means to access it. We do not use Content to train AI models. For the Confidential Inference API, prompts and responses are not retained after the response is returned. For the Tresor Workspace, Content is stored only in encrypted form under keys controlled by you.

This protection is a property of the system architecture, not only a policy. Its hardware and cryptographic foundations - including remote attestation and signed per-response receipts - are described in our technical documentation. As explained in our Terms of Service, no architecture can eliminate every conceivable risk, but the design ensures that under normal operation no party outside the enclave handles readable Content except you.

3. Our role: controller and processor

For the operational data described in Section 4, Tresor is the controller.

Where you use the Services in a business context and your Content includes personal data of third parties (for example, client files), you (or your organization) are the controller of that data. To the limited extent Tresor processes such Content at all, it does so as a processor under our Data Processing Agreement . Because Content is processed exclusively inside attested enclaves under the zero-access design, Tresor has no access to it in plaintext; the precise scope of processing attributable to Tresor is set out in the Data Processing Agreement.

4. What data we process, why, and on what legal basis

We process the following categories of personal data. Legal bases refer to Article 6(1) GDPR.

Where we rely on legitimate interests, those interests are running, securing, and improving a commercial service; you may object as described in Section 10. We do not carry out automated decision-making producing legal or similarly significant effects on you, and we do not use your data for profiling.

5. Who receives data

We share personal data only as needed to provide the Services. Our current providers include:

• Infrastructure providers (EU-hosted): Microsoft Azure provides EU-hosted confidential computing infrastructure for Tresor-operated enclaves, and Supabase provides EU-hosted database and storage for encrypted Workspace artifacts, ciphertext, operational metadata, and opaque signed receipt records. Content within this infrastructure exists only in encrypted form; these providers never receive prompt or response plaintext.
• Attested inference providers: inference requests may be routed to third-party providers operating hardware-secured enclaves. Tresor verifies each provider's hardware attestation before any data is forwarded; Content remains enclave-encrypted end to end, is processed in plaintext only inside the verified enclave, and is not retained by the provider after the response is returned. The provider serving each request is identified in your receipt. The current list of approved inference providers is maintained in Annex 3 of our Data Processing Agreement .
• Payment processor: Stripe processes payment and billing data under its own privacy policy.
• Service providers acting as our processors (Art. 28 GDPR): transactional email delivery (Sweego), web dashboard and site hosting outside the content path (Vercel), product analytics (PostHog, see Section 9), DNS (EuroDNS), and source-control and deployment tooling (GitHub) that operates outside the live request path. Each is bound by a data-processing agreement.
• Authorities and advisers: where required by law, to establish or defend legal claims, or in connection with a corporate transaction, in which case this Policy continues to apply to your data.

When you use agentic web search in the Workspace, the enclave sends a search query (stripped of identifying information) to a third-party search engine only after you explicitly approve that search; your identity and browser are not exposed to the search engine.

We do not sell personal data, and we do not share Content with anyone, because we cannot access it.

6. International transfers

Tresor's core infrastructure for the production Services, and all of your Content, is hosted in the European Union.

Where a third-party inference provider processes data outside the EU/EEA, we rely on an adequacy decision of the European Commission or on Standard Contractual Clauses with supplementary measures. For inference routing, the decisive supplementary measure is technical: Content is protected by hardware enclave encryption throughout, so it is not accessible in plaintext to the provider or to authorities in the destination country.

A limited number of service providers that handle only operational data (never Content) may process that data outside the EU/EEA; where they do, we rely on an adequacy decision or Standard Contractual Clauses with appropriate safeguards.

Customers of the Confidential Inference API, and Workspace users where the feature is available, can enable a region restriction (EU or Luxembourg) that is enforced as a hard routing constraint: requests are routed only to providers in the selected region, and if no eligible route matches, the request fails rather than widening geography.

7. How long we keep data

• Workspace Content: held in encrypted form for as long as you keep it in your Workspace; deleted when you delete it or your account. Because deletion is effected by destroying the associated key material (crypto-erasure), encrypted Content for which only you hold the keys becomes permanently irrecoverable when deleted.
• API prompts and responses: not retained after the response is returned.
• Receipts and attestation evidence: receipts are stored as opaque signed records containing no Content. The full attestation evidence embedded in a stored receipt is retained for a default window of 30 days, after which the raw evidence may be pruned to cryptographic hashes that preserve later verification. Receipt signatures, digests, provider identity, token counts, timestamps, and usage records are kept only as long as needed for customer verification, fraud and security prevention, billing, audit, dispute handling, or mandatory legal retention.
• Workspace audit-trail events: 30 days for Team plans; one year or more for Enterprise plans or as agreed in an Order Form.
• Account data: for the life of your account and up to 12 months thereafter, unless a longer period is required by law.
• Billing records and receipts: 10 years, in line with Luxembourg commercial and tax retention obligations.
• Security logs: typically 90 days, longer where needed to investigate an incident.
• Support communications: 24 months after the matter is closed.

When retention periods expire, data is deleted or irreversibly anonymized.

8. How we protect data

We apply technical and organizational measures appropriate to the risk, in accordance with Article 32 GDPR, including: client-side encryption of Content; processing inside attested confidential computing environments with hardware-encrypted memory for data in use; encryption of data in transit (TLS terminated inside the enclave) and at rest; least-privilege access controls; signed, verifiable per-response audit receipts; three-layer redaction that keeps prompt and response content out of logs, metrics, and traces; encrypted backups with tested recovery procedures; monitoring and alerting on enclave health and attestation failures; a documented incident-response process; and security reviews of our suppliers. Further details are published in our technical documentation and, as it becomes available, our Trust Center.

9. Cookies and website analytics

Our website uses strictly necessary cookies to function. We use optional analytics and marketing cookies only with your consent, which you can give, refuse, or withdraw at any time via the cookie banner or your browser settings.

For product analytics we use PostHog in a cookieless configuration until you give consent: until then, no analytics or marketing cookies are set, and the events we collect are metadata-only and contain no Content. If you consent, PostHog may set cookies to provide more detailed analytics; you can withdraw that consent at any time. The specific cookies in use, their purposes, and their lifetimes are listed in our cookie notice at https://tresor.co/cookies .

10. Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you (Art. 15) and receive a copy.
• Rectify inaccurate or incomplete data (Art. 16).
• Erase your data (Art. 17), subject to legal retention obligations.
• Restrict processing (Art. 18).
• Receive your data in a portable format (Art. 20). You can also export your Workspace content at any time from within the product.
• Object to processing based on legitimate interests, and to direct marketing at any time (Art. 21).
• Withdraw consent at any time with effect for the future, where processing is based on consent (Art. 7(3)).

To exercise these rights, contact us at privacy@tresor.co. We will respond within one month, extendable by two further months for complex requests. Note that for end-to-end encrypted Content, access, rectification, and portability are exercised directly through the product, since Tresor cannot read or extract that Content on your behalf.

You also have the right to lodge a complaint with a supervisory authority, in particular the Commission nationale pour la protection des donnees (CNPD), 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg, cnpd.public.lu , or the authority of your habitual residence.

11. Children

The Services are not directed at children. As set out in our Terms of Service, users must be at least 18, or at least 16 with the consent of a parent or legal guardian. We do not knowingly collect personal data from children below these ages; if you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time, for example when we launch new features or when the law changes. We will update the "Last updated" date and, for material changes, notify you by email or through the Services before the changes take effect.

13. Contact