We hold ourselves to the standards we’d want from a mail provider. Then we publish the proof.
TLS 1.3 in transit (with MTA-STS & DANE), AES-256 at rest. Per-mailbox storage keys.
Mail lives in Frankfurt and Stockholm. No US data path. GDPR + Schrems II ready.
Your mail isn’t scanned for ads, sold, or used to train any model. Contractual, not just policy.
App-specific passwords today. TOTP & WebAuthn (passkeys) rolling out Q3. SSO on Business.
DKIM 2048, auto-rotated. SPF, DMARC. Visual reports — see who’s pretending to be you.
Tamper-evident audit log. Per-domain retention windows. Legal hold on Business.
We run a coordinated disclosure program with bounty payouts up to €15,000. Email [email protected] — PGP key on the page below.