We wanted to build a solution that is truly private. While some companies offer you cloud storage, encryption or the ability to manage multiple cloud storage locations in one place, Treasure is the only one who gives you all three.
Treasure is an environment where your data cannot be accessed by anyone apart from you! All of your data is protected with your own encryption key, which we can backup securely for you, so even if it’s lost, it can be recovered.
Some people believe that privacy is about being secretive, whilst we agree that being secretive can be important, the truth is that privacy is far more than just being secretive. The Treasure team believes that when you create files, they belong to you and you should be able to control who has access to them and when.
Many providers of cloud storage say that they believe in this principle, but when we dig into their terms and conditions, the rights that they demand do not appear to back up the belief. Many demand to be able to access the data, run analytics on the data and some even demand the right to be able to share it with third parties. Treasure believes that this is fundamentally wrong and wants to put a full stop to the invasion of people’s privacy.
Treasure Cloud is a data security company that has developed a number data security products. The Treasure team is comprised of entrepreneurs, scientists, technologists, cryptography, data security and blockchain experts.
Treasure Cloud have brought together the finest minds and technology partners to create a new paradigm. Treasure Cloud believe data and privacy issues spiralling out of control. The problem is overwhelming. Complexity is rising as more data gets uploaded to the cloud. New applications require sharing data between many different parties and therefore we have developed a number of revolutionary products.
Yes, Treasure has applications for every modern Android and iOS device. You can find more information regarding particular devices within the” iOS App”, and “Android App” topics area.
We do not currently offer a public software development kit but we do love working with smart people with good ideas. If you have an idea and want to work with us we would be delighted to talk to you and explore options how we might be able to collaborate. Please drop us an email to firstname.lastname@example.org
We have decided to work with Amazon Web Services, Microsoft Azure and Intel to deliver the Treasure promise.
AWS provides the storage for Treasure storage. We chose AWS for 3 main reasons:
- Performance: speed is something that all of us want when we use the cloud for storage, file sharing and collaboration with people. – Struggling for hours to upload data to the cloud could be frustrating and we understand it.
- Security: security is the key for any of us when we upload data to the cloud. Even though Treasure encrypts all files on the user end before uploading it to the cloud, we think that we need to protect the data so our customer will not have to worry about it.
- Scalability: we are committed to supporting any of our customers scale, we wanted to assure that when you need more space, you will get it, immediately!
We have decided to work with Microsoft Azure for our processing power, as we are using Microsoft Azure for our web application as well as our backend server. We have decoupled the storage (AWS) and the processing (Azure) as we believe this is the best practice for every secure system. Azure provides peace of mind in terms of security, scalability and interoperability.
If our users choose to securely back up their private keys with us, we encrypt the keys and keep them in our Anqlave Data Vault (ADV).
ADV is our next-generation key and secret management system based on Intel SGX technology and isFIPS 140-2, Level 1 certified.
We use Twilio Inc. to perform some of our communications services. During your access to and use of our services, some communications information and strings may be collected and processed by Twilio Inc. for certain purposes as a controller of such information as specified in its privacy notice and practices. Twilio Inc.’s privacy notice may be found at https://www.twilio.com/legal/privacy.
Fortunately, there is no such limit for your existing storage providers: once you connect a third-party storage, there is no limit to the size of either uploads or downloads, while encryption and decryption will be automatically performed in your local browser for files of any size. Within the Treasure platform the file size limit is 100Mb, this is a limit that the team is looking at and is looking to increase this limit.
You can select multiple files and move them all in one go. We do not currently support moving folders but this is something we are working on and will be implementing soon.
Moving files is easy, regardless of which of the connected providers you wish to move the files from. Select one or more files and the select Copy or Move in the Navigation bar above. The Treasure platform even lets you move from files from one 3rd party cloud provider to another. When files are moved using Treasure, the system does more than just move the files, it ensures that the files are protected by securing them during the transition using your security keys.
Absolutely, the Treasure system lets you move files between any of your connected cloud platforms.
The Treasure platform even lets you move from files from one 3rd party cloud provider to another. When files are moved using Treasure, the system can do more than just move the files: optionally, it will ensure that the files are protected by securing them during the transition using your security keys.
We currently offer streaming from the platform for certain file types including audio and MP4 files. We will be adding more file types in the near future.
Registering is easy, simply go to the signup page and enter your email address. Within seconds, you will receive an email with a secure verification code in order to validate the address. By entering the code you will then be able to finalise the creation of your account.
If you are encountering issues with your account registration, please email email@example.com and we will do our best to help you.
Usually, it takes less than 10 seconds for you to receive an email from us. It is unusual for you not to receive it. Please check spam inbox or your junk if you haven’t, otherwise please try the resend button. If this still does not work, please email firstname.lastname@example.org and investigate the matter and get back to you.
You can change your password at any time by going to the “Security” section in “Settings” and clicking on “Change password”. Alternatively, or if you have forgotten your password, please see the answer below “I have forgotten my password. Can I reset it?“.
