Dlaczego Tutanota

Tutanota was founded in 2011 with a very clear vision: Bring privacy to the world.

Every step we take as a company must stand up to this criterion: Are we protecting your privacy to the maximum? In the short run this makes building our product more complex as we can’t take any short-cuts. Your privacy and security are paramount. This focus has led to work-intensive development decisions such as building our own push notification system on Android instead of simply using Google Push.

In the long run, though, this strategy pays off. We are well respected as the best secure email service that focuses on privacy 100%, comes with zero tracking, and encrypts the most data. For example, Tutanota also encrypts email subject lines and calendar event reminders – this high level of security is unrivaled by any of our competitors.

We never choose the easy way out or the most profitable way if that means compromising your privacy or security. And we’re not pressured to do so, because we’re not beholden to any VCs or to shareholders outside the team.

Our goal with Tutanota is to make security and privacy easily accessible to everyone. That's why we strongly focus on usability and convenience. The entire encryption process runs in the background, and you can use Tutanota as easily as any email service.

With Tutanota you have absolute certainty that you will never pay with your data.

Since its foundation in 2011 in Hanover, Germany, our goal is to offer the world a secure and private alternative to insecure online services. Today, Tutanota is the world’s most secure email and calendar service. Tomorrow Tutanota will be the private replacement for Big Tech with email, calendar, drive and more online collaboration tools – everything securely encrypted.

We are registered as Tutao GmbH, but the brand name Tutanota was chosen as a word-play derived from Latin, with the words "tuta" and "nota" meaning "secure message".

Our founders, Arne and Matthias, have been friends since they were doing their undergrad studies in computer science and were often discussing more secure ways to share information and documents online. Their ideas eventually coalesced around fighting mass surveillance by building the world’s first end-to-end encrypted email service. Both of them have a long track record of fighting for data independence and privacy rights. Arne and Matthias own the company, without relying on VC funding, so we don’t need to prioritize making profits for shareholders at the expense of our users’ best interests, like other companies often do.

Our team grew by attracting more and more awesome people who shared the same goal of a better internet. Our vision for the future internet is that privacy will be the default!

In August 2018, Tutanota became the first email service provider to release its Android app on F-Droid, removing all dependencies on Google. Instead of Google Push, our Android app uses its own notification service to not leak any data to Big Tech. Our apps also support search on encrypted data, two-factor authentication – including U2F with a hardware token – as well as biometric and pin unlock.

We’ve since launched the first zero-knowledge calendar and our biggest goals for the future are to also be the first email service to secure all data with quantum-safe encryption and Perfect Forward Secrecy.

At Tutanota, we believe that business models based on data collection and exploitation must be stopped. We fight for a different internet. One where privacy by design is the foundation. Our mission is to fight for our right to privacy, helping protect journalists, whistleblowers and human rights activists around the world as well as making the internet a better place for everyone.

Read more about our values and meet our team.

Unparalleled security and privacy, as well as our ethics and the most competitive pricing of any end-to-end (E2E) encrypted email make Tutanota the best email service all-around. Privacy & security must not be add-ons that a company tries to integrate into an existing service, but the foundation on which the service is built from the start.

With Tutanota, you get the biggest bang for your buck, with the most features included with a free account and the lowest price points for paid accounts. We don’t collect and share your data. We never serve you ads or try to guide your app usage in a way that would serve us. We provide more thorough encryption than any other provider. Our business accounts are easy to migrate to and include more security features than any other email or calendar service. We don’t rely on integrations with any Google services. All our apps are easy to use, with the experience designed around users’ needs, not with the intent to encourage or discourage usage behaviors based on maximizing the company’s growth.

Still not sure? Find out more about how Tutanota compares to other email services, including one-on-one comparisons for each criteria you might consider when making a choice.

Tutanota was the world's first end-to-end encrypted email provider and, to this day, it is the email service that encrypts more data than any other.

Our encryption protocol enables us to not only encrypt emails, but also features that we add to Tutanota as the product evolves such as contacts, calendars and drive. Plus, we can easily upgrade to post-quantum algorithms and enable Perfect Forward Secrecy.

