Tuta
German encrypted email with end-to-end encryption, calendar, and contacts - a privacy-first alternative to Gmail
Quick Overview
| Company | Tuta GmbH (formerly Tutao GmbH) |
|---|---|
| Category | Email Provider |
| Headquarters | Hanover, Germany |
| EU Presence | Yes - Germany (EU) |
| Data Centers | Germany |
| Open Source | Yes |
| GDPR Compliant | Yes |
| End-to-End Encryption | Yes |
| Main Features | E2E encryption, encrypted calendar, contacts, anonymous signup, custom domains |
| Pricing | Free tier (1GB) / From 3/month |
| Best For | Privacy-focused individuals seeking affordable encrypted email with calendar |
| Replaces | Gmail, Outlook |
Detailed Review
Tuta, formerly known as Tutanota, is a German encrypted email service that has been championing digital privacy since its founding in 2011 in Hanover, Germany. The name "Tutanota" was derived from the Latin words "tuta nota," meaning "secure message," and the rebrand to simply "Tuta" in 2023 reflected the company's broader ambitions beyond just email. Built by a small, dedicated team committed to privacy as a fundamental right, Tuta offers a compelling European alternative to mainstream email providers like Gmail and Outlook.
German Privacy Laws and Jurisdiction
Being headquartered in Germany provides Tuta with a strong legal foundation for privacy. Germany has some of the strictest data protection laws in the world, shaped in part by the country's historical experience with state surveillance under both the Nazi regime and the East German Stasi. The German Federal Data Protection Act (BDSG), combined with the EU's General Data Protection Regulation (GDPR), creates a robust framework that Tuta operates within.
German courts have consistently upheld strong privacy rights. Tuta has publicly fought against surveillance overreach, including challenging German surveillance laws in court. This proactive legal stance demonstrates the company's genuine commitment to privacy, going beyond mere compliance to actively defending user rights in the legal system.
Encryption Architecture
Tuta uses a unique encryption approach that sets it apart from other encrypted email providers. While most encrypted email services rely on PGP (Pretty Good Privacy), Tuta developed its own encryption protocol based on AES-128 and RSA-2048. This custom approach allows Tuta to encrypt not just the email body but also subject lines, which PGP-based services typically leave unencrypted. The company is also actively developing post-quantum encryption to future-proof its security against quantum computing threats.
All data stored on Tuta's servers is encrypted, including emails, contacts, and calendar entries. The encryption keys are derived from the user's password and never leave the user's device in unencrypted form. This means that Tuta's servers only ever store encrypted data, and the company has no technical ability to read user communications. Even metadata is minimized, with IP addresses stripped from email headers.
Built-in Encrypted Calendar and Contacts
One of Tuta's standout features is its fully encrypted calendar, included with all plans including the free tier. Unlike most calendar services that store your schedule in plain text on their servers, Tuta encrypts all calendar data end-to-end. Event titles, descriptions, locations, and attendee information are all encrypted, ensuring that your schedule remains private.
The contacts feature similarly encrypts all contact information. Names, email addresses, phone numbers, and other contact details are stored in encrypted form. This is a significant privacy advantage over services like Gmail, which use your contacts data for advertising and profiling purposes. The integrated nature of these features means you get a cohesive privacy-focused productivity suite without needing separate applications.
Open Source Transparency
Tuta's entire codebase is open source and available on GitHub. This includes the web client, desktop applications, and mobile apps. Open source transparency is crucial for a security-focused service because it allows independent security researchers to audit the code and verify that the encryption works as claimed. Several community-driven security audits have been conducted on Tuta's code, and the company has a responsible disclosure program for reporting vulnerabilities.
The desktop applications are built using Electron, providing a consistent experience across Windows, macOS, and Linux. While some users prefer native applications, the Electron-based approach ensures feature parity across platforms and allows the small development team to maintain all versions efficiently.
Pricing and Value Proposition
Tuta's pricing structure is designed to make encrypted email accessible to everyone. The free plan includes 1GB of storage, one email address, and a limited calendar. This is more generous than Proton Mail's free tier in terms of storage, though it comes with some limitations on search functionality and the number of calendars.
