Comparisons · Verified July 2026

ASTIS Mail vs the market

Who can read your mail? Where does it live — and where do the keys? Will your team have to migrate, and can they still search their inbox? Plain answers first, the technical checklist after — and on every detailed page, each claim links to the vendor’s own documentation.

Ten questions before you buy encrypted email

CISO-grade questions, plain words. Hover any mark for the grown-up details.

ASTIS MailVirtruProtonTutaZivverPreVeilPaubox
Can only you and your recipient read the mail?
Does your mail stay out of vendor storage?
Do usable decryption keys stay only on your side?
Are the letter and its key always held by different parties?
Is stored mail unreadable wherever it sits?
Can you keep Gmail / Microsoft 365 — no migration?
Can your team keep the mail apps they know?
Does inbox search keep working as before?
Can external recipients read mail without installing anything?
Can the organization open a departed employee’s mail?

Simplified on purpose — the nuance behind every answer is on the per-vendor pages, with primary sources.

The mechanism behind the checkmarks

Every product above encrypts something. ASTIS Mail is built on one mechanism none of them have: the letter and its key are split — permanently, by architecture.

Your provider

Gmail / Microsoft 365 carries and stores the sealed envelope — ciphertext only: bodies, subjects, attachments, filenames. It can deliver the letter. It cannot read it.

ASTIS capsule service

Every message gets a session-key capsule, wrapped separately to each recipient’s key. Capsule metadata is keyed by address hashes; the public-key directory maps addresses to keys. No envelope, no content — ever.

Your devices

The only place where envelope and key ever meet. Plaintext exists here — and nowhere else in the world.

One mechanism — five consequences no table row captures:

  • Mail that dies on schedule. A capsule expires — and the message becomes undecryptable everywhere: every copy, every mailbox, every backup. No reader cooperation required.
  • Revoke after send. Delete the capsule and the ciphertext sitting in the recipient’s mailbox turns into permanent noise.
  • Recovery with custody on your terms. The org key can rewrap capsules for a departed employee — held in ASTIS Managed CVS, or in your own self-hosted HYOK vault where ASTIS never touches key material.
  • Who-mails-whom isn’t written down. The capsule service sees SHA-256 hashes, not addresses — metadata minimized by design, not by policy.
  • Everything leaves a verifiable trace. Capsule operations land in a hash-chained audit log; release builds are GPG-signed; signatures verify without an ASTIS account. Check, don’t trust.

That is the trust layer: not a feature list — one architecture the features fall out of. Read how it works

The technical checklist

ASTIS MailVirtruProtonTutaZivverPreVeilPaubox
Trust boundary
Vendor cannot decrypt your mail (default setup)
Subject lines encrypted
Zero-knowledge without paid add-ons
Deployment
Open standard (OpenPGP) — portable keys
Encrypted calendar
White-label / embed in your own product
Quantum-safe encryption today
Control
Message expiry / revoke after send
Jurisdiction & proof
EU/EEA vendor entity
Issued SOC 2 / ISO 27001 today
Published pricing

Icons simplify — hover a mark for the nuance, and open the per-vendor pages below for the full picture with primary sources. Verified July 2026; corrections: [email protected].

The detailed comparisons

Also comparing: Workload Secrets vs the Kubernetes secrets stack

Vault, OpenBao, ESO, Sealed Secrets, SOPS, cloud secret managers — they distribute secrets; none of them gate who can open one. Who actually sees plaintext: etcd, backups, kubectl, debug containers, CI, AI agents. Read the layer map →

All trademarks belong to their owners. Found an inaccuracy? [email protected] — verified corrections within one business day.