Tutanota's servers only store the encrypted data, and the decryption key is only available to the user. This ensures that even if your internet connection was intercepted or in the extremely unlikely scenario that someone were to hack our servers, your data would remain secure. Because your data is stored encrypted on the servers, we use an encrypted search index that you store locally, to enable you to search through your mailbox locally while protecting your privacy.

We do not support IMAP as it would only work if we sent decrypted data to your device. Instead we have built our own open source desktop clients, which store your data encrypted. The desktop clients are also signed so that everyone can verify that the client is running exactly the same code as the code we published on GitHub.

To decrypt your data, you simply login to your secure email address with your password, that’s it. You can easily login via a web browser, via the Tutanota apps for Android and iOS, or via the Tutanota desktop clients for Windows, macOS and Linux.

Tutanota automatically encrypts all emails sent between Tutanota users end-to-end encrypted, giving you the highest security for emails possible. Even when you’re sending emails to recipients who do not use Tutanota, you still have the option to send them end-to-end encrypted with a shared password. You only need to choose a password for a recipient once, without having to set a password for each email that you send to the same contact.

Your Tutanota account also includes the world’s first zero-knowledge, end-to-end encrypted calendar. All the data, including event participants and other details, are E2E (end-to-end) encrypted. Event reminders are handled locally to make sure our servers are not involved so we don’t even know when your events are taking place.

The most secure calendar helps you protect your private information or confidential details about business meetings. All our paid plans allow you to create an unlimited number of calendars, send calendar invites to anyone and share entire encrypted calendars with other Tutanota users.

Find out more about the types of data we encrypt and how.

With end-to-end encryption, two-factor authentication, open source code, and our zero-knowledge architecture we ensure that your data is secure and private, whether you use Tutanota as your business email of choice or as a private user.

Tutanota encrypts all data by default: Email, calendars, contacts. The end-to-end encryption provided by Tutanota ensures that your data is secure and private, even if it falls into the wrong hands.

We follow the concept of “security first”. Security must be baked into the code so that you can easily add usability on top of that - not the other way around. All our tech stack is either developed in-house, even our captcha and our push notification service for Android, and the few third-party integrations that we do use are open source, so everyone - as well as ourselves - can verify that your data is secured to the maximum.

Our servers only store encrypted data, which we – as the provider – are unable to decrypt. Additionally, we own our servers, hosted in ISO 27001 certified data centers in Germany, a country with some of the strictest privacy protection laws in the world. No one has access to our servers except our permanent administrators, who need to pass multiple-factor-authentication before gaining access. All productive systems are monitored 24/7 for unauthorized access and extraordinary activity.

We enable you to protect your password to the maximum extent by providing two-factor authentication (2FA) for an extra layer of security. To secure your login credentials, you can use TOTP or U2F. The best option is using U2F with a hardware security key. Tutanota never transmits your password to the server, but only sends a hash. Tutanota also enables you to monitor and close sessions remotely (for example if you lose your phone but are still signed in), as an opt-in feature. Closed sessions are automatically deleted after one week. IP addresses of open and closed sessions are always stored encrypted and can only be checked by the user. By default, Tutanota does not log IP addresses when you login or when you send an email.

Other privacy and security features of Tutanota include: stripping the IP addresses of emails sent from the mail headers so that your location remains unknown, blocking images or any other external content from loading by default, and warning you when the technical sender differs from the from sender.

• end-to-end encrypted mailbox
• end-to-end encrypted address book
• end-to-end encrypted calendar
• automatic end-to-end encryption of emails within Tutanota
• end-to-end encrypted emails to any email address with a password
• secure password reset that gives us absolutely no access
• full-text search of encrypted data executed locally
• TLS with support of PFS, DMARC, DKIM, DNSSEC, MTA-STS
• GDPR-compliant email service with built-in encryption

Find out more about everything that makes Tutanota the most secure email service.

