The Priviy team
Privacy-focused independent editorial. We verify every encryption and jurisdiction claim against primary sources before recommending. No copy-pasted product sheets, no hidden sponsored mentions.
Eric Gérard
Main editor, Priviy
Independent editor for 12 years. Former network admin in an industrial SME. On Priviy I analyse the main privacy clouds (pCloud, Proton Drive, Tresorit, Sync.com) against their official documentation, published audits, jurisdiction and pricing — so every recommendation traces back to a verifiable source, not to a marketing sheet.
My journey started in 2010 as a network admin in a French industrial SME (three sites, two Cisco ASA firewalls, 80 SMB shares and an off-site backed-up Synology NAS). That's where I saw the gap between cloud providers' marketing promise ("end-to-end encrypted") and the technical reality (TLS in transit + AES at rest with server-held keys = NOT zero-knowledge). I earned the Cisco CCNA certification in 2014 then moved to independent tech publishing. On Priviy I work self-taught on cloud applied cryptography: reading NIST specifications (FIPS 140-3, SP 800-38D for AES-GCM, SP 800-56A for ECDH), and the providers' own security documentation — Proton (Security Model, Drive Security Architecture), Tresorit (cryptographic architecture whitepaper), pCloud (Crypto Whitepaper). I follow the European rulings that change the game: Schrems II (July 2020), pending Schrems III, EU-US Data Privacy Framework (July 2023) and its risk of being struck down by the CJEU. I publish under my full name and personally answer technical questions.
Areas of coverage
- ◈Cloud storage privacy: pCloud, Proton Drive, Tresorit, Sync.com, Nextcloud
- ◈Client-side encryption (zero-knowledge): Crypto add-on, Cryptomator, Boxcryptor
- ◈Legal analysis: commercial registers, US CLOUD Act, jurisdiction switching
- ◈Reading security whitepapers and published independent audits
- ◈Self-host alternatives: Nextcloud on Contabo/Hetzner VPS
How claims are verified
Priviy is written and edited by Eric. There is no paid review panel: instead, every technical and legal claim is checked against primary, publicly verifiable sources before publication — official provider documentation, published independent audits, and the text of the laws and rulings cited.
Legal & jurisdiction claims
Jurisdictional statements (place of establishment, CLOUD Act applicability, GDPR adequacy, SCC transfers, Schrems II) are checked against official commercial registers and the published text of the relevant laws and EU rulings. Where a provider's legal exposure is uncertain, we say so rather than assert it.
Cryptography claims
Encryption claims (zero-knowledge vs E2E, encryption scheme, key derivation, post-quantum) are checked against each provider's official security documentation, whitepapers, public source code, and published independent audits (e.g. Securitum for Proton, Ernst & Young for Tresorit). We do not run our own cryptographic audits and never present provider marketing as if it were independently verified.
Editorial standards
Every article published on Priviy follows the process below, with no exception or shortcut.
Primary-source verification before publication
Jurisdictional claims (place of establishment, CLOUD Act applicability, SCC transfers) are checked against official registers and the cited legal texts. Cryptographic claims (encryption scheme, KDF parameters, threat model) are checked against official provider documentation, public source code and published independent audits. Claims that cannot be verified against a primary source are removed.
Mandatory primary sources
Every figure or technical parameter cited must link to the provider's official documentation (whitepaper, security architecture doc, public source code) or a published independent audit (Securitum for Proton, Ernst & Young for Tresorit). Marketing statements are never reproduced without documentary verification.
Hands-on use, transparently scoped
When a review reflects hands-on use of a provider, the scope is stated in the article itself (which account tier, on what dates). We do not publish synthetic benchmark figures, lab measurements or test-bench numbers we did not actually produce, and we never present provider marketing as if it were our own measurement.
Maximum 90-day revision cycle
No article stays published more than 90 days without revision of its technical and legal content. The frontmatter date (datePublished / dateModified) reflects the last real verification, not a cosmetic CI build.
Conflicts of interest disclosed on every page
Pages containing affiliate links carry a top disclaimer: permanent banner + rel="sponsored nofollow" HTML attribute on every commercial link. The potential commission never changes the score — Proton Drive remains our default zero-knowledge recommendation regardless of commission. No exception.