Tuta

tuta.com
Tuta Icon

Free and open source email service based in Germany. It has a basic intuitive UI, secure native mobile apps, anonymous signup, and a .onion site. Tuta has a full-featured free plan or a premium subscription for businesses allowing for custom domains ($12/ month). Tuta does not use OpenPGP like most encrypted mail providers, instead they use a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm (with 128 bit AES, and 2048 bit RSA). This causes compatibility issues when communicating with contacts using PGP. But it does allow them to encrypt much more of the header data (body, attachments, subject lines, and sender names etc) which PGP mail providers cannot do.

Open Source

Tuta Privacy Policy

Privacy Policy Summary

  • Personal data that is stored is encrypted and data is deleted by the end of the calendar year for terminated accounts.
  • Tutanota
  • This service does not track you
  • Service does not allow alternative accounts
  • You agree to defend, indemnify, and hold the service harmless in case of a claim related to your use of the service
  • You can request access and deletion of personal data
  • This service does not sell your personal data
  • The service does not share user information with third parties
  • The service is transparent regarding goverment request or inqueries
  • There is a date of the last update of the agreements
  • Provides information on security practices
  • Cookies are used but do not collect personal information or track usage.
  • All Tutanota Data is Encrypted End-to-End
  • User-generated content is encrypted, and this service cannot decrypt it
  • Accessibility to this service is guaranteed at 99% or more
  • Archives of their agreements are provided so that changes can be viewed over time
  • You will be notified about website maintenance
  • You are prohibited from sending chain letters, junk mail, spam or any unsolicited messages
  • The service claims to be GDPR compliant for European users
  • The service is open-source
  • You authorise the service to charge a credit card supplied on re-occurring basis
  • The data retention period is kept to the minimum necessary for fulfilling its purposes
  • Features of the website are made available under a free software license
  • You can retrieve an archive of your data
  • The court of law governing the terms is in Hanover, Germany
  • The court of law governing the terms is in a jurisdiction that is friendlier to user privacy protection.
  • IP addresses of website visitors are not tracked

Documents

About the Data

This data is kindly provided by tosdr.org. Read full report at: #157

Tuta Source Code

Author

tutao

Description

Tuta is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.

#email#encryption#javascript#mithril#privacy#security#tutanota

Homepage

https://tuta.com

License

GPL-3.0

Created

28 Jul 14

Last Updated

29 Apr 24

Latest version

tutanota-release-227.240429.0

Primary Language

TypeScript

Size

193,175 KB

Stars

5,743

Forks

493

Watchers

5,743

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • ganthern (29 Apr 24)

    Update dompurify (#6900) * update DOMPurify * Tuta v227.240429.0

  • tutao-jenkins (26 Apr 24)

    Tuta v227.240426.1 (#6896) * update translations * v227.240426.1 --------- Co-authored-by: jenkins build server <[email protected]>

  • Jamie Turner (26 Apr 24)

    Show the search bar as disabled when offline in contact and mail views (#6780) This is a temporary mitigation until we switch what key is used to encrypt the `userEncDbKey`.

  • tutao-jenkins (26 Apr 24)

    Tuta v227.240426.0 (#6889) * update translations * v227.240426.0 --------- Co-authored-by: jenkins build server <[email protected]>

  • Murilo Rocha Pereira (26 Apr 24)

    Moves Setup Wizard to it owns chunk (#6879) * Moves Setup Wizard to it owns chunk Setup wizard is only needed on native devices such Android and iOS, with that in mind, this commit moves the whole setup wizard to it owns chunks, so it can be loaded on demand and isn't automatically loaded in desktop or web app. Closes #6844 * Add missing translation

  • Jamie Turner (26 Apr 24)

    Stop displaying the 'Add folder' button for external users (#6846) This stops the more button on the folder rows from being created to avoid external users being able to 'create' unusable folders. Closes #5457.

  • Jamie Turner (26 Apr 24)

    Fix the import device contacts dialog showing the wrong title (#6857) Closes #6851.

  • Murilo Rocha Pereira (26 Apr 24)

    Fix dictionaries being downloaded too late (#6886) This commit fixes the dictionaries being downloaded too late causing electron to use the default fallback download url.

  • Jamie Turner (26 Apr 24)

    Fix `mailto` links not opening a mail editor on Android (#6887) Closes #6873.

  • Jamie Turner (26 Apr 24)

    Fix the news button being displayed for external users (#6858) * Fix the news button being displayed for external users Closes #6845. * Clean up `DrawerMenu.ts` One less element for the browser to worry about.

  • ganthern (25 Apr 24)

    get invite and giftcard subject from server (#6882)

  • Johannes Münichsdorfer (25 Apr 24)

    remove canceledPremiumAccount flag from customer type (#6883) (#6884) As of 2020 the canceledPremiumAccount boolean value has always been set to false therefore this value is no longer needed, and we can remove it. Additionally, this commit includes model changes for the new TranslationService and removes the following unused services and types. * PREMIUM_FEATURE_SERVICE * PREMIUM_FEATURE_DATA * PREMIUM_FEATURE_RETURN * MIGRATE_TO_V18_SERVICE * DEFAULT_SYSTEM_MIGRATE_DATA * REGISTRATION_CONFIG_SERVICE * REGISTRATION_CONFIG_RETURN * SHARE_SERVICE * SHARE_DATA close #6883 Co-authored-by: nig <[email protected]>

  • Johannes Münichsdorfer (25 Apr 24)

    reload cached legacy mails from server on load (#6865) * reload cached legacy mails from server on load these changes can be removed the next time the mail cache is cleared for all clients (probably when we switch to static mail IDs) fixes #6864 * fix offline cache not working in case a large timeRange is set In case a large timeRangeDays (currently >= ~20035) is set, the cutOffTimestamp overflows and will be a negative number, therefore nothing is cached. Co-authored-by: ganthern <[email protected]> --------- Co-authored-by: ganthern <[email protected]>

  • Johannes Münichsdorfer (25 Apr 24)

    make login progress message dynamic (#6881) In case a login takes longer, due to e.g. offline database migrations, we want to show a dynamic and fun login message in the progress dialog. Co-authored-by: nig <[email protected]>

  • tutao-jenkins (17 Apr 24)

    Tuta v225.240417.0 (#6866) * update translations * v225.240417.0 --------- Co-authored-by: jenkins build server <[email protected]>

  • Vitor Sakaguti (17 Apr 24)

    Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <[email protected]> Co-authored-by: bedhub <[email protected]> Co-authored-by: bed <[email protected]>

  • tutao-jenkins (11 Apr 24)

    Tuta v220.240411.0 (#6854) * update translations * v220.240411.0 --------- Co-authored-by: jenkins build server <[email protected]>

  • Willow (11 Apr 24)

    Fix dropdown filtering by wrong field (#6852) Label is a human-readable accessibility description, and it might include parts that we don't want to filter by. We opted into preferring text to label because that's what users are more likely to see. It is not perfect as in some cases (e.g. folder names) we display something that we don't want to filter by (folder indentation level with dots) but it is less surprising. A proper fix would be to introduce another value/function for filtering. #5353 Co-authored-by: wrd <[email protected]>

  • Willow (11 Apr 24)

    Fix accessibility description for move mails dropdown (#6848)

  • Willow (11 Apr 24)

    Update master (#6847) * Add privacy manifests to the iOS client and share extension Written by jat. * Fix missing key error in the privacy report Written by jat * Declare Telemetry in the privacy manifest * update translations * v220.240410.0 --------- Co-authored-by: tutao <[email protected]> Co-authored-by: jenkins build server <[email protected]>

  • paw-hub (10 Apr 24)

    [ios] Ask for permission when encrypting with biometrics (#6821) * [ios] Ask for permission when encrypting with biometrics We need to do this explicitly on iOS, as iOS does not actually check for permission by itself until way later, where it might be too late. Closes #6777 * Cleanup SelectCredentialsEncryptionModeDialog --------- Co-authored-by: paw <[email protected]>

  • Jamie Turner (10 Apr 24)

    Fix the `DropDown`'s navigation and it's filter including cosmetic periods (#6812) * Combine the `DropDownButton` and the 'Add Folder' button * Fix `DropDown`'s keyboard navigation This focuses the filter on open and makes using the arrow buttons to focus an item smoother. * Fix matching indented folder names in the drop-down This excludes the periods from the filter search except when they are in the name of the folder itself. * Fix screen readers announcing the move folder dropdown incorrectly Removing the `title` attribute fixes the name of the folder being announced twice. This is fine as `title` is meant for pop-ups according to MDN while it was being used to add the label again. * Stop the filter input from being focused when the dropdown opens

