What is Treasure Cloud?
People are storing more and more data online so we decided to look at the security and privacy controls that people have available to them and we found a major issue. We found that when signing up to cloud storage, you are required to agree to the terms and conditions and this generally means giving permission for your data to be viewed, analysed and even sold. We decided that this was fundamentally wrong so we decided to build a solution that is truly private for users to store their data.
While some companies offer cloud storage, encryption or the ability to manage multiple cloud storage locations in one place. Treasure is the only one who gives you all three. Treasure is an environment where your data cannot be accessed by anyone apart from you!
All of your data is protected with your own encryption key, which we can backup securely for you, so even if it’s lost, it can be recovered.
Who is Treasure Cloud?
Treasure Cloud is a data security company that has developed a number of data security products. The Treasure team comprises entrepreneurs, scientists, technologists, and experts in cryptography, data security and blockchain.
Treasure Cloud has brought together the finest minds and technology partners to create a new paradigm. They believe that data and privacy issues spiralling out of control. The problem is overwhelming. Complexity is rising as more data gets uploaded to the cloud. New applications require sharing data between many different parties and therefore we have developed a number of revolutionary products.
Why do we need Treasure Cloud?
Some people believe that privacy is about being secretive, whilst we agree that being secretive can be important, the truth is that privacy is far more than just being secretive. The Treasure team believes that when you create files, they belong to you and you should be able to control who has access to them and when.
Many providers of cloud storage say that they believe in this principle, but when we dig into their terms and conditions, the rights that they demand do not appear to back up the belief. Many demand to be able to access the data, run analytics on the data and some even demand the right to be able to share it with third parties. Treasure believes that this is fundamentally wrong and wants to put a full stop to the invasion of people’s privacy.
What makes Treasure Cloud different to other cloud storage platforms?
We wanted to build a solution that is truly private. While some companies offer you cloud storage, encryption or the ability to manage multiple cloud storage locations in one place, Treasure is the only one who gives you all three.
Treasure is an environment where your data cannot be accessed by anyone apart from you! All of your data is protected with your own encryption key, which we can backup securely for you, so even if it’s lost, it can be recovered.
Who are the technology partners?
We have decided to work with Amazon Web Services, Microsoft Azure and Intel to deliver the Treasure promise.
What is the role of Amazon Web Services (AWS) in Treasure Cloud?
AWS provides the storage for Treasure storage. We chose AWS for 3 main reasons:
- Performance: speed is something that all of us want when we use the cloud for storage, file sharing and collaboration with people. – Struggling for hours to upload data to the cloud could be frustrating and we understand it.
- Security: security is the key for any of us when we upload data to the cloud. Even though Treasure encrypts all files on the user end before uploading it to the cloud, we think that we need to protect the data so our customer will not have to worry about it.
- Scalability: we are committed to supporting any of our customers scale, we wanted to assure that when you need more space, you will get it, immediately!
What is the role of Microsoft Azure in Treasure Cloud?
We have decided to work with Microsoft Azure for our processing power, as we are using Microsoft Azure for our web application as well as our backend server. We have decoupled the storage (AWS) and the processing (Azure) as we believe this is the best practice for every secure system. Azure provides peace of mind in terms of security, scalability and interoperability.
What is the role of Intel in Treasure Cloud?
If our users choose to securely back up their private keys with us, we encrypt the keys and keep them in our Treasure Vault (TVault).
TVault is our next-generation key and secret management system based on Intel SGX technology and is FIPS 140-2, Level 1 certified.
What is the role of Stripe in Treasure Cloud?
The use of Twilio Authy
We use Twilio Inc. to perform some of our communications services. During your access to and use of our services, some communications information and strings may be collected and processed by Twilio Inc. for certain purposes as a controller of such information as specified in its privacy notice and practices. Twilio Inc.’s privacy notice may be found at https://www.twilio.com/legal/privacy.
How can I move files to Treasure cloud?
Moving files is easy, regardless of which of the connected providers you wish to move the files from. Select one or more files and the select Copy or Move in the Navigation bar above. The Treasure platform even lets you move from files from one 3rd party cloud provider to another. When files are moved using Treasure, the system does more than just move the files, it ensures that the files are protected by securing them during the transition using your security keys.
How can I move all of my files to Treasure in one go?
You can select multiple files and move them all in one go. We do not currently support moving folders but this is something we are working on and will be implementing soon.
Can I move files between my Treasure Cloud account and my other cloud storage accounts?
Absolutely, the Treasure system lets you move files between any of your connected cloud platforms.
The Treasure platform even lets you move from files from one 3rd party cloud provider to another. When files are moved using Treasure, the system can do more than just move the files: optionally, it will ensure that the files are protected by securing them during the transition using your security keys.
Can I stream files from Treasure Cloud?
We currently offer streaming from the platform for certain file types including audio and MP4 files. We will be adding more file types in the near future.
Are there any file size limitations?
Within the Treasure platform the file size limit is 2GB, this is a limit that the team is looking at and is looking to increase this limit.
Is there a Software Development Kit (SDK)?
We do not currently offer a public software development kit but we do love working with smart people with good ideas. If you have an idea and want to work with us we would be delighted to talk to you and explore options how we might be able to collaborate. Please drop us an email to email@example.com
How can I get support?
If you are encountering issues with Treasure Cloud, please email firstname.lastname@example.org and we will do our best to help you.
How do I register for an account?
Registering is easy, simply go to the signup page and enter your email address. Within seconds, you will receive an email with a secure verification code in order to validate the address. By entering the code you will then be able to finalise the creation of your account.
Why is my account registration not working?
If you are encountering issues with your account registration, please email email@example.com and we will do our best to help you.
What do I do if I do not receive the activation email?
Usually, it takes less than 10 seconds for you to receive an email from us. It is unusual for you not to receive it. Please check spam inbox or your junk if you haven’t, otherwise please try the resend button. If this still does not work, please email firstname.lastname@example.org and investigate the matter and get back to you.
Can I change my email address?
Your Treasure account is uniquely identified by your email address, for security reasons we do not allow users to change the email address for the account. It was a design decision that was taken based on our security policy. It was decided that if a user was able to reset their password via email we only want that to be enabled to the original email address. We hear that some people don’t like that decision and we are reviewing it. If we feel we got it wrong we will hold our hands up and make the change. Sorry for the inconvenience
How do I change my password?
You can change your password at any time by going to the “Security” section in “Settings” and clicking on “Change password”. Alternatively, or if you have forgotten your password, please see the answer below “I have forgotten my password. Can I reset it?“.
Or alternatively you can change your password directly using the following link: https://app.treasure.cloud/auth/reset-password.
How do I refer people to use Treasure Cloud?
We hope that you will love using Treasure so much that you want to get your friends and family to sign up to the platform too. As a thank you, the Treasure team will add 10GB of storage to your account for each successful referral, we will aso add 10GB to the account of the person who you referred,
It is easy to get the link to share with your friends and family, simply click on your profile button, go to “Settings” and select “Referrals”. You will be able to see your unique referral link that you can share with your friends and family.
How can I view and manage referral I have sent from Treasure Cloud?
Treasure provides multiple ways for you to get your friends and family to use the platform. One of the easiest ways is for you to share the link that is unique to you, this can be accessed from the account settings under the “Referrals” section.
Many users choose to share this over email or through other messaging platforms such as WhatsApp or Telegram. Once the invitation is accepted you will receive a notification, and will immediately receive 10GB of bonus storage for each successful invitation.
How do I delete my account?
We would hate to see you leave Treasure, but if you do want to leave please email us at email@example.com
We have planned to launch a feature whereby you will be able to delete your account within the settings in your account.
Where is my data stored and who can access my data?
Treasure is built with client-side encryption, which means that every time a file leaves your device, it is encrypted with your unique key, and will never be seen or accessed in plaintext by any third-parties – not even by us. Your keys are uniquely generated for use only by you. When you share a file with someone it is encrypted with their key so you can be sure that the only person who can access that file will be the person who you have intended to share it with.
Will data I store in Treasure Cloud be absolutely secure?
We want to be honest with you, nothing is absolutely secure. What we provide is bleeding edge security with a high degree of encryption and protection. We are providing you with a way to secure your data with minimal effort but maximum security.
Is it safe for me to use Treasure? Can I trust you?
The Treasure team is 100% focused on providing you with the best level of security that we can whilst providing the most usable interface. We stand by our platform and our approach to security and we provide an overview of our technology for you to review if you really want to look under the hood.
How does encryption work?