The Revolutionary plan at 3 euros per month offers 20GB of storage, unlimited search, multiple calendars, custom email domains, and email aliases. This makes it one of the most affordable encrypted email services on the market. The Legend plan at 8 euros per month increases storage to 500GB and adds more aliases and calendar capabilities. Business plans are also available with additional features like shared mailboxes and whitelabel options.
Tuta accepts various payment methods including credit cards and PayPal. Notably, the company also accepts cryptocurrency payments, which allows for truly anonymous account creation when combined with the fact that Tuta does not require any personal information to create an account.
Limitations to Consider
Tuta does have some notable limitations. The service does not support standard email protocols like IMAP, POP3, or SMTP, which means you cannot use third-party email clients. All access must be through Tuta's own web client, desktop app, or mobile app. While these apps are well-designed, this restriction may be a dealbreaker for users who rely on specific email clients.
Search functionality on the free plan is limited to the most recent emails. Full-text search of all emails requires a paid plan. The lack of PGP support means that while Tuta-to-Tuta communication is fully encrypted, communicating with users of other encrypted email services that use PGP requires using Tuta's password-protected message feature instead of native PGP encryption.
Import functionality has been a long-requested feature. While Tuta has been working on an email import tool, migrating from another email provider has historically been more cumbersome compared to services like Proton Mail that offer easy import wizards. The company has been making progress on this front, but it remains an area where Tuta lags behind some competitors.
Who Should Use Tuta
Tuta is an excellent choice for privacy-conscious individuals who want affordable encrypted email with an integrated calendar and contacts. Its German jurisdiction, open-source codebase, and innovative encryption approach make it a strong contender in the privacy-focused email space. Users who prioritize subject line encryption and post-quantum security will find Tuta particularly appealing. The anonymous signup option also makes it suitable for journalists, activists, and anyone who needs to communicate without revealing their identity.
Alternatives to Tuta
Looking for other European email providers? Here are some alternatives worth considering:
Proton Mail
Swiss encrypted email with VPN and Drive included
Mailbox.org
German email with full office suite
Posteo
Green email with anonymous payment
Startmail
Dutch email with PGP encryption
Frequently Asked Questions
Tutanota rebranded to Tuta in 2023. The service, team, and technology remain the same. The shorter name reflects the company's expansion beyond email into a broader privacy-focused platform including calendar, contacts, and planned future products.
Yes, Tuta encrypts email subject lines along with the email body and attachments. This is a notable advantage over PGP-based services like Proton Mail, which typically leave subject lines unencrypted. Subject lines can reveal sensitive information, so encrypting them provides an additional layer of privacy.
No, Tuta does not support IMAP, POP3, or SMTP protocols, which means you cannot use third-party email clients. You must use Tuta's own web client, desktop application, or mobile app. This is a trade-off for the enhanced encryption that Tuta provides.
The free plan with 1GB of storage is suitable for light email users. It includes full end-to-end encryption and a basic calendar. However, search is limited, and you only get one calendar and one email address. For most regular users, the Revolutionary plan at 3 euros per month is recommended for its 20GB storage and full search functionality.
Both are excellent encrypted email providers. Tuta is more affordable (3/month vs 4.99/month), encrypts subject lines, and offers more free storage (1GB vs 500MB). Proton Mail supports third-party email clients via Bridge, has a larger user base, and offers a broader ecosystem (VPN, Drive). The choice depends on your specific needs and budget.
Yes, Tuta does not require any personal information such as a phone number or existing email address to create an account. Combined with cryptocurrency payment options for paid plans, you can use Tuta with a high degree of anonymity.
Yes, Tuta is fully GDPR compliant. As a German company, it is directly subject to EU data protection regulations. All data is stored in German data centers, and the encryption architecture ensures that even Tuta itself cannot access your data, providing protection that exceeds GDPR requirements.
Yes, custom domain support is available on paid plans. You can use your own domain with Tuta and benefit from the same encryption as the default tuta.com addresses. Tuta provides setup instructions for configuring DNS records including MX, SPF, DKIM, and DMARC.