Soverin

**Soverin** is operated by **Soverin B.V.** (Amsterdam, KvK 61552275) and has been running since around 2014 as an **independent, self-funded Dutch email provider** — no VC backing, no US parent. The service is paid-only (from **€3.25/mo / €39/yr**, with optional .nl domain at €13/yr); there is no free tier, which is consistent with the "no ads, no profiling, no third-party data" pitch. Mail, calendar and contacts are reachable via standard **IMAP / SMTP / CalDAV / CardDAV** with any client — Soverin deliberately does not implement end-to-end encryption in the Proton/Tuta sense, in exchange for that full protocol compatibility; data is encrypted in transit (TLS) and at rest on the storage layer, and per the privacy statement is processed only within the EU. Certifications held: **ISO 27001**, ISO 14001, ISO 9001, **NIS2 Ready Mark**, perfect Internet.nl score (DNS / email / web / IPv6); NEN 7510 (Dutch healthcare InfoSec) listed as in-progress. The privacy statement names one unnamed sub-processor (external first-line customer support, under DPA + ISO scope) but the document is **not a publicly linked customer-facing DPA**, which is what caps the compliance score at 3/5 — clean EU ownership and clean hosting + multiple ISO certs would otherwise place it at 4. Positioning is squarely against US free webmail ("no Cloud Act exposure"); UI in English and Dutch.