Encryption scrambles a file using a secret key such that it becomes unreadable. In order to unscramble the file and get back the original information, you need to have knowledge of the secret key and the particular algorithm that is used to scramble the file.
What are the encryption keys used and how are they stored?
Treasure primarily handles three types of keys: a master key which is used to encrypt and decrypt other keys, a file key which is used to encrypt and decrypt files, and a sharing key which is used to share files with others. Our server only stores encrypted keys, the root key that can unlock all these encrypted keys is controlled by you because it is derived from your password. Without your password, these encrypted keys simply can’t be unlocked.
When you sign up with Treasure, the following processes take place on your browser or mobile phone:
- A master key and a sharing key are generated;
- You create a password;
- Key is derived from the password;
- The sharing key is encrypted using the master key and finally;
- The master key is encrypted using a key derived from your password.
The encrypted master key, the encrypted sharing key and the public key component of the sharing key are sent to our server for storage.
A unique file key is generated on your device for each file that is encrypted by Treasure. This file key is encrypted using the master key. Each encrypted file key is also sent to our server for storage.
When you want to share a file with someone, the file key is encrypted with the recipient’s public key. The recipient’s encrypted file key is also saved in our server.
Are my files automatically encrypted?
Absolutely 100% yes!
The team at Treasure are experts on security, we took it upon ourselves to make the platform as secure as we could and we do not require each user to need to take steps to encrypt or decrypt their files, we take care of it by default for you. Every file that is uploaded through Treasure is automatically encrypted using your keys, meaning that it is not readable by anyone else unless you specifically give them access.
What is Treasure Vault?
Treasure Vault (TVault) is a product we have built to solve the secret management problem by allowing users to securely create, store, transport and use secrets. TVault ensures that secrets are never available in plaintext whether at rest, in motion or in use. Secrets are always encrypted at rest or in motion and are used inside secure enclaves which are protected memory regions created using Intel’s Software Guard Extensions (SGX) technology. In addition TVault has been awarded FIPS (Federal Information Processing Standard) 140-2 certification from the National Institute of Standards and Technology (NIST). FIPS 140-2 is the benchmark for validating the effectiveness of cryptographic hardware as a result TVault provides industrial level security for its users.
TVault was formerly known as Anqlave Data Vault (ADV). For more information, please refer to the white paper published by intel at here.
TVault centralises secret creation and management and allows for decentralised secret use. This decoupling allows us to create portable enclaves, penclaves, that can be ported from one SGX enabled machine to another. Penclaves have wide applicability. They form the basis for keyless cryptography as a service and confidential distributed machine learning. They also play a key role in enabling elastic and confidential cloud computing.
What is the Secret Management Problem?
Perimeter defense systems are not sufficient to protect secrets on the server side. Notably, Facebook and LinkedIn have been in the news for very insecure password management practices. Protecting secrets from insiders who have easy access to secrets or who can conduct sophisticated memory scraping attacks is critical.
A secret is anything that one system uses to authenticate or authorize itself with another. Examples of secrets are usernames and passwords, API tokens, TLS certificates and cryptographic keys. Secrets end up being stored and used in a wide variety of insecure places.
From the client perspective, secrets end up getting carelessly strewn in all sorts of places. Database usernames and passwords are often hard-coded into the source code, or are in configuration files. Locations of key files and certificates are often stored in configuration files. These end up in version control systems or even in shared folders or Wikis. It is impossible to manage these secrets and to determine whether your system has been compromised. TVault uses a two pronged approach to secret management. First, it centralizes the secret life-cycle management activities to a single highly secure, fault tolerant and robust service. Second, TVault ensures that secrets are always encrypted; at rest, in motion and in use. This protects the secrets from insiders with root or administrative privileges, even those who can conduct sophisticated memory scraping attacks.
How do I change my password within the platform?
Within your settings click “Security” and then under “Password”, you will be able to select “Change your password” where you will be asked to enter your current password and the new password you would like to have. The strength bar will indicate how strong your new password is. Red indicates you have a low strength password, orange medium, and green high.
Can I enable Two-Factor Authentication on my account?
We offer two-factor authentication, if you wish to use your mobile phone as your second factor then we require your mobile number. As an alternative we also allow users to use Google authenticator as your second factor.
What is FIPS (Federal Information Processing Standard) 140-2 certification?
The Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting protected information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3 and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover 11 areas related to the secure design and implementation of a cryptographic module.
These areas include:
- Cryptographic module specification
- Cryptographic module ports and interfaces
- Roles, services and authentication
- Finite state model
- Physical security
- Operational Environment
- Cryptographic key management
- Electromagnetic interference/electromagnetic compatibility (EMI/EMC)
- Design assurance and
- Mitigation of other attacks
- A FIPS 140-2 validation certificate is issued for each validated module. An overall rating is issued for the cryptographic module, which indicates (1) the minimum of the independent ratings received in the areas with levels, and (2) fulfillment of all the requirements in the other areas. It is important for vendors and users of cryptographic modules to realize that the overall rating of a cryptographic module is not necessarily the most important rating. The rating of an individual area may be more important than the overall rating, depending on the environment in which the cryptographic module will be implemented (this includes understanding what risks the cryptographic module is intended to address).
Treasure suggests that I make a backup of my recovery words. Why?
By default, Treasure allows you to backup your secure word sequence into the Treasure Vault (TVault). It is a FIPS 140-2 certified vault based on Intel SGX technology. Some users may not wish to leverage the backup and instead store the words in a safe place of their own choice. In either scenario, in the event of forgetting your password, you will be able to recover your account
If, on the other hand, you opt to not leverage the vault for secure backup of your account, as well as neglect to backup your recovery words locally, the Treasure team will not be able to offer a way for you to get back into your account.
Treasure advises that, regardless of your experience and ability to self-manage, the best option is to allow the Treasure secure vault to act as your safety net. It is somewhat like an insurance policy: we hope you will never need it, but if you do, then we believe that you will be glad that you opted to use it.
How do I upload files to Treasure?
You can drag files and folders from your local machine directly onto the file browser window. Files can also be added from within the browser by either clicking the + button and selecting “Upload file”, or right-clicking and selecting “Upload file”.
How do I download files from Treasure?
You can download files by right-clicking on a file and selecting “Download”, a second way is to select one or more files and then click Download in the Navigation bar above.
Can I upload and download at the same time?
Yes. When you start uploading or downloading files, it will run in the background. You can continue to upload or download files again from the same or other locations while the previous tasks are running.
Can I sort files?
You can click at the top of each column in the main application area to sort either ascending or descending order by a given criteria.
Can I resume interrupted uploads or downloads?
No. At the moment, Treasure does not support pausing ongoing or resuming interrupted transfers.
Where is the file that I just downloaded?
By default the file will be moved to your Downloads folder. It is possible for you to change the default download location in your own browser. Have a look at browser-specific tutorials and documentation on how to perform such a task.
How can I view and manage active and queued transfers?
The interface provides you with a progress update at the bottom right-hand side of the interface.
How do you regulate transfer quota utilisation?
The service does not regulate or throttle the transfer traffic. If you are using a 3rd party cloud they could potentially have a limitation in place but as far as Treasure is concerned you are only limited by the amount of bandwidth that you have.
What if I’m having browser storage issues?
If you cannot find the solution within the help centre please email firstname.lastname@example.org and we will do our best to assist you.
Do I have to re-login into every cloud drive on each mobile or desktop device?
No, once you have connected the cloud provider to your account you will stay logged into the platform regardless of which device you access your account from. The limitations for how long you remain logged into each platform are as follows:
- Google Drive – 180 days
- Dropbox – No expiry
- Box – 60 days
Can I restore deleted files from trash?
Click on the Trash icon on the navigation pane on the left hand side, either select the files you wish to remove and click “Delete permanently” in the navigation bar at the top. Alternatively right click on any file and click “Delete permanently”.
How do I connect my other cloud accounts on Treasure?
Linking third-party clouds is easy: click on “Connect” in the left hand navigation bar and select the cloud provider that you would like to add. The system will then guide you through the process to connect your other cloud storage platforms.
How do I disconnect my cloud accounts on Treasure?
You can remove the connection to any of your cloud providers as and when you choose. To do this, you can right click on the provider in the Navigation pane on the left and select “Disconnect storage”. Alternatively, navigate to “Settings” by clicking on your profile icon, then hover over any of the providers, you will see a pop-up option to “Disconnect storage”.
Can I manage versions of my files in Treasure?
This is something that we are building into an upcoming version of the product.
Not found what you were looking for?Get in Touch