Secure mail for everybody!

Encryption made easy.

Tutanota automatically encrypts all your data on your device. Your mails as well as your contacts stay private. You can easily communicate with any of your friends end-to-end encrypted. Even subject and attachments as well as all your contacts are encrypted.

Open source and forever free.

Tutanota is licensed under GPL v3 - essential to any encryption service. Open source enables security experts to verify the code that protects your mails. We experience an amazing support from our community. You are the key in showing the world the importance of privacy. Tutanota @ Github

Secure mail - wherever you are.

Simply access your secure mailbox with your favorite web browser from any device. You can also use our mobile apps for Android and iOS. Your password easily unlocks your private key and your encrypted information on any device simply by logging in to your Tutanota account.

Focus on usability and security.

Tutanota offers an open webmail service that is very easy to use. Our intuitive design enables everybody to send secure messages. All the encryption is taken care of automatically in the background.

Your Tutanota account for business.

Tutanota’s affordable business version enables companies and organizations of all sizes to easily secure their email communication. Manage all secure mail accounts of your company or family with your own domain, or use Tutanota's whitelabel feature. Access your encrypted mailbox via web, Android or iOS app. All data is stored encrypted on our own servers in data centers in Germany. Learn here how Tutanota helps your business to become GDPR compliant.

Secure emails at the tip of your finger



End-to-end encryption



Entire mailbox is encrypted. The entire mailbox – emails and address book – are stored end-to-end encrypted in Tutanota. The only unencrypted data are mail addresses of users as well as senders and recipients of emails Upon entering your login credentials, your mailbox is automatically decrypted locally on your device. You can easily login via a web browser or via the Tutanota apps for Android and iOS.

Encrypted emails to anyone.

Tutanota uses symmetric (AES 128) and asymmetric encryption (AES 128 / RSA 2048) to encrypt emails end-to-end. When both parties use Tutanota, all emails are automatically end-to-end encrypted (asymmetric encryption). For an encrypted email to an external recipient, a password for encrypting & decrypting the email (symmetric encryption) must be exchanged once.

Tutanota’s automatic encryption works easily on all devices, even mobile. Tutanota automatically encrypts
  • subject line, content and all attachments of an email,
  • address book,
  • inbox rules / filters,
  • and the search index.


TLS encryption

Highest level of TLS encryption with STARTTLS, PFS, DNSSEC, DANE, DMARC, and DKIM.

On top of its automatic end-to-end encryption, Tutanota uses STARTTLS, Perfect Forward Secrecy, DNSSEC, DANE, DMARC, and DKIM to secure your connection to Tutanota to the maximum.

Maximum login protection

Tutanota never transmits your password to the server.

When you login, Tutanota hashes and salts your password before transmitting the hash to our servers. It is impossible to derive the actual password from this hash, thus, no one can know your password, not even we at Tutanota. To protect your password, we use bcrypt and SHA256.

To further secure your login credentials, Tutanota enables you to activate two-factor authentication. For this you can use TOTP or U2F. We recommend using U2F with a security device as this is the most secure form of two-factor authentication.

One password to automatize encryption.



Your password unlocks your private key. Every Tutanota mailbox owns one private key that is used to automatize the exchange of encrypted emails. When you register with Tutanota, this private key is created locally on your client and encrypted with your password. This way, Tutanota can automatize the entire encryption process without ever having access to your private key.

A certain password strength is required to make sure that your private key is strong enough for encrypting your confidential emails. That’s why registration with a weak password is not possible with Tutanota.

GDPR compliant email service

Tutanota follows the principles of data minimization & privacy by design.

We are responsible for the protection of your personal data, and we take this responsibility very seriously. Therefore
  • Tutanota is based on the data privacy principles "data minimization" and "privacy by design",
  • all user data is stored end-to-end encrypted in Tutanota (except for email addresses of users as well as senders and recipients of emails),
  • we have technical and organizational measures in place which protect your data best possible.


Our built-in encryption and the ability to send an encrypted email to any recipient in the world make Tutanota a perfect option when looking for a secure email service. Under the GDPR, companies must always protect personal data, even when sent via email.

Privacy made in Germany

Germany has one of the strictest data protection laws.

Data privacy regulations in the European Union (EU) are among the strictest in the world, and among all European member states, Germany has one of the strongest policies: the Federal Data Protection Act (Bundesdatenschutzgesetz). The EU General Data Protection Regulation (GDPR) was in large parts designed based on the German Federal Data Protection Act.

This law protects users of Internet services. It puts the user in charge of what should be done with their data:

Companies (=we) are not allowed to collect any personal information without express permission from an individual (=you), (e.g. name, date of birth, IP address).

In addition, in Germany there is no law that could force us to submit to a gag order or to implement a backdoor.

Data stored in Germany



Tutanota stores all data encrypted in highly secure data centers in Germany.

All data in Tutanota is stored end-to-end encrypted on our own servers in ISO 27001 certified data centers in Germany. No one has access to our servers except our permanent administrators, who need to pass multiple-factor-authentication before gaining access. All productive systems are monitored 24/7 for unauthorized access and extraordinary activity.

Anonymous email service: No tracking, no ads



Tutanota is an anonymous email service that does not track you.

Our business model is different from most email services: Due to the encryption, we can not scan your emails. We do not track you. We do not send targeted advertisements to your mailbox.

Tutanota does not log IP addresses when you login or when you send an email. Upon registration you do not need to provide any personal data (e.g. no phone number is required), even when you register via Tor.

Tutanota strips the IP addresses of emails sent and received from the mail headers so that your location remains unknown.

Enhanced privacy features

Tutanota is an email service built with privacy at its heart.

Companies love email for marketing campaigns. Because email by default does not respect your privacy. When marketing people send you a newsletter, the email usually loads external content (e.g. images). In this instance you are being tracked: IP address, browser you are using, and more information is being transmitted to the sender.

Tutanota offers you an email service that automatically protects from those tracking methods:
  • Tutanota blocks images by default. No external content is loaded when you open an email unless you actively allow this.
  • Tutanota strips all header information (IP address) from emails sent to protect your privacy.
  • Tutanota warns you when the technical sender differs from the from sender. To fake the from sender is a typical method used in phishing attacks.
  • Tutanota scores very well on Email Privacy Tester.


Monitor & close sessions remotely

Check if anyone has accessed your encrypted Tutanota mailbox.

Our new mail client lets you check active and closed sessions as an opt-in feature. This allows you to verify that no one but yourself has logged into your account. Closed sessions are automatically deleted after one week.

Tutanota’s session handling also enables you to close sessions remotely. When you lose your mobile phone and you are still logged in with the Tutanota app, you can close this session from any other device. By closing the session remotely, you make sure that no one can access your secure emails on the lost phone.

IP addresses of open and closed sessions are always stored encrypted and automatically deleted after one week. Due to the encryption only you can access this information. We at Tutanota have absolutely no access to this information.

Committed to open source

Free and open source email for everyone.

Tutanota focuses on security and privacy. To us, open source is essential to achieve both. We have published the Tutanota web client and both Android and iOS Apps as open source software on GitHub.

This way everyone can check the code and verify that there are no bugs in the code base. By being open source potential bugs can be noticed and fixed much faster than it is the case with closed source applications.

If you have any questions or would like to implement tutanota email as a personal or business solution, please contact us using the form below.