Private email
Private email services are hosted email providers that prioritise data minimisation, strong encryption, and hosting outside US CLOUD Act jurisdiction. For EU buyers, what settles the choice is the operator's country of incorporation and whether end-to-end encryption is applied at rest. Top-rated options on EU Vetted include Mailbox.org (Germany, EU-owned, EU-hosted, CLOUD Act exposure: None), Tuta (Germany, EU-owned, EU-hosted, end-to-end encrypted), Posteo (Germany, EU-owned, EU-hosted, CLOUD Act exposure: None), and Proton Mail (Switzerland, CLOUD Act exposure: None, zero-access end-to-end encryption).
About this category
About Private email
Private email services are hosted email providers that distinguish themselves from mainstream providers (Gmail, Outlook, Yahoo) through a combination of stronger encryption, minimal data collection, and hosting outside the reach of US law enforcement access tools. The category covers providers where privacy and data sovereignty are explicit design decisions rather than an afterthought: from end-to-end encrypted services (Tuta, Proton Mail) to IMAP-compatible providers with strong GDPR postures (Mailbox.org, Posteo, Mailfence).
Email content carries a particular kind of sensitivity that makes the CLOUD Act question sharper here than in most categories: business communications, contracts, personal conversations, and credentials all pass through an inbox. If the provider is a US-incorporated company, US authorities can in practice access email content and metadata through CLOUD Act requests regardless of where servers are physically located. Gmail, Outlook, and Yahoo are US-owned services where this applies. EU-owned providers such as Mailbox.org (Germany), Tuta (Germany), Posteo (Germany), and Mailfence (Belgium) have no US parent company that can be compelled this way and fall under GDPR instead (CLOUD Act exposure: Mailbox.org None, Tuta None, Posteo None, Mailfence None). Swiss providers Proton Mail and Infomaniak Mail operate under Swiss data-protection law, which is considered adequate by the EU.
The second key dimension is encryption architecture. A provider that encrypts email only in transit (TLS between servers) but stores messages in a form it can access means a court order, insider threat, or data breach can expose message content. End-to-end encryption, as used by Tuta and Proton Mail, encrypts messages on your device before they leave it; the provider stores only ciphertext. The practical limitation is that E2EE applies fully only when both correspondents use compatible E2EE providers or exchange PGP keys. Email to Gmail addresses is not end-to-end encrypted. Encryption model is therefore the detail to check per provider, since it determines whether message content is readable by anyone other than sender and recipient.
-
Proton MailEU-SOVEREIGN
Swiss end-to-end encrypted email by Proton AG (Geneva); 100M+ users, Foundation-controlled since June 2024.
CH E2E Public DPA Sub-processors Open source 7 sub-procs · 4 US €4 /mo -
TutaEU-SOVEREIGN
Hannover-based end-to-end encrypted mail (formerly Tutanota); post-quantum crypto, own DE data centre, ISO 27001.
DE E2E Public DPA Sub-processors Open source 0 sub-procs €3 /mo -
Mailbox.orgEU-SOVEREIGN
Berlin-based private email + drive + meet + office bundle (Heinlein Support GmbH); ISO 27001 + BSI C5, €1/mo entry.
DE E2E Public DPA Sub-processors Open source 0 sub-procs €1 /mo -
PosteoEU-SOVEREIGN
Berlin one-person-shop privacy email at €1/mo (Posteo e.K., since 2009); anonymous signup, BSI TR-03108 certified.
DE E2E Public DPA Sub-processors Open source 0 sub-procs €1 /mo -
MailfenceEU-SOVEREIGN
Belgian secure email + calendar + docs (ContactOffice, est. 1999); browser-side PGP, donates 15% to EFF + EDRi.
BE E2E Public DPA Sub-processors Open source 0 sub-procs €3 /mo -
StartMailEU-BASED
Dutch private email (StartMail B.V., est. ~2014, by Startpage founders), NL-hosted, one-click PGP, unlimited aliases, USD-priced from $4.99/mo annual.
NL E2E Public DPA Sub-processors Open source 0 sub-procs €5 /mo -
Infomaniak Mail (kSuite)EU-SOVEREIGN
Swiss email + groupware (Infomaniak Group SA, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, free tier with @ik.me address.
CH E2E Public DPA Sub-processors Open source 0 sub-procs €6 /mo -
Kolab NowEU-SOVEREIGN
Swiss open-source Kolab groupware SaaS (Apheleia IT AG, Bern; Kolab Systems since 2010, Kolab Now since 2013), board incl. FSF Europe founder Georg Greve.
CH E2E Public DPA Sub-processors Open source 0 sub-procs €5 /mo -
MailoEU-SOVEREIGN
French family-owned email since 1998 (Mail Object; founders Voyat & Lenoir, reacquired from Lagardère 2007), French-hosted, Free tier €0 + Premium from €1/mo.
