Aller au contenu
Vérifié indépendamment · Ré-audit trimestriel
EU VETTED

Tuta

VéRIFIé
E-mail privée · Germany
Founded 2011 · tuta.com ↗

Hannover-based end-to-end encrypted mail (formerly Tutanota); post-quantum crypto, own DE data centre, ISO 27001.

Pourquoi ce score ?

Tuta (formerly Tutanota, Hannover DE, founded 2011 by Arne Möhle and Matthias Pfau) operates its own German data centre, ships end-to-end encrypted mail / calendar / drive with post-quantum cryptography, all clients open-source and auditable, ISO 27001 certified, GDPR + DSGVO, 10,000+ business organisations and millions of consumer users; founder-owned, no US ties — rated 4/5: strong profile in every structural dimension, but the DPA is not publicly accessible — it is reachable only inside a customer account after signing up for a business plan; the rubric reserves 5/5 for a publicly accessible DPA.

SCORE
4.0/5
CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
JUMP TO
OVERVIEW

About Tuta

**Tuta** (Hannover, Germany, founded 2011 by Arne Möhle and Matthias Pfau — Tutanota until 2023 rebrand) is one of the cleanest privacy-first email picks in Europe — **own German data centre**, **end-to-end encryption by default**, **post-quantum cryptography** (forward-looking against future quantum attacks), 100% **open-source clients** for Android, iOS, Windows, macOS, Linux, and browser. Free tier permanent for personal use; paid Revolutionary tier from ~€3/mo. Products: Tuta Mail, Tuta Calendar, Tuta Drive. Customer base: 10,000+ organisations including medical, journalism, human-rights, plus millions of consumers. 100% renewable-energy-powered. Founder-owned, no US VC, no PE — full 5/5.
SUB-PROCESSORS

Carte des sous-traitants · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Référentiels & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Matrice de fonctionnalités

INTEGRATION & ACCESS
REST API No
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Tarifs & paliers

FREEMIUM
à partir de €3/mois
Voir la page tarifs ↗
PUBLIC DOCUMENTS

Documents publics

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement — this caps the compliance score (see How we score).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
  • Terms of Service
    tuta.com/terms…
    Open ↗
ALTERNATIVES

Alternatives dans cette catégorie

Infomaniak Mail (kSuite)
Switzerland

Swiss email + groupware (Infomaniak Group SA, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, free tier with @ik.me address.
Mailbox.org
Germany

Berlin-based private email + drive + meet + office bundle (Heinlein Support GmbH); ISO 27001 + BSI C5, €1/mo entry.
Posteo
Germany

Berlin one-person-shop privacy email at €1/mo (Posteo e.K., since 2009); anonymous signup, BSI TR-03108 certified.
See all e-mail privée alternatives →