# Tuta (Tutanota)

> Source: https://fuckyc.org/services/tuta/
> Website: https://tuta.com/
> Categories: Privacy email
> KYC: optional — Free signup typically requires only a self-chosen username; abuse-prevention sometimes asks for verification.
> Status: active
> Jurisdiction: Germany (operator-disclosed)
> Fiat on-ramp: no
> Payment methods: crypto, card, paypal, bank-transfer
> Founded: 2011
> Open source: yes
> Custodial: yes
> Last verified: 2026-01-01

## Verdict

Tuta encrypts more by default than any other mainstream privacy email — subjects and addressbook included — at the cost of being a closed ecosystem without IMAP. German jurisdiction is the operator-side caveat. For users who prioritize default-on encryption over interoperability, Tuta is the strongest commercial option.

## Strengths

- End-to-end encrypted by default including subject lines and addressbook.
- No PGP exposure; encryption is in-protocol.
- Open-source apps and clients.

## Caveats

- German legal jurisdiction means BfV and BKA orders apply; the operator has been compelled in past cases to make limited surveillance available going forward (not retroactive content recovery).
- IMAP/SMTP are not supported because the encryption is in-protocol; you use Tuta's clients.
- Facts need re-verification by operator (last seeded 2026-01).

---

## What Tuta is

An end-to-end encrypted email service from Germany; encryption is in-protocol rather than PGP.

## Threat-model fit

When default-on encryption (including metadata at rest) is the requirement.

## Sources

- [Tuta support](https://tuta.com/support) — accessed 2026-01-01
- [Tuta transparency reports](https://tuta.com/blog/tag/transparency-report) — accessed 2026-01-01