Menu
Tuta Mail logo

Tuta Mail

🇩🇪 Germany

Fully open source encrypted email with quantum-resistant encryption and integrated calendar

Visit Website Free 1GB, paid from €3/month
Open Source Free Tier
A

Privacy Grade A

Reviewed Jan 2026

How we score

Replaces

Gmail logo Gmail Outlook logo Outlook yahoo-mail

Technical Details

API Not available
Self-Hosting Not available
License GPL-3.0
Compliance
GDPR ISO 27001

Privacy Score Breakdown

Data Residency (30%)
EU Only

Where is your data stored? EU-only storage gets full points.

Open Source (20%)
95/100

Is the code open source and auditable?

Privacy Policy (20%)
90/100

How clear, comprehensive, and user-friendly is the privacy policy?

Trackers (15%)
98/100

How many third-party trackers are used? Fewer is better.

Terms of Service (15%)
72/100

How fair and user-friendly are the terms of service?

Percentages in parentheses indicate how much each factor weighs in the overall privacy grade.

About Tuta Mail

Tuta Mail (formerly Tutanota) is a fully open source encrypted email service developed by Tutao GmbH, a German company founded in 2011. As one of the pioneering secure email providers, Tuta has built its reputation on complete transparency—every line of code is open source, with no proprietary dependencies, making it one of the most auditable email services available.

What sets Tuta apart is its commitment to being fully open source. Unlike competitors that open source only their client applications, Tuta’s entire codebase—including the encryption implementation—is publicly available and has been since 2014. In 2018, Tuta became the first email provider to release an app on F-Droid without any proprietary Google dependencies, demonstrating their dedication to software freedom.

In 2024, Tuta made cryptographic history by implementing quantum-resistant encryption using a hybrid protocol similar to Signal’s approach. This forward-thinking security measure protects user communications against future attacks from quantum computers, making Tuta one of the first email providers to offer post-quantum security.

All user data is stored in ISO 27001-certified data centers located exclusively in Germany, providing strong EU privacy protections under GDPR. Two German court cases have affirmed that Tuta is exempt from the data retention laws that apply to Internet Service Providers, ensuring that your communications cannot be subject to mandatory logging requirements.

Tuta offers end-to-end encrypted email, calendar, and contacts in a unified platform. The service allows truly anonymous registration without requiring phone numbers or personal information, and accepts anonymous payment methods through partner gift cards. With over 10 million users worldwide, Tuta has proven that privacy-first email can scale.

Key Features

  • Quantum-Resistant Encryption: Future-proof protection against quantum computer attacks
  • Fully Open Source: Complete codebase available, no proprietary dependencies
  • Integrated Calendar: End-to-end encrypted calendar included with all accounts
  • Anonymous Registration: No phone number or personal info required
  • F-Droid Availability: First email provider on F-Droid without Google dependencies
  • Automatic Encryption: External recipients can read encrypted emails via password
  • Custom Domains: Use your own domain with full encryption support

Privacy Highlights

Tuta implements automatic end-to-end encryption for all emails between Tuta users. Emails to external recipients can be sent encrypted via a password-protected link. Unlike services that use PGP, Tuta uses its own encryption protocol that also encrypts subject lines and metadata where technically possible.

The company does not log IP addresses by default and explicitly states they do not track users or scan emails. German courts have confirmed Tuta’s exemption from ISP data retention requirements, providing legal backing for their privacy-first approach.

Privacy Breakdown

Data Residency (Score: 100)

Pros:

  • All data stored in ISO 27001-certified German data centers
  • Full GDPR compliance and protection
  • Exempt from German ISP data retention laws (court-confirmed)
  • No data sharing with non-EU entities

Cons:

  • Germany is a 14 Eyes alliance member (mitigated by court exemptions)

Confidence: High — verified through company documentation and court records.

Open Source (Score: 95)

Pros:

  • Fully open source since 2014, all code on GitHub
  • First email provider on F-Droid (2018) without proprietary dependencies
  • No closed-source components whatsoever
  • Encryption implementation fully auditable

Cons:

  • Less frequent third-party security audits compared to some competitors

Confidence: High — code available at github.com/tutao/tutanota.

Privacy Policy (Score: 90)

Pros:

  • No IP address logging by default
  • No email scanning or tracking
  • No advertising or data monetization
  • Clear, comprehensive privacy documentation

Cons:

  • Some technical metadata necessarily accessible for service operation

Confidence: High — policy reviewed January 2026.

Trackers (Score: 98)

Pros:

  • Zero third-party trackers (verified on Exodus Privacy)
  • No Google Analytics or similar services
  • Automatic blocking of tracking pixels in received emails
  • No advertising networks

Cons:

  • None identified

Confidence: High — verified through Exodus Privacy analysis.

Terms of Service (Score: 72)

Pros:

  • User retains ownership of all content
  • Clear explanation of user rights
  • GDPR-compliant data handling

Cons:

  • Standard limitations of liability
  • Account termination for ToS violations
  • Cryptocurrency payments not directly supported (requires third-party gift cards)

Confidence: Medium — ToS reviewed January 2026.

Share Your Experience

Have you used Tuta Mail? Help others make informed decisions by sharing your experience.

Select rating
Minimum 50 characters0/1000

Used for verification only. Never displayed publicly.

By submitting, you agree to our review guidelines

Community Reviews

No reviews yet. Be the first to share your experience above!

Related Email Tools

View all Email tools →
B
mailbox.org logo
mailbox.org 🇩🇪

German secure email with cloud office suite, BSI C5 certified, and strong privacy protections

A
Posteo logo
Posteo 🇩🇪

Privacy-focused German email with anonymous payments, zero tracking, and 100% renewable energy

B
Proton Mail logo
Proton Mail 🇨🇭

Secure email that protects your privacy with end-to-end encryption and zero-access architecture

Open Source Free Tier

Added on 29 January 2026