Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Mailo

VERIFIED
Private email · France
Founded 1998 · mailo.com ↗

French family-owned email since 1998 (Mail Object; founders Voyat & Lenoir, reacquired from Lagardère 2007), French-hosted, Free tier €0 + Premium from €1/mo.

In short

Mailo, in the Private email category, is an EU-owned service with France as its hosting location and no identified CLOUD Act exposure.

Assessment notes

Mailo is operated by Mail Object, a small French family-owned company run by founders Pascal Voyat and Philippe Lenoir. The service has unusually deep heritage: launched as Francemail in 1998, renamed FranceMel and acquired by Lagardère Group, rebranded NetCourrier, reacquired by its founders in 2007 through Mail Object, renamed Net-C in 2012, and finally Mailo in 2019; a '100% European' email service hosted on secure servers in France, free tier exists, member of PrivacyTech and French Tech ecosystems; EU-owned, EU-hosted, no CLOUD Act exposure. Gap: Mailo publishes no DPA and no public sub-processors list (only standard privacy terms and T&C are available on the public site); no formal ISO 27001 attestation.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Privacy
  • End-to-end encryption
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Mailo

Mailo is one of the older independent European email services, with an unusual 25-year corporate history. It was launched in 1998 as Francemail by Pascal Voyat and Philippe Lenoir, renamed FranceMel in 1999, then acquired by the French media conglomerate Lagardère Group and rebranded NetCourrier. Crucially, in 2007 the founders reacquired the service from Lagardère through their company Mail Object, returning it to independent French family ownership. The service was renamed Net-C in 2012 and finally Mailo in 2019, and across all those rebrands the underlying vendor and family-ownership structure has remained unchanged.

For an EU-sovereignty audit Mailo's positioning is appealingly simple: a "100% European" email service with secure servers physically located in France, operated by a small French family-owned company under French and EU law. It is a member of the PrivacyTech ecosystem and the French Tech initiative, soft positive signals that don't replace formal certifications but indicate participation in the French privacy-and-startup community. The offering is feature-rich for a small vendor: web mail, calendar, contacts, file sharing, IMAP/POP/SMTP, mobile apps, anti-spam, anti-virus, custom domains on paid tiers, and unlimited disposable aliases. The company has been operating continuously for over 25 years, longer than nearly every competitor in the privacy-email space.

The signal gaps reflect what is missing rather than what is wrong: no formal ISO 27001 / SOC 2 attestation was surfaced, no public DPA or sub-processors URLs were captured at audit, and the encryption architecture (specifically whether messages are stored at rest with server-managed keys or with any client-side encryption layer) was not detailed on the homepage or who-are-we page. None of those gaps suggest poor practice, but a procurement-grade buyer will need to request those documents.

Pricing is freemium and one of the most affordable in the category: Mailo Free at €0/month; Mailo Premium from €1/month (the cheapest paid tier in the directory's private-email category); Premium+ with capacity expandable to 500 GB. Best fit: French and Francophone-EU users who want a long-established, family-owned French email service at the lowest possible price, and who don't need formal ISO 27001 documentation or in-house PGP key management.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications · none listed

We checked the vendor's website and standard certification body registries. No active certifications found at the time of last audit (2026-05-15).
FEATURES

Capability matrix

Encryption TLS
Mailbox storage 20 GB
Email aliases 100 aliases
Custom domain Yes
IMAP / SMTP Yes
Calendar Yes
Contacts Yes
INTEGRATION & ACCESS
REST API No
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

FREEMIUM
from €1/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
  • Terms of Service
    www.mailo.com/mailo…
    Open ↗
ALTERNATIVES

Alternatives in this category

Proton Mail
Switzerland · Founded 2014
EU-SOVEREIGN

Swiss end-to-end encrypted email by Proton AG (Geneva); 100M+ users, Foundation-controlled since June 2024.

E2E Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE
Tuta
Germany · Founded 2011
EU-SOVEREIGN

Hannover-based end-to-end encrypted mail (formerly Tutanota); post-quantum crypto, own DE data centre, ISO 27001.

E2E Public DPA Sub-processors Open source
FROM
€3/mo
CLOUD ACT
NONE
Mailbox.org
Germany · Founded 2014
EU-SOVEREIGN

Berlin-based private email + drive + meet + office bundle (Heinlein Support GmbH); ISO 27001 + BSI C5, €1/mo entry.

E2E Public DPA Sub-processors Open source
FROM
€1/mo
CLOUD ACT
NONE