Most Privacy-Respecting Apps
10 companies analysed · Sorted by privacy score
These ten are the strongest privacy performers we currently publish—products where policy, architecture, and incentives line up: fewer surprise data sinks, narrower sharing, clearer rights, and retention language you can actually audit. Many achieve this by charging money instead of monetising attention, or by technical designs—E2EE, zero-knowledge sync, local processing—that shrink what the vendor can disclose under pressure. None are perfect; high scores can still hide edge cases like payment metadata, support access, or aggressive subprocessors. Treat this list as a curated starting point, then read each analysis for trade-offs that matter to your threat model. Consistent scoring (see the About page) lets you compare a VPN, an email host, and a messenger on the same 0–100 scale.
| # | Company | Grade | Score | In plain English | |
|---|---|---|---|---|---|
| 1 | A | 93/100 | Mullvad collects almost nothing — no account names, no activity logs, no IP retention — and the poli…Mullvad collects almost nothing — no account names, no activity logs, no IP retention — and the policy is short because there's genuinely very little to say; what little data does get processed (payments, support emails) has hard, specific deletion windows and never leaves the EU. | → | |
| 2 | A | 91/100 | Tuta is a German E2E-encrypted email service that genuinely can't read your emails, stores all data …Tuta is a German E2E-encrypted email service that genuinely can't read your emails, stores all data in ISO 27001-certified German data centres, uses no cookies and no third-party analytics, and has a policy short enough to actually read — the main caveats are that some metadata (sender/recipient addresses, timestamps) is stored unencrypted, and campaign tracking via hashed connection data is present. | → | |
| 3 | A | 91/100 | Ente is an end-to-end encrypted photo and file storage service where only you hold the decryption ke…Ente is an end-to-end encrypted photo and file storage service where only you hold the decryption keys — the company genuinely cannot read your files even if ordered to; no cookies, no usage analytics, biometric processing happens on-device, and all 19 third-party providers are named; the main caveats are US/Delaware incorporation, PostHog analytics on the website, and some US-based storage and email infrastructure. | → | |
| 4 | A | 88/100 | Proton collects as little as technically possible, can't read your encrypted content even if asked, …Proton collects as little as technically possible, can't read your encrypted content even if asked, is governed by strict Swiss law, and gives you real control — the rare case where the privacy policy matches the privacy pitch. | → | |
| 5 | A | 88/100 | Kagi is a paid search engine that treats your data as a liability rather than an asset — it doesn't …Kagi is a paid search engine that treats your data as a liability rather than an asset — it doesn't track your searches, offers cryptocurrency and Tor payment options for near-total anonymity, and publishes a warrant canary; the main caveats are US jurisdiction, third-party content providers loaded on demand, and 'whenever possible' hedging on its AI providers. | → | |
| 6 | A | 87/100 | Signal is a nonprofit that genuinely cannot read your messages or listen to your calls — the encrypt…Signal is a nonprofit that genuinely cannot read your messages or listen to your calls — the encryption is architectural, not a promise — but it requires a real phone number to register, is subject to US law, and its privacy policy is conspicuously sparse: it hasn't been substantively updated since 2018 and lacks the specific retention periods, GDPR rights, or DPO contact that more thorough policies provide. | → | |
| 7 | A | 87/100 | Standard Notes is an end-to-end encrypted note-taking app that genuinely cannot read your notes; ana…Standard Notes is an end-to-end encrypted note-taking app that genuinely cannot read your notes; analytics are self-hosted via Plausible with no IP retention, apps collect zero usage data or location, and the subprocessor list is short and transparent — the main weaknesses are US jurisdiction and AWS hosting, the absence of published security audit reports, a thin policy that lacks GDPR rights language, and email marketing enabled by default. | → | |
| 8 | A | 86/100 | Brave's browser collects no browsing history and routes most sensitive requests through its own prox…Brave's browser collects no browsing history and routes most sensitive requests through its own proxies to strip your IP address — the privacy architecture is genuinely sophisticated — but it's a US company, Safe Browsing on mobile exposes your IP to Google or Apple, and Leo AI feedback submissions can include full conversation transcripts retained for a year. | → | |
| 9 | B+ | 84/100 | DuckDuckGo genuinely doesn't build a profile of your searches or browsing — the policy is short beca…DuckDuckGo genuinely doesn't build a profile of your searches or browsing — the policy is short because the collection is genuinely minimal — but it's a US company, ad clicks are routed through Microsoft's network, and optional features like Email Protection require you to hand over personal data under a separate policy. | → | |
| 10 | B+ | 83/100 | Tresorit is an encrypted cloud storage service based in Switzerland that genuinely cannot access you…Tresorit is an encrypted cloud storage service based in Switzerland that genuinely cannot access your files; it holds ISO 27001 certification, stores data primarily in the EEA, and gives 30 days' notice of material policy changes — but it records and transcribes sales calls with AI bots, uses Facebook and Google for ad targeting, collects app usage analytics, and business-plan admins can access employees' encrypted files via a recovery master key. | → |
How we grade·Each company is scored 0–100 across four pillars: data collection, third-party sharing, user controls, and policy promises. The overall grade maps to the score band. → Read the full methodology