FR E2E Public DPA Sub-processors Open source 0 sub-procs €1 /mo -
RunboxEU-SOVEREIGN
Norwegian private email since 1999 (Runbox Solutions AS), own NO data centre, 100% renewable hydro, PGP + 2FA + PFS, double carbon-negative.
NO E2E Public DPA Sub-processors Open source 0 sub-procs €2 /mo -
SoverinEU-SOVEREIGN
Independent Dutch paid email (from €3.25/mo); ISO 27001 + NIS2 Ready, all data in Netherlands, full IMAP/SMTP/CalDAV/CardDAV compatibility.
NL E2E Public DPA Sub-processors Open source 0 sub-procs €3 /mo -
LC-ConnectEU-SOVEREIGN
German-hosted business email + calendar, contacts, tasks, notes and video meetings from LC by vBoxx GmbH; an integrated Microsoft 365 / Outlook alternative (TLS, not E2E).
DE E2E Public DPA Sub-processors Open source 0 sub-procs
| Compare | Sovereignty | Cert. | Pricing | Signals | Open | ||
|---|---|---|---|---|---|---|---|
|
Swiss end-to-end encrypted email by Proton AG (Geneva); 100M+ users, Foundation-controlled since June 2024.
|
GENEVA · CH
Switzerland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€4 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
Hannover-based end-to-end encrypted mail (formerly Tutanota); post-quantum crypto, own DE data centre, ISO 27001.
|
HANNOVER · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€3 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
Berlin-based private email + drive + meet + office bundle (Heinlein Support GmbH); ISO 27001 + BSI C5, €1/mo entry.
|
BERLIN · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
C5
|
Paid
€1 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
Berlin one-person-shop privacy email at €1/mo (Posteo e.K., since 2009); anonymous signup, BSI TR-03108 certified.
|
BERLIN · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€1 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
Belgian secure email + calendar + docs (ContactOffice, est. 1999); browser-side PGP, donates 15% to EFF + EDRi.
|
BRUSSELS · BE
Belgium
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€3 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
Dutch private email (StartMail B.V., est. ~2014, by Startpage founders), NL-hosted, one-click PGP, unlimited aliases, USD-priced from $4.99/mo annual.
|
NL
Netherlands
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€5 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
Swiss email + groupware (Infomaniak Group SA, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, free tier with @ik.me address.
|
GENEVA · CH
Switzerland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
ISO9001
+2 more
|
Freemium
€6 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
Swiss open-source Kolab groupware SaaS (Apheleia IT AG, Bern; Kolab Systems since 2010, Kolab Now since 2013), board incl. FSF Europe founder Georg Greve.
|
CH
Switzerland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€5 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
French family-owned email since 1998 (Mail Object; founders Voyat & Lenoir, reacquired from Lagardère 2007), French-hosted, Free tier €0 + Premium from €1/mo.
|
FR
France
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€1 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
Norwegian private email since 1999 (Runbox Solutions AS), own NO data centre, 100% renewable hydro, PGP + 2FA + PFS, double carbon-negative.
|
NO
Norway
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€2 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
Independent Dutch paid email (from €3.25/mo); ISO 27001 + NIS2 Ready, all data in Netherlands, full IMAP/SMTP/CalDAV/CardDAV compatibility.
|
NL
Netherlands
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid
€3 /mo
|
E2E
Public DPA
Sub-processors
Open source
|
→ | |
|
German-hosted business email + calendar, contacts, tasks, notes and video meetings from LC by vBoxx GmbH; an integrated Microsoft 365 / Outlook alternative (TLS, not E2E).
|
FRANKFURT · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid |
E2E
Public DPA
Sub-processors
Open source
|
→ |
Feature comparison
Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.
| Feature | Proton Mail | Tuta | Mailbox.org | Posteo | Mailfence | StartMail | Infomaniak Mail (kSuite) | Kolab Now | Mailo | Runbox | Soverin | LC-Connect |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Encryption | TLS E2E | TLS E2E | TLS | TLS | TLS | TLS | TLS | TLS | TLS | TLS | TLS | TLS |
| Mailbox storage | 15 GB | 20 GB | 2 GB | 4 GB | 11 GB | 20 GB | 20 GB | 5 GB | 20 GB | 2 GB | 25 GB | |
| Email aliases | 10 aliases | 15 aliases | 3 aliases | 2 aliases | 10 aliases | Unlimited | 100 aliases | 100 aliases | Unlimited | |||
| Custom domain | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
| IMAP / SMTP | Yes | No | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | |
| Calendar | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | |
| Contacts | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes |
Switching from US private email?
Side-by-side European alternatives (same hosting, ownership and CLOUD Act checks) for the US tools most often replaced in this category.