Private Email Provider Privacy Grades
3 companies analysed · Sorted by privacy score
Email is a federated protocol: even perfect inbox encryption cannot hide every routing header, and providers still need some metadata to deliver messages. Privacy-first vendors narrow that surface with zero-knowledge storage, strict subprocessors, and business models that do not depend on ad targeting—then compete on jurisdiction, transparency reporting, and how they handle abuse, billing, and support access. Some lean on open-source clients and public audits; others differentiate with residency guarantees or cash-friendly signup. When choosing, decide whether you need true E2EE (with usability trade-offs) or simply a non-surveillance, paid host that never sells inbox-derived segments. Our grades stress what the operator can still see and share beyond the body of a message. See the About page for how we score collection, sharing, controls, and promises.
| # | Company | Grade | Score | In plain English | |
|---|---|---|---|---|---|
| 1 | A | 91/100 | Tuta is a German E2E-encrypted email service that genuinely can't read your emails, stores all data …Tuta is a German E2E-encrypted email service that genuinely can't read your emails, stores all data in ISO 27001-certified German data centres, uses no cookies and no third-party analytics, and has a policy short enough to actually read — the main caveats are that some metadata (sender/recipient addresses, timestamps) is stored unencrypted, and campaign tracking via hashed connection data is present. | → | |
| 2 | A | 88/100 | Proton collects as little as technically possible, can't read your encrypted content even if asked, …Proton collects as little as technically possible, can't read your encrypted content even if asked, is governed by strict Swiss law, and gives you real control — the rare case where the privacy policy matches the privacy pitch. | → | |
| 3 | B+ | 79/100 | Fastmail is a paid email provider that doesn't sell your data or serve ads, has clear retention peri…Fastmail is a paid email provider that doesn't sell your data or serve ads, has clear retention periods and a transparency report — but unlike Proton, staff can technically access your emails, data moves through US and Indian infrastructure, and IP logs are kept for a year. | → |