Name: Tuta Privacy Policy Analysis
Item: Tuta
Rating: 91
Author: Privacy Decoded

Question 1

Can Tuta read my emails?

Accepted Answer

No — this is a technical guarantee. Tuta uses end-to-end encryption where the keys exist only on your devices. Tutao GmbH explicitly states it has no access to unencrypted data. Even incoming emails from non-Tuta senders are encrypted before being stored on Tuta's servers. Like Proton Mail, this means Tuta cannot hand over readable email content even under a court order.

Question 2

How does Tuta compare to Proton Mail on privacy?

Accepted Answer

They're very close in overall privacy quality — both get an A grade. The key differences: Tuta is based in Germany (strict GDPR enforcement, BDSG) versus Proton's Swiss jurisdiction. Tuta uses ISO 27001-certified data centres in Germany with no data transfers outside the EU; Proton relies on Swiss law and has some US-based payment/support processors. Tuta uses zero cookies; Proton uses limited self-hosted analytics. Both have open-source clients and comparable E2E encryption architectures. Tuta is slightly more restrictive on data residency; Proton has a longer transparency reporting track record.

Question 3

Does Tuta use Google Analytics or other tracking tools?

Accepted Answer

No. Tuta explicitly does not use Google Analytics or any other third-party analytics tools. Usage statistics — collected only with your advance consent — run on Tuta's own servers using a random device ID that cannot be linked to you. There are also no cookies of any kind.

Question 4

Where is my Tuta data stored?

Accepted Answer

All data is stored in ISO 27001-certified data centres in Germany. Germany is an EU member state under full GDPR protection. Tuta does not transfer data to the US or other non-adequate third countries — unlike Fastmail (which uses US and Indian infrastructure) or NordVPN (which has extensive US-based provider relationships).

Question 5

What happens if police demand my Tuta emails?

Accepted Answer

Under a valid German court order, Tuta can be compelled to provide metadata — specifically sender and recipient email addresses and timestamps — and inventory data like your registered email address. It cannot provide the content of encrypted emails because it doesn't hold the decryption keys. German courts operate under strict GDPR and BDSG requirements, providing meaningful legal protection compared to US, Australian, or Panamanian equivalents.

Question 6

Is Tuta free or paid?

Accepted Answer

Tuta offers a free tier as well as paid plans. The privacy protections — end-to-end encryption, no cookies, no third-party analytics, German data storage — apply to all users regardless of plan. The privacy policy does not differentiate between free and paid users' data treatment.

Tuta

Category Breakdown

Frequently asked questions

You might also care about