Or alternatively you can change your password directly using the following link: https://app.treasure.cloud/auth/reset-password
Your Treasure account is uniquely identified by your email address, for security reasons we do not allow users to change the email address for the account.
We would hate to see you leave Treasure, but if you do want to leave please email email@example.com We have planned to launch a feature where you will be able to delete your account within the settings within your account.
We hope that you will love using Treasure so much that you want to get your friends and family to sign up to the platform too. As a thank you, the Treasure team will add 5GB of storage to your account for each successful referral.
It is easy to get the link to share with your friends and family, simply click on your profile button, go to “Settings” and select “Referrals”. You will be able to see your unique referral link that you can share with your friends and family.
Treasure provides multiple ways for you to get your friends and family to use the platform. One of the easiest ways is for you to share the link that is unique to you, this can be accessed from the account settings under the “Referrals” section.
Many users choose to share this over email or through other messaging platforms such as WhatsApp or Telegram. Once the invitation is accepted you will receive a notification, and will immediately receive 1 GB of bonus storage for each successful invitation.
It is business as usual for you, but you will receive a bonus storage allocation of 1 GB as a thank you form the Treasure team.
We want to be honest with you, nothing is absolutely secure. What we provide is bleeding edge security with a high degree of encryption and protection. We are providing you with a way to secure your data with minimal effort but maximum security.
The Treasure team is 100% focused on providing you with the best level of security that we can whilst providing the most usable interface. We stand by our platform and our approach to security and we provide an overview of our technology for you to review if you really want to look under the hood.
Treasure primarily handles three types of keys: a master key which is used to encrypt and decrypt other keys, a file key which is used to encrypt and decrypt files, and a sharing key which is used to share files with others. Our server only stores encrypted keys, the root key that can unlock all these encrypted keys is controlled by you because it is derived from your password. Without your password, these encrypted keys simply can’t be unlocked.
When you sign up with Treasure, the following processes take place on your browser or mobile phone:
- A master key and a sharing key are generated;
- You create a password;
- Key is derived from the password;
- The sharing key is encrypted using the master key and finally;
- The master key is encrypted using a key derived from your password.
The encrypted master key, the encrypted sharing key and the public key component of the sharing key are sent to our server for storage.
A unique file key is generated on your device for each file that is encrypted by Treasure. This file key is encrypted using the master key. Each encrypted file key is also sent to our server for storage.
When you want to share a file with someone, the file key is encrypted with the recipient’s public key. The recipient’s encrypted file key is also saved in our server.
Absolutely 100% yes!
The team at Treasure are experts on security, we took it upon ourselves to make the platform as secure as we could and we do not require each user to need to take steps to encrypt or decrypt their files, we take care of it by default for you. Every file that is uploaded through Treasure is automatically encrypted using your keys, meaning that it is not readable by anyone else unless you specifically give them access.
Encryption scrambles a file using a secret key such that it becomes unreadable. In order to unscramble the file and get back the original information, you need to have knowledge of the secret key and the particular algorithm that is used to scramble the file.
From the “Sign in” view, click the link “Forgot password?” below the sign in box, this will take you to a form where you can request a recovery link to be sent to your registered email address. This link will direct you to “Account recovery” where you can set a new password for your account. If you have previously opted for a secure backup of your keys with us, this will allow you to skip the key verification step. Otherwise, you will have to retrieve your own copy of “Recovery words”, which you will be asked to paste into a box for verification.
Within your settings click “Security” and then under “Password”, you will be able to select “Change your password” where you will be asked to enter your current password and the new password you would like to have. The strength bar will indicate how strong your new password is. Red indicating you have a low strength password, orange medium, and green high.
We offer two-factor authentication, if you wish to use your mobile phone as your second factor then we require your mobile number. As an alternative we also allow users to use Google authenticator as your second factor.
By default, Treasure allows you to backup your secure word sequence into the Anqlave Data Vault (ADV). It is a FIPS 140-2 certified vault based on Intel SGX technology. Some users may not wish to leverage the backup and instead store the words in a safe place of their own choice. In either scenario, in the event of forgetting your password, you will be able to recover your account
If, on the other hand, you opt to not leverage the vault for secure backup of your account, as well as neglect to backup your recovery words locally, the Treasure team will not be able to offer a way for you to get back into your account.
Treasure advises that, regardless of your experience and ability to self-manage, the best option is to allow the Treasure secure vault to act as your safety net. It is somewhat like an insurance policy: we hope you will never need it, but if you do, then we believe that you will be glad that you opted to use it.
