Private email
Private email services are hosted email providers that prioritise data minimisation, strong encryption, and hosting outside US CLOUD Act jurisdiction. The key EU decision criterion is the operator's country of incorporation and whether end-to-end encryption is applied at rest. Top-rated options on EU Vetted include Mailbox.org (Germany, 5/5), Tuta (Germany, 5/5), Posteo (Germany, 5/5), and Proton Mail (Switzerland, 5/5).
Private email services are hosted email providers that distinguish themselves from mainstream providers (Gmail, Outlook, Yahoo) through a combination of stronger encryption, minimal data collection, and hosting outside the reach of US law enforcement access tools. The category covers providers where privacy and data sovereignty are explicit design decisions rather than an afterthought — from end-to-end encrypted services (Tuta, Proton Mail) to IMAP-compatible providers with strong GDPR postures (Mailbox.org, Posteo, Mailfence).
For EU buyers, the CLOUD Act exposure question is particularly significant for email because email content is highly sensitive: it contains business communications, contracts, personal conversations, and credentials. If the provider is a US-incorporated company, US authorities can in practice access email content and metadata through CLOUD Act requests regardless of where servers are physically located. Gmail, Outlook, and Yahoo are US-owned services where this applies. EU-owned providers such as Mailbox.org (Germany, 5/5), Tuta (Germany, 5/5), Posteo (Germany, 5/5), and Mailfence (Belgium, 4/5) are not subject to that direct exposure and fall under GDPR instead. Swiss providers Proton Mail and Infomaniak Mail (both 5/5) operate under Swiss data-protection law, which is considered adequate by the EU.
The second key dimension is encryption architecture. A provider that encrypts email only in transit (TLS between servers) but stores messages in a form it can access means a court order, insider threat, or data breach can expose message content. End-to-end encryption, as used by Tuta and Proton Mail, encrypts messages on your device before they leave it; the provider stores only ciphertext. The practical limitation is that E2EE applies fully only when both correspondents use compatible E2EE providers or exchange PGP keys — email to Gmail addresses is not end-to-end encrypted. The listings below show the encryption model for each provider so you can match it to your specific requirements.
-
Infomaniak Mail (kSuite)VERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Swiss email + groupware (Infomaniak Group SA, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, free tier with @ik.me address.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other This listing Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
CH · 0 sub-procs Open ↗ -
Mailbox.orgVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Berlin-based private email + drive + meet + office bundle (Heinlein Support GmbH); ISO 27001 + BSI C5, €1/mo entry.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
DE · 0 sub-procs Open ↗ -
PosteoVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Berlin one-person-shop privacy email at €1/mo (Posteo e.K., since 2009); anonymous signup, BSI TR-03108 certified.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
DE · 0 sub-procs Open ↗ -
Proton MailVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Swiss end-to-end encrypted email by Proton AG (Geneva); 100M+ users, Foundation-controlled since June 2024.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other This listing Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
CH · 0 sub-procs Open ↗ -
MailfenceVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Belgian secure email + calendar + docs (ContactOffice, est. 1999); browser-side PGP, donates 15% to EFF + EDRi.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
BE · 0 sub-procs Open ↗ -
TutaVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Hannover-based end-to-end encrypted mail (formerly Tutanota); post-quantum crypto, own DE data centre, ISO 27001.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
DE · 0 sub-procs Open ↗ -
Kolab NowVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Swiss open-source Kolab groupware SaaS (Apheleia IT AG, Bern; Kolab Systems since 2010, Kolab Now since 2013), board incl. FSF Europe founder Georg Greve.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other This listing Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
CH · 0 sub-procs Open ↗ -
MailoVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
French family-owned email since 1998 (Mail Object; founders Voyat & Lenoir, reacquired from Lagardère 2007), French-hosted, Free tier €0 + Premium from €1/mo.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
FR · 0 sub-procs Open ↗ -
RunboxVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Norwegian private email since 1999 (Runbox Solutions AS), own NO data centre, 100% renewable hydro, PGP + 2FA + PFS, double carbon-negative.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other This listing Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
NO · 0 sub-procs Open ↗ -
SoverinVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Independent Dutch paid email (from €3.25/mo); ISO 27001 + NIS2 Ready, all data in Netherlands, full IMAP/SMTP/CalDAV/CardDAV compatibility.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
NL · 0 sub-procs Open ↗ -
StartMailVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Dutch private email (StartMail B.V., est. ~2014, by Startpage founders), NL-hosted, one-click PGP, unlimited aliases, USD-priced from $4.99/mo annual.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor This listing A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
NL · 0 sub-procs Open ↗
| Compare | Owner | CLOUD Act | Cert. | Sub-procs | ||||
|---|---|---|---|---|---|---|---|---|
|
Infomaniak Mail (kSuite)
Swiss email + groupware (Infomaniak Group SA, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, free tier with @ik.me address.
|
GENEVA · CH
Switzerland
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
ISO/IEC 27001
ISO9001
+2 more
|
0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Mailbox.org
Berlin-based private email + drive + meet + office bundle (Heinlein Support GmbH); ISO 27001 + BSI C5, €1/mo entry.
|
BERLIN · DE
Germany
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
ISO/IEC 27001
C5
|
0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Posteo
Berlin one-person-shop privacy email at €1/mo (Posteo e.K., since 2009); anonymous signup, BSI TR-03108 certified.
|
BERLIN · DE
Germany
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Proton Mail
Swiss end-to-end encrypted email by Proton AG (Geneva); 100M+ users, Foundation-controlled since June 2024.
|
GENEVA · CH
Switzerland
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
ISO/IEC 27001
|
0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Mailfence
Belgian secure email + calendar + docs (ContactOffice, est. 1999); browser-side PGP, donates 15% to EFF + EDRi.
|
BRUSSELS · BE
Belgium
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Tuta
Hannover-based end-to-end encrypted mail (formerly Tutanota); post-quantum crypto, own DE data centre, ISO 27001.
|
HANNOVER · DE
Germany
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
ISO/IEC 27001
|
0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Kolab Now
Swiss open-source Kolab groupware SaaS (Apheleia IT AG, Bern; Kolab Systems since 2010, Kolab Now since 2013), board incl. FSF Europe founder Georg Greve.
|
CH
Switzerland
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Mailo
French family-owned email since 1998 (Mail Object; founders Voyat & Lenoir, reacquired from Lagardère 2007), French-hosted, Free tier €0 + Premium from €1/mo.
|
FR
France
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Runbox
Norwegian private email since 1999 (Runbox Solutions AS), own NO data centre, 100% renewable hydro, PGP + 2FA + PFS, double carbon-negative.
|
NO
Norway
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Soverin
Independent Dutch paid email (from €3.25/mo); ISO 27001 + NIS2 Ready, all data in Netherlands, full IMAP/SMTP/CalDAV/CardDAV compatibility.
|
NL
Netherlands
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
ISO/IEC 27001
|
0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
StartMail
Dutch private email (StartMail B.V., est. ~2014, by Startpage founders), NL-hosted, one-click PGP, unlimited aliases, USD-priced from $4.99/mo annual.
|
NL
Netherlands
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ |