Private Email in 2026: Proton vs Tuta vs Fastmail

Standard email has never been private. Gmail scans your inbox. Outlook mines your messages. Even when companies say they've stopped reading your email for ads, they retain that capability — and so does anyone who legally compels them.

The alternative is a category of email providers that use end-to-end encryption to make reading your email technically impossible — not just a policy promise but an architectural fact. We've graded Proton Mail (A, 88/100), Tuta (A, 91/100), and Fastmail (B+) — three of the most popular privacy-focused providers. Here's what separates them.

The fundamental split: can they read your email?

Proton and Tuta use end-to-end encryption for stored email content. Your messages are encrypted using keys that exist only on your devices. Proton states explicitly: "We do not have the technical means to access the content of your encrypted emails, files, calendar events, passwords, or notes." Tuta states: "Tutao GmbH has no access to the unencrypted data." These are architectural guarantees, not policy promises — even a court order can't extract what they can't decrypt.

Fastmail does not offer end-to-end encryption for stored email. Fastmail encrypts data in transit and at rest, but it holds the encryption keys. That means Fastmail staff can technically access your email content, and Fastmail can be legally compelled to hand over readable copies. For the vast majority of users this is an acceptable trade-off. For journalists, activists, lawyers, or anyone with a genuine privacy threat model, it's the deciding factor.

Proton: Swiss jurisdiction, established track record

Proton is headquartered in Geneva, Switzerland, and governed by Swiss law — the Federal Act on Data Protection (nFADP), which provides strong data protection traditions and is recognised as adequate under GDPR. Switzerland is not an EU member and has no obligation to cooperate with EU-wide surveillance directives.

Proton has a decade-long track record of publishing annual transparency reports, maintaining open source clients, and defending against government data requests in Swiss courts. When a Spanish court required Proton to hand over a user's IP address in 2021, Proton complied with the Swiss legal process — but the incident also led Proton to make IP address logging opt-in rather than default. They demonstrably improved their practices in response to pressure.

The collection profile is genuinely minimal: no permanent IP logs by default, self-hosted and anonymised website analytics (not Google Analytics), no access to encrypted content. The Proton Scribe writing assistant explicitly does not use your content to train AI models, and processes locally on your device by default.

Tuta: German jurisdiction, the strictest baseline

Tuta (formerly Tutanota) is incorporated in Hannover, Germany, and subject to GDPR plus the German Federal Data Protection Act (BDSG). German data protection enforcement is among the most active in the EU — state-level data protection authorities (Landesbeauftragte) have a track record of meaningful enforcement that most other European jurisdictions lack.

Tuta's collection profile is in some ways even cleaner than Proton's. It uses zero cookies — not "only strictly necessary cookies," but zero. Analytics are opt-in, anonymised, and run on Tuta's own servers using a random device ID that cannot be linked to you. IP addresses are stored only in anonymised form. All data is stored in ISO 27001-certified data centres in Germany, with no transfers outside the EU.

The one structural limitation shared with Proton: email metadata (who emailed whom, when) cannot be fully encrypted because the mail server needs to know where to route messages. Tuta retains mail server logs for a maximum of 7 days, containing sender and recipient addresses and timestamps — explicitly no IP addresses. This is an inherent limitation of email as a protocol, not a Tuta-specific weakness.

Fastmail: no E2EE, but no advertising either

Fastmail is a different proposition. It's an Australian company that does not offer end-to-end encryption, does not sell your data, has no advertising business, and publishes an annual transparency report showing how often it receives government data requests. It's a well-run, subscription-funded email service with genuinely good privacy practices — it's just not in the same category as Proton or Tuta when it comes to what the company can technically access.

The jurisdiction is a meaningful consideration for high-risk users. Australia is a Five Eyes member, and the Assistance and Access Act 2018 can compel Australian companies to assist with surveillance — including potentially requiring confidentiality about that assistance. For most users this is a theoretical risk. For journalists or activists in certain contexts, it's a deciding factor.

Fastmail also stores data across multiple jurisdictions: primarily Australia, but also the US, UK, India, and Austria through service providers. If keeping all your data in one jurisdiction matters to you, review the infrastructure section of their security page.

Side by side

	Proton	Tuta	Fastmail
Can read your email?	✗ No (E2EE)	✗ No (E2EE)	✓ Yes (holds keys)
Jurisdiction	Switzerland	Germany (EU)	Australia (Five Eyes)
Cookies	Limited	Zero	Standard
Analytics	Self-hosted, anonymised	Opt-in, anonymised	Third-party
Data outside EU?	Some US processors	Never	US, UK, India
Transparency report	✓ Annual	Limited	✓ Annual
Open source clients	✓ Yes	✓ Yes	✗ No
Privacy grade	A (88/100)	A (91/100)	B+

Which one?

For most people switching from Gmail or Outlook: any of these three is a significant upgrade. The advertising-free, subscription-funded model is the foundation — all three are free of the structural incentive to mine your communications.

If you want the strongest technical privacy guarantees — the "even we can't read it" architecture — choose Proton or Tuta. Both grade A. Tuta is slightly stricter on data residency (Germany only, no US processors at all) and uses zero cookies; Proton has a longer transparency reporting track record and a broader product ecosystem (Drive, Calendar, VPN, Password Manager).

If you want an excellent email experience with strong (but not E2EE) privacy, and you don't have an elevated threat model, Fastmail is a well-run product with genuinely good practices. It's what we'd recommend to users who find the E2EE products too restrictive.

See the full analyses: Proton · Tuta · Fastmail. Compare any two: Proton vs Tuta · Proton vs Fastmail · Tuta vs Fastmail.