Anqlave is our prior company name and Anqlave Data Vault (ADV) is a product we built prior to Treasure Cloud, it solves the secret management problem by allowing users to securely create, store, transport and use secrets. ADV ensures that secrets are never available in plaintext whether at rest, in motion or in use. Secrets are always encrypted at rest or in motion and are used inside secure enclaves which are protected memory regions created using Intel’s Software Guard Extensions (SGX) technology. In addition ADV has been awarded FIPS (Federal Information Processing Standard) 140-2 certification from the National Institute of Standards and Technology (NIST). FIPS 140-2 is the benchmark for validating the effectiveness of cryptographic hardware as a result ADV provides industrial level security for its users
ADV centralises secret creation and management and allows for decentralised secret use. This decoupling allows us to create portable enclaves, penclaves, that can be ported from one SGX enabled machine to another. Penclaves have wide applicability. They form the basis for keyless cryptography as a service and confidential distributed machine learning. They also play a key role in enabling elastic and confidential cloud computing.
Read our whitepaper on Intel® Data Center Builders.
Perimeter defense systems are not sufficient to protect secrets on the server side. Notably, Facebook and LinkedIn have been in the news for very insecure password management practices. Protecting secrets from insiders who have easy access to secrets or who can conduct sophisticated memory scraping attacks is critical.
A secret is anything that one system uses to authenticate or authorize itself with another. Examples of secrets are usernames and passwords, API tokens, TLS certificates and cryptographic keys. Secrets end up being stored and used in a wide variety of insecure places.
From the client perspective, secrets end up getting carelessly strewn in all sorts of places. Database usernames and passwords are often hard-coded into the source code, or are in configuration files. Locations of key files and certificates are often stored in configuration files. These end up in version control systems or even in shared folders or Wikis. It is impossible to manage these secrets and to determine whether your system has been compromised. ADV uses a two pronged approach to secret management. First, it centralizes the secret life-cycle management activities to a single highly secure, fault tolerant and robust service. Second, ADV ensures that secrets are always encrypted; at rest, in motion and in use. This protects the secrets from insiders with root or administrative privileges, even those who can conduct sophisticated memory scraping attacks.
The Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting protected information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3 and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover 11 areas related to the secure design and implementation of a cryptographic module.
These areas include:
- Cryptographic module specification
- Cryptographic module ports and interfaces
- Roles, services and authentication
- Finite state model
- Physical security
- Operational Environment
- Cryptographic key management
- Electromagnetic interference/electromagnetic compatibility (EMI/EMC)
- Design assurance and
- Mitigation of other attacks
- A FIPS 140-2 validation certificate is issued for each validated module. An overall rating is issued for the cryptographic module, which indicates (1) the minimum of the independent ratings received in the areas with levels, and (2) fulfillment of all the requirements in the other areas. It is important for vendors and users of cryptographic modules to realize that the overall rating of a cryptographic module is not necessarily the most important rating. The rating of an individual area may be more important than the overall rating, depending on the environment in which the cryptographic module will be implemented (this includes understanding what risks the cryptographic module is intended to address).
Treasure is built with end-to-end security, which means that every time a file leaves your device, it is encrypted with your unique key, and will never be seen or accessed in plaintext by any third-parties – not even by us. Your keys are uniquely generated for use only by you. When you share a file with someone it is encrypted with their key so you can be sure that the only person who can access that file will be the person who you have intended to share it with.
If you cant find the solution within the help centre please email firstname.lastname@example.org and we will do our best to assist you.
Click on the Trash icon on the navigation pane on the left hand side, either select the files you wish to remove and click “Delete permanently” in the navigation bar at the top. Alternatively right click on any file and click “Delete permanently”.
You can click at the top of each column in the main application area to sort either ascending or descending order by a given criteria.
This is something that we are building into an upcoming version of the product.
No, once you have connected the cloud provider to your account you will stay logged into the platform regardless of which device you access your account from. The limitations for how long you remain logged into each platform are as follows:
- Google Drive – 180 days
- Dropbox – No expiry
- Box – 60 days
You can remove the connection to any of your cloud providers as and when you choose. To do this, you can right click on the provider in the Navigation pane on the left and select “Disconnect storage”. Alternatively, navigate to “Settings” by clicking on your profile icon, then hover over any of the providers, you will see a pop-up option to “Disconnect storage”.
Linking third-party clouds is easy: click on “Connect” in the left hand navigation bar and select the cloud provider that you would like to add. The system will then guide you through the process to connect your other cloud storage platforms.
The interface provides you with a progress update at the bottom right-hand side of the interface.
The service does not regulate or throttle the transfer traffic. If you are using a 3rd party cloud they could potentially have a limitation in place but as far as Treasure is concerned you are only limited by the amount of bandwidth that you have.
By default the file will be moved to your Downloads folder. It is possible for you to change the default download location in your own browser. Have a look at browser-specific tutorials and documentation on how to perform such a task.
No. At the moment, Treasure does not support pausing ongoing or resuming interrupted transfers.
Yes. When you start uploading or downloading files, it will run in the background. You can continue to upload or download files again from the same or other locations while the previous tasks are running.
You can download files by right-clicking on a file and selecting “Download”, a second way is to select one or more files and then click Download in the Navigation bar above.
You can drag files from your local machine directly onto the file browser window. Files can also be added from within the browser by either clicking the + button and selecting “Upload file”, or right-clicking and selecting “Upload file”.