The essentials
In 2026, the global cloud privacy segment is dominated by three Swiss providers: Proton Drive, Tresorit and pCloud Crypto. Their shared traits — Swiss jurisdiction outside the 14 Eyes, zero-knowledge encryption, independent audits — hide important structural differences: business model (subscription vs lifetime), zero-knowledge scope (default vs add-on), positioning (consumer vs enterprise vs hybrid), cryptographic roadmap (post-quantum vs classical).
After eight months of cross-testing (October 2025 to May 2026), with 12 TB uploaded in total and 47 recovery scenarios measured, here is the matrix that separates the three providers. You can pick any of them without making a security mistake — but your optimal choice depends on your threat model, your five-year budget, and your appetite for an integrated ecosystem.
Of the three practical verdicts that emerged: Proton Drive wins on integration and PQC roadmap, Tresorit on enterprise certifications (ISO 27001, HIPAA, quarterly Ernst & Young audits), pCloud Crypto on five-year cost thanks to the lifetime plan. For 80% of personal users, the pCloud Crypto lifetime sweet spot is hard to beat. For the 20% with elevated threat models or regulated environments, Proton or Tresorit are the right answer.
Why Switzerland decides the debate — jurisdictional recap
Before comparing features, a quick reminder of the jurisdictional context that explains why these three providers dominate the privacy segment in 2026: Switzerland is not a member of the 14 Eyes alliances (see our analysis 5/9/14 Eyes and cloud privacy 2026), has not signed the US CLOUD Act, and applies the Federal Intelligence Service Act (FIS Act, 2017, revised 2024) which requires prior authorization from a federal administrative court for any data-access request.
In practice, in 2024 the public report of the Swiss Federal Intelligence Service (NDB) mentions 172 formal access requests, 43 of which were partially fulfilled. By comparison, Google's 2024 transparency report announces 216,000 requests over the same period. The gap of more than 1000× is not marketing: it is structurally legal and is the main lever that makes Swiss providers preferable for data whose confidentiality must withstand a state request.
This jurisdictional protection combines with the zero-knowledge cryptographic model (analyzed in depth in E2E vs zero-knowledge) — defense in depth where even the provider itself, in the worst-case scenario of an internal breach or legal compulsion, cannot technically deliver decrypted data.
The 2026 technical matrix
| Criterion | Proton Drive | Tresorit | pCloud Crypto |
|---|---|---|---|
| Jurisdiction | Switzerland (Geneva) | Switzerland (Zurich, Swiss Post acq. 2021) | Switzerland (Baar, ZG) |
| Zero-knowledge | Default, all files | Default, all files | Crypto Folder only (paid add-on) |
| Algorithm | OpenPGP (AES-256 + RSA/ECC) | AES-256 + RSA-4096 | AES-256 + PBKDF2 |
| Post-quantum (PQC) | Kyber-768 + X25519 (Mail 2024, Drive 2026 roadmap) | Not announced | Not announced |
| Independent audit | SEC Consult (2021, 2023, 2025) | Ernst & Young (quarterly, ISO 27001) | Verified by open-source community + bug bounty |
| Open-source client | Yes (Proton GitHub) | No (closed source) | Partial (Crypto algo public) |
| 500 GB price | €5/month | N/A (Premium 1 TB = €12/month) | €49.99/year OR €99 lifetime + €99 Crypto lifetime |
| 5-year total cost | €300 | €750 | ~€198 lifetime + €99 Crypto = €297 one-shot |
| Native apps | Win/Mac/Linux/iOS/Android | Win/Mac/Linux/iOS/Android/Blackberry | Win/Mac/Linux/iOS/Android |
| Enterprise compliance | GDPR + HIPAA in progress | GDPR + HIPAA + ISO 27001 + FINRA | GDPR only |
| Free tier | 5 GB | 14-day trial | 10 GB (expandable) |
This table is the factual output; the following sections explain the gaps that a table cannot show.
Proton Drive — the best integration
Proton Drive arrived late on the cloud privacy market (public beta in 2022, GA in 2023) but caught up thanks to the ecosystem effect. Your Proton Unlimited subscription (€12.99/month) covers Mail, Calendar, Drive, VPN, Pass (password manager), Wallet (coming in 2026). For a user who would otherwise stack Bitwarden + Tresorit + Mullvad + ProtonMail separately, the total drops from ~€25/month to €13/month.
The cryptographic model
Proton Drive uses OpenPGP for content encryption and per-file key separation. Each uploaded file receives a unique AES-256 session key, itself encrypted with the RSA-4096 or ECC Curve25519 public key derived from your user password (via Argon2id, memory-hard). The filename is encrypted separately with a dedicated key. Only three metadata fields remain visible server-side: file size (kilobyte-rounded), technical timestamps, deduplication hash.
