Why Tuta

An overview of all the reasons that make Tuta the best email service in the world.

Vision

Tuta was founded in 2011 with a very clear vision: Bring privacy to the world.

Every step we take as a company must stand up to this criterion: Are we protecting your privacy to the maximum? In the short run this makes building our product more complex as we can’t take any short-cuts. Your privacy and security are paramount. This focus has led to work-intensive development decisions such as building our own push notification system on Android instead of simply using Google Push.

In the long run, though, this strategy pays off. We are well respected as the best secure email service that focuses on privacy 100%, comes with zero tracking, and encrypts the most data. For example, Tuta also encrypts email subject lines and calendar event reminders – this high level of security is unrivaled by any of our competitors.

We never choose the easy way out or the most profitable way if that means compromising your privacy or security. And we’re not pressured to do so, because we’re not beholden to any VCs or to shareholders outside the team.

Our goal with Tuta is to make security and privacy easily accessible to everyone. That's why we strongly focus on usability and convenience. The entire encryption process runs in the background, and you can use Tuta as easily as any email service.

With Tuta you have absolute certainty that you will never pay with your data.

Team & background

Since its foundation in 2011 in Hanover, Germany, our goal is to offer the world a secure and private alternative to insecure online services. Today, Tuta is the world’s most secure email and calendar service. Tomorrow Tuta will be the private replacement for Big Tech with email, calendar, drive and more online collaboration tools – everything securely encrypted.

We are registered as Tutao GmbH, but the brand name Tutanota was originally chosen as a word-play derived from Latin, with the words "tuta" and "nota" meaning "secure message". We have rebranded to Tuta, meaning "secure" because we now offer security beyond email.

Our founders, Arne and Matthias, have been friends since they were doing their undergrad studies in computer science and were often discussing more secure ways to share information and documents online. Their ideas eventually coalesced around fighting mass surveillance by building the world’s first end-to-end encrypted email service. Both of them have a long track record of fighting for data independence and privacy rights. Arne and Matthias own the company, without relying on VC funding, so we don’t need to prioritize making profits for shareholders at the expense of our users’ best interests, like other companies often do.

Our team grew by attracting more and more awesome people who shared the same goal of a better internet. Our vision for the future internet is that privacy will be the default!

In August 2018, Tuta became the first email service provider to release its Android app on F-Droid, removing all dependencies on Google. Instead of Google Push, our Android app uses its own notification service to not leak any data to Big Tech. Our apps also support search on encrypted data, two-factor authentication – including U2F with a hardware token – as well as biometric and pin unlock.

We’ve since launched the first zero-knowledge calendar and became the first email service to secure all data with quantum-safe encryption. Our goal for the future is to implement a quantum-safe protocol which also guaranties Perfect Forward Secrecy.

At Tuta, we believe that business models based on data collection and exploitation must be stopped. We fight for a different internet. One where privacy by design is the foundation. Our mission is to fight for our right to privacy, helping protect journalists, whistleblowers and human rights activists around the world as well as making the internet a better place for everyone.

Read more about our values and meet our team.

Tuta Mail vs alternatives

Unparalleled security and privacy, as well as our ethics and the most competitive pricing of any end-to-end (E2E) encrypted email make Tuta the best email service all-around. Privacy & security must not be add-ons that a company tries to integrate into an existing service, but the foundation on which the service is built from the start.

With Tuta, you get the biggest bang for your buck, with the most features included with a free account and the lowest price points for paid accounts. We don’t collect and share your data. We never serve you ads or try to guide your app usage in a way that would serve us. We provide more thorough encryption than any other provider. Our business accounts are easy to migrate to and include more security features than any other email or calendar service. We don’t rely on integrations with any Google services. All our apps are easy to use, with the experience designed around users’ needs, not with the intent to encourage or discourage usage behaviors based on maximizing the company’s growth.

Still not sure? Find out more about how Tuta compares to other email services, including one-on-one comparisons for each criteria you might consider when making a choice.

Encrypting more data

Tuta was the world's first end-to-end encrypted email provider and, to this day, it is the email service that encrypts more data than any other.

Our encryption protocol enables us to not only encrypt emails, but also features that we add to Tuta as the product evolves such as contacts, calendars and drive. Plus, we could easily upgrade to post-quantum cryptography and will enable Perfect Forward Secrecy in the future.

Tuta's servers only store the encrypted data, and the decryption key is only available to the user. This ensures that even if your internet connection was intercepted or in the extremely unlikely scenario that someone were to hack our servers, your data would remain secure. Because your data is stored encrypted on the servers, we use an encrypted search index that you store locally, to enable you to search through your mailbox locally while protecting your privacy.

We do not support IMAP as it would only work if we sent decrypted data to your device. Instead we have built our own open source desktop clients, which store your data encrypted. The desktop clients are also signed so that everyone can verify that the client is running exactly the same code as the code we published on GitHub.

To decrypt your data, you simply login to your secure email address with your password, that’s it. You can easily login via a web browser, via the Tuta apps for Android and iOS, or via the Tuta desktop clients for Windows, macOS and Linux.

Tuta automatically encrypts all emails sent between Tuta users end-to-end encrypted, giving you the highest security for emails possible. Even when you’re sending emails to recipients who do not use Tuta, you still have the option to send them end-to-end encrypted with a shared password. You only need to choose a password for a recipient once, without having to set a password for each email that you send to the same contact.

Your Tuta account also includes the world’s first zero-knowledge, end-to-end encrypted calendar. All the data, including event participants and other details, are E2E (end-to-end) encrypted. Event reminders are handled locally to make sure our servers are not involved so we don’t even know when your events are taking place.

The most secure calendar helps you protect your private information or confidential details about business meetings. All our paid plans allow you to create an unlimited number of calendars, send calendar invites to anyone and share entire encrypted calendars with other Tuta users.

Find out more about the types of data we encrypt and how.

Security

With end-to-end encryption, two-factor authentication, open source code, and our zero-knowledge architecture we ensure that your data is secure and private, whether you use Tuta as your business email of choice or as a private user.

Tuta encrypts all data by default: Email, calendars, contacts. The end-to-end encryption provided by Tuta ensures that your data is secure and private, even if it falls into the wrong hands.

We follow the concept of “security first”. Security must be baked into the code so that you can easily add usability on top of that - not the other way around. All our tech stack is either developed in-house, even our captcha and our push notification service for Android, and the few third-party integrations that we do use are open source, so everyone - as well as ourselves - can verify that your data is secured to the maximum.

Our servers only store encrypted data, which we – as the provider – are unable to decrypt. Additionally, we own our servers, hosted in ISO 27001 certified data centers in Germany, a country with some of the strictest privacy protection laws in the world. No one has access to our servers except our permanent administrators, who need to pass multiple-factor-authentication before gaining access. All productive systems are monitored 24/7 for unauthorized access and extraordinary activity.

We enable you to protect your password to the maximum extent by providing two-factor authentication (2FA) for an extra layer of security. To secure your login credentials, you can use TOTP or U2F. The best option is using U2F with a hardware security key. Tuta never transmits your password to the server, but only sends a hash. Tuta also enables you to monitor and close sessions remotely (for example if you lose your phone but are still signed in), as an opt-in feature. Closed sessions are automatically deleted after one week. IP addresses of open and closed sessions are always stored encrypted and can only be checked by the user. By default, Tuta does not log IP addresses when you login or when you send an email.

Other privacy and security features of Tuta include: stripping the IP addresses of emails sent from the mail headers so that your location remains unknown, blocking images or any other external content from loading by default, and warning you when the technical sender differs from the from sender.

To sum up, here are the most important features that make Tuta's security best in class:

Find out more about everything that makes Tuta the most secure email service.

Open Source

All our email clients are open source since 2014. And while other email providers rely on closed-source services for captcha, push notifications, desktop clients and analytics, we’ve built our own solutions for these tasks, making Tuta the best open source email service all-around and the first email provider to release the Android app on F-Droid.

Before the public release, all our apps have been audited by independent security experts. Nevertheless, we feel open source is crucial for any security application as everyone must have the opportunity to look at the code and check that we can’t hide any backdoors. Being open source also means that any possible flaws will be quickly detected and fixed, faster and more efficiently than with closed-source services.

Additionally, open source Tuta apps enable other projects like F-Droid to build the Tuta app themselves making the need to trust us redundant.

Our team is made up of open source enthusiasts and we want to give back to the community, by offering premium Tuta features for free to non-commercial open source project teams.

Our focus on open source and encryption combined with our deep respect for your right to privacy, make Tuta the best secure email service. Find out more about our commitment to open source software.

Transparency report

Respect for our users’ privacy is at the core of Tuta. We only collect as little data as possible to provide the email and calendar service, and all your data is stored encrypted on our servers. We only release individual mailboxes if presented with a valid German court order for this particular mailbox.

While German law does not allow gag orders, we want to give you peace of mind by publishing a warrant canary in our Transparency report.

Sustainability

From sustainability, to a fair and transparent salary model, to our fight for privacy, our mission is to make the web a better place. This is why all our servers are powered by 100% renewable energy. Additionally, even our offices' electricity comes from a renewable energy provider that actively invests into building new facilities for producing renewable energy.

Just as it is crucial for us to protect your privacy and security, it’s equally important to protect our environment, now and in the future. We want the most secure email service to also be the most ethical option as well as the easiest to use, so that more people choose to protect their data and the environment at the same time.

Find out more about our sustainability journey.

Community

Our Community is the most amazing thing about Tuta! We are deeply thankful for your amazing support: You have enabled us to maintain our independence and ethics without having to rely on venture capital funding and be beholden to that type of investors. At the same time, our paying subscribers are helping us release more features in shorter time frames and keep the basic service available for free for everyone with no compromise on security.

But upgrading to a paid plan is not the only way to support our mission: For those who don’t want to or can’t afford to pay for Tuta, but love our free service, they can still contribute with feedback, code reviews and translations, and we are immensely grateful to all of them!

Even if you’re just spreading the word about Tuta and the importance of end-to-end encryption and data privacy, you’re already helping make the internet a better place. But if you want to do more, check out our Community page!

Milestones

Stick with us to find out what’s in store next!