  • Wren (10 Apr 24)

    Ask for permission instead of throwing error when importing contacts (#6843) * Ask for permission instead of throwing error when importing contacts fix #6797 * Change how system permissions are retrieved

  • Willow (10 Apr 24)

    [ios] Fix trying to updates contacts with notes on every sync (#6841) We've been taking notes into account for hashing but we cannot read or write notes from native so it would mismatch every time. We can add it back once we can access notes field. fix #6827 Co-authored-by wrd <[email protected]>

  • Willow (10 Apr 24)

    Catch unknown errors during contact sync (#6840) * Catch unknown errors during contact sync * Catch NotFoundError's during contact sync #6827 --------- Co-authored-by: mac-github <[email protected]>

  • paw-hub (10 Apr 24)

    [ios] Localize custom labels when doing contact import (#6838) Avoid _$!XXXXX!$_ names by using CNLabeledValue.localizedString to localize contact labels before importing them. Fixes #6799 Co-authored-by: paw <[email protected]>

  • Jamie Turner (10 Apr 24)

    Fix the name of events overflowing onto the time (#6806) * Fix the name of events overflowing onto the time I also experimented with a CSS flow based `CalendarEventBubble` to simplify the code but that is still too difficult because of the absolute positioning and sizing used in `CalendarDayEventsView`. Closes #6582. * Add a comment to explain `-webkit-line-clamp` As requested during PR review.

  • paw-hub (10 Apr 24)

    Fix calendar issues (#6701) * Use short names in week view if two months * Make current date more contrasted Also move over the styling to classes rather than having three copies of it! * Improve how well the mini calendar fits Remove the padding around the calendar, and increase the minimum size of the first column from 240px to 270px. * Always reserve width for the scrollbar for left column in calendar We use scrollbar-gutter-stable-or-fallback to do this, ensuring that the width will always be reserved. For the New event button, it will also align it. * Move week indicator to the header row for calendar Remove week from the CalendarNavConfiguration as it is not needed here. * Make width of the highlighted week not relative * Fix the sidebar disappearing too early Fix week titles Co-authored-by: wrd <[email protected]> --------- Co-authored-by: paw <[email protected]> Co-authored-by: jat <[email protected]> Co-authored-by: wrd <[email protected]>

  • Willow (08 Apr 24)

    v220.240408.0 (#6839)

  • Jamie Turner (08 Apr 24)

    Fix the keyboard shortcuts dialog becoming unopenable on back press (#6807) Closes #4514.

Tuta Website

Website

Tuta Mail: Create a secure, private & encrypted email account for free

Tuta is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address 185.205.69.12
  • Location Hanover, Niedersachsen, Germany, EU
  • ISP Tutao GmbH
  • ASN AS210909

Associated Countries

  • US
  • DE

Saftey Score

Website marked as safe

100%

Blacklist Check

tuta.com was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Tuta Android App

Update Info

  • App Tutanota: simply secure emails
  • Creation Date 07 Nov 18
  • Last Updated 09 Dec 23
  • Current Version 2.15.4
  • Creator Tutao GmbH
  • Downloads 100,000+ downloads

Trackers

No trackers found

Permissions

  • Internet
  • Read Contacts
  • Vibrate
  • Access Network State
  • Wake Lock
  • Receive
  • C2d Message
  • Read External Storage

