Tuta Icon

Free and open source email service based in Germany. It has a basic intuitive UI, secure native mobile apps, anonymous signup, and a .onion site. Tuta has a full-featured free plan or a premium subscription for businesses allowing for custom domains ($12/ month). Tuta does not use OpenPGP like most encrypted mail providers, instead they use a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm (with 128 bit AES, and 2048 bit RSA). This causes compatibility issues when communicating with contacts using PGP. But it does allow them to encrypt much more of the header data (body, attachments, subject lines, and sender names etc) which PGP mail providers cannot do.

Open Source

Tuta Privacy Policy

Privacy Policy Summary

  • Personal data that is stored is encrypted and data is deleted by the end of the calendar year for terminated accounts.
  • Tutanota
  • This service does not track you
  • Service does not allow alternative accounts
  • You agree to defend, indemnify, and hold the service harmless in case of a claim related to your use of the service
  • You can request access and deletion of personal data
  • This service does not sell your personal data
  • The service does not share user information with third parties
  • The service is transparent regarding goverment request or inqueries
  • There is a date of the last update of the agreements
  • Provides information on security practices
  • Cookies are used but do not collect personal information or track usage.
  • All Tutanota Data is Encrypted End-to-End
  • User-generated content is encrypted, and this service cannot decrypt it
  • Accessibility to this service is guaranteed at 99% or more
  • Archives of their agreements are provided so that changes can be viewed over time
  • You will be notified about website maintenance
  • You are prohibited from sending chain letters, junk mail, spam or any unsolicited messages
  • The service claims to be GDPR compliant for European users
  • The service is open-source
  • You authorise the service to charge a credit card supplied on re-occurring basis
  • The data retention period is kept to the minimum necessary for fulfilling its purposes
  • Features of the website are made available under a free software license
  • You can retrieve an archive of your data
  • The court of law governing the terms is in Hanover, Germany
  • The court of law governing the terms is in a jurisdiction that is friendlier to user privacy protection.
  • IP addresses of website visitors are not tracked


About the Data

This data is kindly provided by tosdr.org. Read full report at: #157

Tuta Source Code




Tuta is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.







28 Jul 14

Last Updated

18 May 24

Latest version


Primary Language



197,257 KB







Language Usage

Language Usage

Star History

Star History

Recent Commits

  • bedhub (14 May 24)

    229.240514.1 (#6940) * disable argon2 migration We disable argon2 migration to prevent that client with offline support prior to 229.240513.0 have unexpected errors * v229.240514.1 --------- Co-authored-by: bedhub <[email protected]>

  • bedhub (14 May 24)

    disable argon2 migration (#6938) We disable argon2 migration to prevent that client with offline support prior to 229.240513.0 have unexpected errors Co-authored-by: bedhub <[email protected]>

  • tutao-jenkins (14 May 24)

    Tuta v229.240514.0 (#6937) * update translations * v229.240514.0 --------- Co-authored-by: jenkins build server <[email protected]>

  • bedhub (14 May 24)

    fix login with offline data after argon2 migration by a different client. #6935 (#6936) When doing a login with offline data we initialize the user facade from offline cache. In case another client changed the kdf type (argon2 migration) we need to update the user facade as soon as we go online to unlock the user group key correctly. Co-authored-by: bedhub <[email protected]>

  • Willow (13 May 24)

    Update libs v229.240513.0 (#6932) * DOMPurify 3.1.3, undici 6.16.1 * [build] Do not delete package-lock on bump-version * v229.240513

  • wec43 (08 May 24)

    Update better-sqlite3 commit for fixing browser test crash (#6842) Existing repos need to run `rm -rf node_modules/better-sqlite3 && npm install && rm -r test/native-cache` for the change to take effect.

  • Murilo Rocha Pereira (08 May 24)

    Update Undici to 6.16.0 (#6923)

  • armhub (08 May 24)

    v229.240508.0 (#6924)

  • armhub (08 May 24)

    Update electron to 29.3.2, #6921 (#6922) Co-authored-by: arm <[email protected]>

  • armhub (07 May 24)

    Leaving user survey improvements, #6755 (#6920) Co-authored-by: pas <[email protected]>

  • tutao-jenkins (06 May 24)

    Tuta v228.240506.0 (#6919) * update translations * v228.240506.0 --------- Co-authored-by: jenkins build server <[email protected]>

  • vaf-hub (06 May 24)

    enable argon2 migration (#6918) tutadb#1802

  • vaf-hub (06 May 24)

    set the correct (default) kdf type when creating new external users (#6874) tutadb#1796

  • bedhub (06 May 24)

    Show pq padlock symbol for sent mail, tutadb 1788 (#6699) * Show pq padlock symbol for sent mail, tutadb 1788 To show the pq padlock symbol for the sender we introduced another enum value for the encryptionAuthStatus on Mail instances which is only set for the sent mail. It is only set in case the mail is confidential and all recipients support the TutaCrypt protocol. * clean up outdated invitations from offlince cache see the fix for tutadb#1800 --------- Co-authored-by: bedhub <[email protected]> Co-authored-by: vaf <[email protected]>

