Mailfence
VERIFIEDBelgian secure email + calendar + docs (ContactOffice, est. 1999); browser-side PGP, donates 15% to EFF + EDRi.
Why this score?
Mailfence is operated by ContactOffice Group (Belgium, founded 1999) — 25+ years operational, European data centres, OpenPGP end-to-end encryption in-browser, no ads / no trackers / no backdoors, donates 15% of Ultra-tier revenue to EFF + EDRi; under Belgian / EU jurisdiction with strong privacy laws; no explicit ISO 27001 attestation visible caps score at 4/5.
- SCORE
- 4.0/5
- CLOUD ACT
- CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
-
- OWNERSHIP
- OWNERSHIP
Where ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
-
- SUB-PROCS
- — not disclosed
JUMP TO
About Mailfence
Sub-processor map · not disclosed
Frameworks & certifications · none listed
Capability matrix
Pricing & tiers
Public documents
-
Open ↗Data Processing Addendum (DPA)mailfence.com/c…
-
missingSub-processors list— missing
Alternatives in this category
Swiss email + groupware (Infomaniak Group SA, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, free tier with @ik.me address.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
Berlin-based private email + drive + meet + office bundle (Heinlein Support GmbH); ISO 27001 + BSI C5, €1/mo entry.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
Berlin one-person-shop privacy email at €1/mo (Posteo e.K., since 2009); anonymous signup, BSI TR-03108 certified.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.