Zero Knowledge. Zero Trust. Many companies promise privacy. Our architecture guarantees it. We've built a system where it's technically impossible for us to read your emails.
Keys are generated locally on your device. Your private key is encrypted with your password before it ever leaves your browser.
Incoming emails are encrypted with your public key immediately at the gateway. From that millisecond onwards, they are opaque to us.
Data rests in an encrypted blob. Decryption happens strictly on your CPU when you log in. We never see the raw data.
TLS 1.3
Curve25519
Ed25519
When you create an account, your encryption keys are generated on your device. The private key is never sent to our servers. We have zero access to your private conversations.
Every email you send and receive is encrypted with your public key before it's ever written to our disks. Even if our servers were breached, your data would remain unreadable.
Our servers are in Hong Kong, outside the Five, Nine, and Fourteen Eyes surveillance alliances. This provides a robust legal shield for your data.
Protect your entire domain infrastructure. We don't just host email; we provide a secure foundation for your digital presence.
All DNS records are cryptographically signed. This prevents DNS spoofing and cache poisoning attacks, ensuring your users always reach your real server.
Your DNS infrastructure is hosted in Hong Kong, protected from foreign surveillance and subject only to local privacy laws.
Protected from Five Eyes surveillance and foreign subpoenas.
Subject to MLATs, CLOUD Act & intelligence sharing.
We technically cannot read your data. Encryption happens on your CPU.
Provider holds the keys and can decrypt data for law enforcement.
Keys are generated on your device. You are the sole custodian.
Keys generated on their server, meaning they have a copy.
Full IMAP/JMAP/SMTP support. Use any app. Migrate anytime.
Locked to their proprietary app. Difficult to export data.