Samsung vs Tresorit

Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows.

Tresorit is an encrypted cloud storage service based in Switzerland that genuinely cannot access your files; it holds ISO 27001 certification, stores data primarily in the EEA, and gives 30 days' notice of material policy changes — but it records and transcribes sales calls with AI bots, uses Facebook and Google for ad targeting, collects app usage analytics, and business-plan admins can access employees' encrypted files via a recovery master key.