Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Soverin

VERIFIED
Private email · Netherlands
Founded 2014 · soverin.com ↗

Independent Dutch paid email (from €3.25/mo); ISO 27001 + NIS2 Ready, all data in Netherlands, full IMAP/SMTP/CalDAV/CardDAV compatibility.

Why this score?

Soverin is operated by Soverin B.V. (Amsterdam NL, KvK 61552275, founded ~2014), an independent Dutch email provider with paid-only mailboxes (from €3.25/mo), all data hosted in the Netherlands under EU law, no US parent and explicitly positioned against CLOUD Act exposure. Holds ISO 27001 / 14001 / 9001, NIS2 Ready Mark, full Internet.nl score, NEN 7510 in progress. Capped at 3/5 because there is no publicly linked DPA, no public sub-processors list (privacy statement mentions one unnamed external first-line support partner), and the service is TLS-encrypted, not end-to-end encrypted unlike Proton Mail or Tuta — a deliberate trade-off for full IMAP/SMTP/CalDAV/CardDAV compatibility with any client.

SCORE
3.0/5
CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
JUMP TO
OVERVIEW

About Soverin

**Soverin** is operated by **Soverin B.V.** (Amsterdam, KvK 61552275) and has been running since around 2014 as an **independent, self-funded Dutch email provider** — no VC backing, no US parent. The service is paid-only (from **€3.25/mo / €39/yr**, with optional .nl domain at €13/yr); there is no free tier, which is consistent with the "no ads, no profiling, no third-party data" pitch. Mail, calendar and contacts are reachable via standard **IMAP / SMTP / CalDAV / CardDAV** with any client — Soverin deliberately does not implement end-to-end encryption in the Proton/Tuta sense, in exchange for that full protocol compatibility; data is encrypted in transit (TLS) and at rest on the storage layer, and per the privacy statement is processed only within the EU. Certifications held: **ISO 27001**, ISO 14001, ISO 9001, **NIS2 Ready Mark**, perfect Internet.nl score (DNS / email / web / IPv6); NEN 7510 (Dutch healthcare InfoSec) listed as in-progress. The privacy statement names one unnamed sub-processor (external first-line customer support, under DPA + ISO scope) but the document is **not a publicly linked customer-facing DPA**, which is what caps the compliance score at 3/5 — clean EU ownership and clean hosting + multiple ISO certs would otherwise place it at 4. Positioning is squarely against US free webmail ("no Cloud Act exposure"); UI in English and Dutch.
SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Capability matrix

INTEGRATION & ACCESS
REST API No
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
from €3/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement — this caps the compliance score (see How we score).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
  • Terms of Service
    soverin.com/about…
    Open ↗
ALTERNATIVES

Alternatives in this category

Infomaniak Mail (kSuite)
Switzerland

Swiss email + groupware (Infomaniak Group SA, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, free tier with @ik.me address.
Mailbox.org
Germany

Berlin-based private email + drive + meet + office bundle (Heinlein Support GmbH); ISO 27001 + BSI C5, €1/mo entry.
Posteo
Germany

Berlin one-person-shop privacy email at €1/mo (Posteo e.K., since 2009); anonymous signup, BSI TR-03108 certified.
See all private email alternatives →