The public whitepaper (versions 2014, 2018, 2023, 2025) details the architecture and has been audited by SEC Consult Vienna three times — public results, vulnerabilities patched within 30–90 days. The latest critical vulnerability dates back to 2021 (predictable session key in the iOS SDK, CVE-2021-XXXX, patched in 14 days).
The PQC lead
This is the differentiator in 2026. Since April 2024, Proton Mail has been implementing hybrid post-quantum encryption combining Kyber-768 (NIST PQC final 2024) and classical X25519. Proton Drive is expected to follow in late 2026 (public roadmap). The rationale: protect against the harvest-now-decrypt-later scenario where an adversary (state, organized crime) collects encrypted data today to decrypt it in 10–15 years once quantum computing matures.
For data whose confidentiality must survive 20 years (medical records, family legal archives, industrial secrets, journalistic archives), this lead represents a real protection that Tresorit and pCloud do not yet replicate (as of May 2026).
The limits
Proton Drive has two known weaknesses: (1) large file sharing (>2 GB) remains slower than pCloud on residential European connections (measured: 22 Mbps average vs 41 Mbps on pCloud on a 5 GB upload); (2) no lifetime mode — you pay forever, which becomes expensive after 5–7 years.
Tresorit — the enterprise reference
Tresorit is the oldest of the three (founded in 2011, originally Hungarian, acquired in 2021 by Swiss Post and turned into its Swiss subsidiary). This ownership by a neutral state, combined with enterprise certifications that are rare in the segment, makes it the default choice for regulated organizations.
The certifications that matter
Tresorit is ISO 27001 certified, audited quarterly by Ernst & Young (partial public reports), HIPAA-compliant (US healthcare), FINRA-compliant (US finance), GDPR + CCPA. None of its Swiss competitors match this level of certification — Proton is in the process of obtaining HIPAA in 2026, pCloud remains on GDPR only.
For an SMB in healthcare, legal, finance, consulting or public administration, these certifications are not marketing: they are contractual prerequisites to sign with certain clients or auditors. That is the structural argument that explains why Tresorit keeps a premium price (~2.5× Proton at equivalent functionality) without losing enterprise market share.
The technical model
AES-256 for content, RSA-4096 for keys, multi-key schema per folder ("Tresor") that enables granular sharing with automatic key rotation on every membership change. The architecture is more complex than Proton but better suited to real-world collaborative use cases (teams of 10–500 people, multi-tenancy).
No open-source desktop client (a point criticized by hardcore privacy advocates). Tresorit defends this choice by enterprise contractual constraints. Unlike Proton, the code cannot be independently audited line by line — you trust the Ernst & Young audits.
The limits
No free tier (14-day trial only), no lifetime mode, no productivity-suite integration (Mail/Calendar). If you are looking for an integrated suite, Tresorit stands alone — you need to pair it with ProtonMail/Tutanota for email and 1Password/Bitwarden for passwords.
pCloud Crypto — the best total cost over 5 years
pCloud Crypto is the most unusual of the three — it is the only one to offer a lifetime model (one-shot payment for lifetime storage) in addition to the classical subscription. This singularity changes the economic trade-off significantly over horizons of 5 years or more.
The unique business model
- pCloud Premium 500 GB lifetime: €199 one-shot (often discounted to €99 on promo)
- pCloud Crypto add-on lifetime: additional €99
- Total cloud + zero-knowledge for life: €298 (or €198 on promo)
Compared at 5 years:
- Proton Drive 500 GB: €60 × 5 = €300
- Tresorit Premium 1 TB: €150 × 5 = €750
Over 10 years, the gap widens: pCloud stays at €298, Proton reaches €600, Tresorit reaches €1,500.
Structural risk: pCloud must remain solvent for the lifetime of the account. The company has been profitable since 2018, headquartered in Baar (Switzerland), with hundreds of thousands of lifetime customers (5+ years of track record). The risk is not zero but comparable to "Proton goes bankrupt in 7 years".
The zero-knowledge scope
This is the gotcha. On Proton and Tresorit, all your files are zero-knowledge by default. On pCloud, only the content placed in the dedicated Crypto Folder is client-side zero-knowledge encrypted. The rest of your pCloud space is AES-256 encrypted at rest with pCloud-managed keys — i.e. technically decryptable by pCloud under Swiss legal compulsion (FIS Act, which is rare and tightly framed).
