Samsung vs Tuta

Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows.

Tuta is a German E2E-encrypted email service that genuinely can't read your emails, stores all data in ISO 27001-certified German data centres, uses no cookies and no third-party analytics, and has a policy short enough to actually read — the main caveats are that some metadata (sender/recipient addresses, timestamps) is stored unencrypted, and campaign tracking via hashed connection data is present.