All our email clients are open source since 2014. And while other email providers rely on closed-source services for captcha, push notifications, desktop clients and analytics, we’ve built our own solutions for these tasks, making Tutanota the best open source email service all-around and the first email provider to release the Android app on F-Droid.

Before the public release, all our apps have been audited by independent security experts. Nevertheless, we feel open source is crucial for any security application as everyone must have the opportunity to look at the code and check that we can’t hide any backdoors. Being open source also means that any possible flaws will be quickly detected and fixed, faster and more efficiently than with closed-source services.

Additionally, open source Tutanota apps enable other projects like F-Droid to build the Tutanota app themselves making the need to trust us redundant.

Our team is made up of open source enthusiasts and we want to give back to the community, by offering premium Tutanota features for free to non-commercial open source project teams.

Our focus on open source and encryption combined with our deep respect for your right to privacy, make Tutanota the best secure email service. Find out more about our commitment to open source software.

Poszanowanie prywatności naszych użytkowników jest podstawą Tutanota. Zbieramy tak mało danych, jak to możliwe, aby zapewnić usługę poczty e-mail i kalendarza, a wszystkie dane są przechowywane zaszyfrowane na naszych serwerach. Ujawniamy poszczególne skrzynki pocztowe tylko wtedy, gdy przedstawimy ważny niemiecki nakaz sądowy dotyczący tej konkretnej skrzynki pocztowej.

Chociaż niemieckie prawo nie zezwala na nakazy milczenia, chcemy zapewnić ci spokój ducha, publikując tzw. "kanarka nakazowego" w naszym Raporcie przejrzystości.

From sustainability, to a fair and transparent salary model, to our fight for privacy, our mission is to make the web a better place. This is why all our servers are powered by 100% renewable energy. Additionally, even our offices' electricity comes from a renewable energy provider that actively invests into building new facilities for producing renewable energy.

Just as it is crucial for us to protect your privacy and security, it’s equally important to protect our environment, now and in the future. We want the most secure email service to also be the most ethical option as well as the easiest to use, so that more people choose to protect their data and the environment at the same time.

Find out more about our sustainability journey.

Nasza społeczność jest najbardziej niesamowitą rzeczą w Tutanota! Jesteśmy niezmiernie wdzięczni za wasze niesamowite wsparcie: Umożliwiliście nam zachowanie naszej niezależności i etyki bez konieczności polegania na funduszach wysokiego ryzyka i bycia zobowiązanym wobec tego typu inwestorów. Jednocześnie nasi płacący subskrybenci pomagają nam udostępniać więcej funkcji w krótszych ramach czasowych i utrzymywać podstawową usługę dostępną za darmo dla wszystkich bez kompromisów w zakresie bezpieczeństwa.

Ale przejście na płatny plan nie jest jedynym sposobem na wsparcie naszej misji: Dla tych, którzy nie chcą lub nie mogą sobie pozwolić na płacenie za Tutanota, ale kochają naszą bezpłatną usługę, nadal mogą wnieść swój wkład w postaci opinii, recenzji kodu i tłumaczeń, i jesteśmy im wszystkim niezmiernie wdzięczni!

Nawet jeśli tylko rozpowszechniasz informacje o Tutanota i znaczeniu szyfrowania typu od końca do końca i prywatności danych, już pomagasz uczynić internet lepszym miejscem. Ale jeśli chcesz zrobić więcej, sprawdź naszą stronę społeczności!

• In 2014 we published the fully encrypted Tutanota email client, iOS and Android apps.
• In 2015 we introduced first paid features such as custom domain support.
• In 2017 we published a completely new version of Tutanota with better speed & design.
• In 2018 we published the Tutanota desktop clients for Linux, macOS and Windows in beta.
• In 2019 we published the beta version of the encrypted calendar and started compressing emails to give you more storage space.
• In 2021 we pushed the Tutanota desktop clients out of beta after an extensive security review.
• In 2021 we completed a first prototype for updating our encryption to post-quantum secure algorithms.
• In 2022 we added offline mode so that you can access your encrypted mailbox, calendar and contacts also when not connected to the internet.