Tuta iOS App

App Info

Encrypted Email Tuta

Tuta (formerly Tutanota), the fully secure encrypted email and calendar app, enables you to keep your private data private! We never compromise on security or privacy. Tuta comes with a light & beautiful GUI, a dark theme, offline availability, instant push notifications, auto-sync, full-text search, swipe gestures and more. The business email plans have flexible user management and admin levels so you can manage all your company’s email needs easily. What you'll love about the Tuta email client for iOS: - Create a free email address (ending in @tuta.com, @tutanota.com, @tutanota.de, @tutamail.com, @tuta.io or @keemail.me) with 1 GB of free storage. - Create custom domain email addresses for €3 per month with optional catch-all & unlimited email addresses. - Instant display of incoming emails, no need to swipe down to refresh. - Instant access to your encrypted email, calendars & contacts - also when offline. - Quick swipe gestures to manage your inbox easily. - Instant push notifications. - Auto-complete mail addresses as you type. - Auto-sync between app, web and desktop email clients. - Tuta is a free & open source (FOSS) email app so that security experts can check the code. - Find everything you're looking for with our secure & private full-text search of your encrypted email. - Anonymous registration without a phone number. - Send calendar invites directly from the secure calendar app. - Create an unlimited number of encrypted calendars with any paid plan. - Send and receive end-to-end encrypted emails to anybody for free. - Send and receive old-fashioned emails (not end-to-end encrypted). - Automatically encrypt subject, content & attachments for maximum security. - Business email with flexible user creation and admin levels. The secure email app Tuta Mail enables you to send end-to-end encrypted emails to anybody. Even emails that are being sent without end-to-end encryption and all your contacts are stored securely encrypted on the Tutanota servers based in Germany. Tutanota also has an encrypted calendar, easily accessible from within the mail client. Our passion for privacy. Tuta Mail is being built by a team passionate about everybody's right to privacy. We are supported by an amazing community, which enables us to grow our team continuously, making the open source email app Tuta a lasting success without depending on venture capital interests. Tuta respects you & your data: - Only you can access your encrypted emails, calendars & contacts. - Tuta does not track or profile you. - Open source clients & apps. - Innovative full-text search feature lets you easily search your mailbox. - TLS with support of PFS, DMARC, DKIM, DNSSEC and DANE. - Secure password reset that gives us absolutely no access. - 100% developed and located in Germany under strict Data Protection Laws (GDPR). - Uses 100% renewable energy. Official website: https://tuta.com Source code: https://github.com/tutao/tutanota Crypto Notice This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. Seehttp://www.wassenaar.org/ for more information. The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

Rating

Rated 4.46 out of 5 stars by 450 users

Version Info

  • Current Version 220.240326.0
  • Last Updated 27 Mar 24
  • First Released 30 Nov 14
  • Minimum iOS Version 15.0
  • Device Models Supported 93

App Details

  • IPA Size 15.99 Mb
  • Price Free (USD)
  • Age Advisory 4+
  • Supported Languages 55
  • Developer Tutao GmbH
  • Bundle ID de.tutao.tutanota

Screenshots

Tuta Socials

Tuta Reviews

More Encrypted Email

  • An open-source, end-to-end encrypted anonymous email service. ProtonMail has a modern easy-to-use and customizable UI, as well as fast, secure native mobile apps. ProtonMail has all the features that you'd expect from a modern email service and is based on simplicity without sacrificing security. It has a free plan or a premium option for using custom domains (starting at $5/month). ProtonMail requires no personally identifiable information for signup, they have a .onion server, for access via Tor, and they accept anonymous payment: BTC and cash (as well as the normal credit card and PayPal).

  • An open source, privacy-focused, encrypted email service supporting SMTP, IMAP, and API access

  • Mailfence supports OpenPGP so that you can manually exchange encryption keys independently from the Mailfence servers, putting you in full control. Mailfence has a simple UI, similar to that of Outlook, and it comes with bundled with calendar, address book, and files. All mail settings are highly customizable, yet still clear and easy to use. Sign up is not anonymous, since your name, and prior email address is required. There is a fully-featured free plan, or you can pay for premium, and use a custom domain ($2.50/ month, or $7.50/ month for 5 domains), where Bitcoin, LiteCoin or credit card is accepted.

    Not Open Source
  • A Berlin-based, eco-friendly secure mail provider. There is no free plan, the standard service costs €12/year. You can use your own domain, with the option of a catch-all alias. They provide good account security and email encryption, with OpenPGP, as well as encrypted storage. There is no dedicated app, but it works well with any standard mail client with SSL. There's also currently no anonymous payment option.

    Not Open Source

About the Data: Tuta

API

You can access Tuta's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/communication/encrypted-email/tuta

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Tuta

Help your friends compare Encrypted Email, and pick privacy-respecting software and services.
Share Tuta and Awesome Privacy with your network!

View Encrypted Email (5)