  • Willow (02 May 24)

    [ios, ci] Use iOS 17.4 to run tests (#6911)

  • Willow (02 May 24)

    Dompurify 3.1.2 (#6910) * Update dompurify to 3.1.2 * v227.240502

  • ganthern (29 Apr 24)

    Update dompurify (#6900) * update DOMPurify * Tuta v227.240429.0

  • tutao-jenkins (26 Apr 24)

    Tuta v227.240426.1 (#6896) * update translations * v227.240426.1 --------- Co-authored-by: jenkins build server <[email protected]>

  • Jamie Turner (26 Apr 24)

    Show the search bar as disabled when offline in contact and mail views (#6780) This is a temporary mitigation until we switch what key is used to encrypt the `userEncDbKey`.

  • tutao-jenkins (26 Apr 24)

    Tuta v227.240426.0 (#6889) * update translations * v227.240426.0 --------- Co-authored-by: jenkins build server <[email protected]>

  • Murilo Rocha Pereira (26 Apr 24)

    Moves Setup Wizard to it owns chunk (#6879) * Moves Setup Wizard to it owns chunk Setup wizard is only needed on native devices such Android and iOS, with that in mind, this commit moves the whole setup wizard to it owns chunks, so it can be loaded on demand and isn't automatically loaded in desktop or web app. Closes #6844 * Add missing translation

  • Jamie Turner (26 Apr 24)

    Stop displaying the 'Add folder' button for external users (#6846) This stops the more button on the folder rows from being created to avoid external users being able to 'create' unusable folders. Closes #5457.

  • Jamie Turner (26 Apr 24)

    Fix the import device contacts dialog showing the wrong title (#6857) Closes #6851.

  • Murilo Rocha Pereira (26 Apr 24)

    Fix dictionaries being downloaded too late (#6886) This commit fixes the dictionaries being downloaded too late causing electron to use the default fallback download url.

  • Jamie Turner (26 Apr 24)

    Fix `mailto` links not opening a mail editor on Android (#6887) Closes #6873.

  • Jamie Turner (26 Apr 24)

    Fix the news button being displayed for external users (#6858) * Fix the news button being displayed for external users Closes #6845. * Clean up `DrawerMenu.ts` One less element for the browser to worry about.

  • ganthern (25 Apr 24)

    get invite and giftcard subject from server (#6882)

  • Johannes Münichsdorfer (25 Apr 24)

    remove canceledPremiumAccount flag from customer type (#6883) (#6884) As of 2020 the canceledPremiumAccount boolean value has always been set to false therefore this value is no longer needed, and we can remove it. Additionally, this commit includes model changes for the new TranslationService and removes the following unused services and types. * PREMIUM_FEATURE_SERVICE * PREMIUM_FEATURE_DATA * PREMIUM_FEATURE_RETURN * MIGRATE_TO_V18_SERVICE * DEFAULT_SYSTEM_MIGRATE_DATA * REGISTRATION_CONFIG_SERVICE * REGISTRATION_CONFIG_RETURN * SHARE_SERVICE * SHARE_DATA close #6883 Co-authored-by: nig <[email protected]>

  • Johannes Münichsdorfer (25 Apr 24)

    reload cached legacy mails from server on load (#6865) * reload cached legacy mails from server on load these changes can be removed the next time the mail cache is cleared for all clients (probably when we switch to static mail IDs) fixes #6864 * fix offline cache not working in case a large timeRange is set In case a large timeRangeDays (currently >= ~20035) is set, the cutOffTimestamp overflows and will be a negative number, therefore nothing is cached. Co-authored-by: ganthern <[email protected]> --------- Co-authored-by: ganthern <[email protected]>

  • Johannes Münichsdorfer (25 Apr 24)

    make login progress message dynamic (#6881) In case a login takes longer, due to e.g. offline database migrations, we want to show a dynamic and fun login message in the progress dialog. Co-authored-by: nig <[email protected]>

Tuta Website


Tuta Mail: Create a secure, private & encrypted email account for free

Tuta is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.


Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address
  • Location Hanover, Niedersachsen, Germany, EU
  • ISP Tutao GmbH
  • ASN AS210909

Associated Countries

  • US
  • DE

Saftey Score

Website marked as safe


Blacklist Check

tuta.com was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Tuta Android App

Update Info

  • App Tutanota: simply secure emails
  • Creation Date 07 Nov 18
  • Last Updated 09 Dec 23
  • Current Version 2.15.4
  • Creator Tutao GmbH
  • Downloads 100,000+ downloads


No trackers found


  • Internet
  • Read Contacts
  • Vibrate
  • Access Network State
  • Wake Lock
  • Receive
  • C2d Message
  • Read External Storage

Tuta iOS App

App Info

Encrypted Email Tuta

Tuta (formerly Tutanota), the fully secure encrypted email and calendar app, enables you to keep your private data private! We never compromise on security or privacy. Tuta comes with a light & beautiful GUI, a dark theme, offline availability, instant push notifications, auto-sync, full-text search, swipe gestures and more. The business email plans have flexible user management and admin levels so you can manage all your company’s email needs easily. What you'll love about the Tuta email client for iOS: - Create a free email address (ending in @tuta.com, @tutanota.com, @tutanota.de, @tutamail.com, @tuta.io or @keemail.me) with 1 GB of free storage. - Create custom domain email addresses for €3 per month with optional catch-all & unlimited email addresses. - Instant display of incoming emails, no need to swipe down to refresh. - Instant access to your encrypted email, calendars & contacts - also when offline. - Quick swipe gestures to manage your inbox easily. - Instant push notifications. - Auto-complete mail addresses as you type. - Auto-sync between app, web and desktop email clients. - Tuta is a free & open source (FOSS) email app so that security experts can check the code. - Find everything you're looking for with our secure & private full-text search of your encrypted email. - Anonymous registration without a phone number. - Send calendar invites directly from the secure calendar app. - Create an unlimited number of encrypted calendars with any paid plan. - Send and receive end-to-end encrypted emails to anybody for free. - Send and receive old-fashioned emails (not end-to-end encrypted). - Automatically encrypt subject, content & attachments for maximum security. - Business email with flexible user creation and admin levels. The secure email app Tuta Mail enables you to send end-to-end encrypted emails to anybody. Even emails that are being sent without end-to-end encryption and all your contacts are stored securely encrypted on the Tutanota servers based in Germany. Tutanota also has an encrypted calendar, easily accessible from within the mail client. Our passion for privacy. Tuta Mail is being built by a team passionate about everybody's right to privacy. We are supported by an amazing community, which enables us to grow our team continuously, making the open source email app Tuta a lasting success without depending on venture capital interests. Tuta respects you & your data: - Only you can access your encrypted emails, calendars & contacts. - Tuta does not track or profile you. - Open source clients & apps. - Innovative full-text search feature lets you easily search your mailbox. - TLS with support of PFS, DMARC, DKIM, DNSSEC and DANE. - Secure password reset that gives us absolutely no access. - 100% developed and located in Germany under strict Data Protection Laws (GDPR). - Uses 100% renewable energy. Official website: https://tuta.com Source code: https://github.com/tutao/tutanota Crypto Notice This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. Seehttp://www.wassenaar.org/ for more information. The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.


Rated 4.46 out of 5 stars by 450 users

Version Info

  • Current Version 220.240326.0
  • Last Updated 27 Mar 24
  • First Released 30 Nov 14
  • Minimum iOS Version 15.0
  • Device Models Supported 93

App Details

  • IPA Size 15.99 Mb
  • Price Free (USD)
  • Age Advisory 4+
  • Supported Languages 55
  • Developer Tutao GmbH
  • Bundle ID de.tutao.tutanota


Tuta Socials

Tuta Reviews

More Encrypted Email

  • An open-source, end-to-end encrypted anonymous email service. ProtonMail has a modern easy-to-use and customizable UI, as well as fast, secure native mobile apps. ProtonMail has all the features that you'd expect from a modern email service and is based on simplicity without sacrificing security. It has a free plan or a premium option for using custom domains (starting at $5/month). ProtonMail requires no personally identifiable information for signup, they have a .onion server, for access via Tor, and they accept anonymous payment: BTC and cash (as well as the normal credit card and PayPal).

  • An open source, privacy-focused, encrypted email service supporting SMTP, IMAP, and API access

  • Mailfence supports OpenPGP so that you can manually exchange encryption keys independently from the Mailfence servers, putting you in full control. Mailfence has a simple UI, similar to that of Outlook, and it comes with bundled with calendar, address book, and files. All mail settings are highly customizable, yet still clear and easy to use. Sign up is not anonymous, since your name, and prior email address is required. There is a fully-featured free plan, or you can pay for premium, and use a custom domain ($2.50/ month, or $7.50/ month for 5 domains), where Bitcoin, LiteCoin or credit card is accepted.

    Not Open Source
  • A Berlin-based, eco-friendly secure mail provider. There is no free plan, the standard service costs €12/year. You can use your own domain, with the option of a catch-all alias. They provide good account security and email encryption, with OpenPGP, as well as encrypted storage. There is no dedicated app, but it works well with any standard mail client with SSL. There's also currently no anonymous payment option.

    Not Open Source

About the Data: Tuta


You can access Tuta's data programmatically via our API. Simply make a GET request to:


The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Tuta

Help your friends compare Encrypted Email, and pick privacy-respecting software and services.
Share Tuta and Awesome Privacy with your network!

View Encrypted Email (5)