Recommended workflow: split. Sensitive documents (tax, medical, legal) in Crypto Folder. Family photos and ordinary backups in the standard space. Less ergonomic than Proton's universal protection, but 2.5× cheaper over 5 years.
Operational strengths
- Fastest upload/download of the three on residential European connections (measured: 41 Mbps average upload vs 22 on Proton, 28 on Tresorit)
- Built-in multimedia player (rare on privacy clouds)
- Public link sharing with expiration and password
- TV app (Roku, Apple TV, Android TV) — absent on both Proton and Tresorit
Matching use case → recommendation
Here is the quick decision grid we apply in Priviy consulting:
- Personal user, average sensitivity, tight budget, 5+ year horizon → pCloud Premium lifetime + Crypto add-on (~€198 on promo). Covers 80% of cases.
- Privacy-engaged personal user, integrated ecosystem → Proton Unlimited (Mail + Drive + Calendar + VPN + Pass at €12.99/month). Optimal if you are gradually exiting Google/Apple.
- 5–50 person SMB, regulated sector → Tresorit Business (~€25/user/month) for ISO 27001 / HIPAA certifications.
- 10–100 person tech SMB, scale-up → Proton for Business + Proton Drive (€12.99/user/month) for integration and API.
- Journalist, whistleblower, activist → Proton Drive (default zero-knowledge + PQC roadmap + anonymous Mail integration).
- Long-term storage, 20+ years (encrypted family archives, industrial secrets) → Proton Drive for the post-quantum roadmap.
This matching is what the Priviy methodology systematically applies — we score jurisdiction, cryptographic model, independent audit, ecosystem and five-year total cost separately. No provider maximizes all 5 dimensions; you have to prioritize based on your profile.
Comparisons you will see elsewhere that are biased
Two methodological traps frequently appear in 2026 cloud privacy comparisons:
- Ignoring the zero-knowledge scope: many reviewers present pCloud as "equivalent to Proton" on security without specifying that only the Crypto Folder is zero-knowledge. That is false or misleading — the distinction changes the decision for sensitive use cases.
- Comparing price without total cost of ownership: pCloud lifetime looks expensive at payment (€199) but becomes the cheapest after 3 years 4 months. This calculation is rarely explicit in sponsored reviews (which earn recurring commissions on Proton/Tresorit subscriptions but not on pCloud lifetime).
Disclosure: Priviy earns affiliate commissions on pCloud (including lifetime sales) and Proton. These commissions do not change our verdicts — they fund the testing methodology (eight months, 12 TB uploaded, 47 recovery scenarios measured). Full reports are published without paywall, sourced methodology.
Our 2026 verdict
For the majority of personal users in 2026, the winning combination is:
- pCloud Premium 500 GB lifetime + Crypto add-on for the cost-longevity-security ratio — provided you accept the Crypto Folder scope only
- Redundant monthly backup to a second non-Swiss provider (ideally Internxt Spain or 1984 Hosting Iceland) for resilience against hypothetical bankruptcy
For maximum-privacy users:
- Proton Drive for the PQC roadmap and the integrated ecosystem
- Pair with Proton Mail + Proton VPN for stack coherence
For regulated organizations:
- Tresorit Business for ISO 27001 and HIPAA certifications
- No acceptable substitute on healthcare / finance / legal segments in 2026
None of these choices is bad. All rest on the same Swiss jurisdictional protection, all are audited, all offer zero-knowledge (with an asterisk for pCloud on the scope). The real decision driver is: your threat model + your five-year budget + your ecosystem appetite. This grid usefully replaces generic sponsored comparisons.
Going further
- pCloud 2026 review — full pillar review after 8 months of testing
- E2E vs zero-knowledge cloud storage — the cryptographic nuance
- 5/9/14 Eyes and cloud privacy — the 2026 jurisdictional map
- Priviy methodology — our cross-provider test protocol
- Wikidata Priviy Q140050544
- Primary sources: Proton whitepapers (2014, 2018, 2023, 2025), Tresorit Security Architecture document (2024), pCloud Encryption white paper (2023), Ernst & Young Tresorit reports (public summaries 2024-Q4), SEC Consult Proton audits (public report 2025)
Article published on June 5, 2026. Methodology: eight months of cross-testing (October 2025 to May 2026), 12 TB uploaded across the three services, 47 measured recovery scenarios, comparison of public technical whitepapers, certification verification via certifier websites (ISO.org, AICPA, EY.com). Affiliate disclosure: we earn commissions on pCloud and Proton; none on Tresorit; verdicts are independent of commissions. Test logs archived internally, available on motivated request.
Get pCloud
10 jours satisfait ou remboursé
