Tuta

Open-source end-to-end encrypted email with zero-access architecture

ToolEmail EncryptionOpen SourceCloud

Pricing: Free and open source; paid tiers on the vendor site.

Reviewed by the CyberSecTool editorial team against the public sources cited below · Last reviewed February 2026 · How we review listings

What is Tuta?

Tuta (formerly Tutanota) is an open-source, end-to-end encrypted email provider based in Germany. Every email, contact, and calendar entry is encrypted at rest with zero-access architecture. Tuta uses its own encryption protocols rather than PGP, encrypting subject lines in addition to message bodies. While primarily focused on GDPR compliance and personal privacy, Tuta's business plans offer custom domains, team management, and whitelabel options.

Best for: Privacy-focused teams wanting open-source, end-to-end encrypted email at an affordable price under EU jurisdiction
Pros
  • Fully open-source codebase
  • Encrypts subject lines. Not just bodies
  • Affordable pricing for small teams
  • German jurisdiction with strong privacy laws
  • No tracking or advertising
Considerations
  • No HIPAA BAA available
  • Custom encryption protocol (not PGP/S/MIME)
  • Limited enterprise admin features
  • Fewer integrations than established platforms
  • No bridge app for third-party mail clients

Reported in public reviews and vendor documentation. See sources below.

Key Features

End-to-end encryption for all emails
Encrypted subject lines (unique feature)
Zero-access encryption architecture
Open source client and server code
Encrypted contacts and calendar
Custom domain support
Two-factor authentication
Anonymous sign-up option

Are you Tuta? Improve this listing with screenshots, case studies and more.

Sources & references

Where the information on this listing comes from. Always verify pricing and capabilities against the vendor before a purchasing decision.

Spot an error, or do you represent Tuta? Request a correction.