Comparison · Verified July 2026 · Every claim links to its source

ASTIS Mail vs Tuta

Tuta shares our convictions — subjects encrypted, metadata minimized, German servers. It implements them as a closed replacement ecosystem; ASTIS Mail implements them on top of the provider you already run.

TL;DR. Tuta deserves respect: German, open-source, self-funded, encrypting subject lines since before it was fashionable, and first in the category to ship post-quantum hybrid encryption (TutaCrypt, 2024) — their announcement is linked below. Its model is total: Tuta is your provider, with its own protocol and no IMAP at all, by design. That is also the business limitation: closed ecosystem, minimal integrations, migration required. ASTIS Mail draws the same envelope — subjects included — over Gmail and Microsoft 365 instead of replacing them. Privacy-first individuals get excellent value at €6–12/user/month; businesses that can’t leave their provider or their mail clients can’t use Tuta at all.

At a glance

The icon next to a claim opens its primary source — the vendor’s own page for their claims, our verifiable docs for ours. Security platforms shouldn’t ask to be believed.

ASTIS MailTuta
What it is
E2EE client over your existing Gmail / M365
Replacement email provider (Germany)
Subject lines encrypted
Sealed client-side (OpenPGP envelope)
Yes — a founding argument of their protocol
Post-quantum encryption
Not yet — classical Cv25519 today. We announce cryptography when it ships, not as roadmap
TutaCrypt (Kyber-1024 + X25519) in production since 2024
Encryption standard
OpenPGP (IETF) + WKD — portable keys, any compliant client
Own protocol, deliberately not PGP — keys live in Tuta ecosystem
IMAP / third-party clients
Native apps + Thunderbird add-on; your provider’s clients keep working
No IMAP/POP3/SMTP at all — own apps only
Migration required
None — OAuth connect
Full provider migration; import on higher tiers
External recipient (no account)
One-time key invite (browser client)
Shared password → temporary encrypted web inbox
Org-level key recovery
Org key in CVS — ASTIS-managed or self-hosted (HYOK)
Account recovery codes; check offboarding fit
Certifications issued today
SOC 2 Type II in progress · signed builds
ISO 27001 data centers only; no company-wide SOC 2/ISO found
Published pricing
$15–20/seat/mo · self-serve
Essential €6 · Advanced €8 · Unlimited €12 per user/mo

Where is the trust boundary?

Every product on this market draws a line: everything left of it cannot read your content; everything right of it you have to trust. The only question that matters is where the line sits.

Your device

Keys generated and used client-side. No service can produce plaintext.

ASTIS MailTuta
Vendor key service

Content encrypted, but a vendor-run key server authorizes every decryption.

Vendor platform

Encryption and access control live in the vendor’s server-side platform.

Transport only

TLS in transit; content readable at rest by providers and gateways.

Tuta is genuinely device-boundary E2EE — same zone as ASTIS Mail. The boundary that differs is ecosystem: Tuta’s keys and clients work only inside Tuta; OpenPGP keys work in any compliant implementation, and your mailbox stays at your provider.

Where your data lives

ASTIS Mail deliberately does not host message content: decrypted mail exists only on your devices, ciphertext rides your own mailbox. Compare where each product puts plaintext.

ASTIS Mail
Tuta
Decrypted (plaintext) data
Only on your devices — decrypted locally, stored in local browser storage
Decrypted client-side in Tuta’s apps
Encrypted message store
In your own mailbox at your provider (Gmail / M365), as ciphertext
Your entire mailbox lives on Tuta’s servers in Germany
What vendor servers hold
Wrapped key capsules (keyed by address hashes), encrypted key blobs, and the WKD public-key directory — never message content
All your mail encrypted — but sender/recipient addresses and timestamps unencrypted

Who holds the keys?

ASTIS Mail’s model

The same envelope convictions — subjects encrypted, capsule metadata on address hashes, E2EE calendar — implemented inside your existing provider: Gmail/M365 move envelopes they cannot read.

OpenPGP + WKD instead of a proprietary protocol: keys portable, messages decryptable by any compliant client including GnuPG, and org-key recovery through CVS — ASTIS-managed or customer-hosted (HYOK). Standards were the answer to PGP’s gaps, not a new silo.

Tuta’s model

Own protocol (AES-256 + ECC, TutaCrypt post-quantum hybrid), deliberately not PGP — their stated reasons: PGP leaves subjects unencrypted, upgrades algorithms poorly, lacks forward secrecy. Everything from calendars to search indexes is encrypted inside their apps.

The cost of the closed loop is interoperability: no IMAP is not an oversight but a design decision — and it means no Outlook, no Apple Mail, no CRM integrations, no mail-dependent workflows.

Tuta’s stated reasons for abandoning PGP include that “PGP does not encrypt the subject line” — the same gap ASTIS closes while staying inside the PGP standard.tuta.com — encryption guide

Post-quantum and the ecosystem wall — the honest section

The wall businesses actually hit

Teams that live in Outlook or depend on integrations cannot adopt a no-IMAP provider — reviews repeat the same three complaints: no IMAP, slow search, few integrations.

Compliance paperwork: German hosting and GDPR marketing, but no company-wide SOC 2 or ISO certificate to hand an auditor, and no HIPAA BAA program. ASTIS’s SOC 2 is in progress too — on this axis both trail Proton and Virtru today; ASTIS answers with verifiable architecture in the meantime.

Tuta is ahead on post-quantum. Full stop.

TutaCrypt has protected new accounts since March 2024 — CRYSTALS-Kyber + X25519 hybrid, in production, first in the category. If PQ encryption today is your deciding criterion for a self-contained ecosystem, Tuta is currently the strongest choice in this comparison set.

ASTIS Mail uses classical Cv25519 today. Harvest-now-decrypt-later is a real consideration for decade-sensitive data; treat any vendor’s PQ statements as roadmap until shipped.

Pricing

ASTIS Mail

  • Solo $179/year · Team $15/seat/mo · Organization $20/seat/mo
  • Self-serve, 30-day trial, no services engagement
  • 25-seat firm: ≈ $4,500–6,000/year

Tuta

  • Essential €6 · Advanced €8 · Unlimited €12 per user/month (annual billing)
  • Best price in the category for real E2EE with encrypted subjects
  • Plus the migration: MX cutover, limited import tooling, retraining to Tuta apps

Two honest shortlists

Pick Tuta if

  • Privacy-driven individuals, activists, small teams happy inside Tuta’s own apps
  • Post-quantum encryption today as the requirement
  • Budget-sensitive buyers — €6/user/month is unbeatable in class
  • German jurisdiction with a self-funded, open-source vendor

Pick ASTIS Mail if

  • Companies that keep Google Workspace / Microsoft 365 — clients, tooling, IT policy
  • Org-level key recovery, audit evidence, white-label under an EU vendor
  • Tuta-grade envelope coverage without asking counterparties to change providers
  • Portable OpenPGP keys instead of an ecosystem-locked protocol

FAQ

Do both encrypt subject lines?

Yes — both Tuta and ASTIS Mail encrypt subjects; Proton Mail does not (end-to-end). That single row eliminates a lot of products when the requirement is real confidentiality.

Does Tuta work with Outlook or Apple Mail?

No. Tuta has no IMAP/POP3/SMTP by design and no Bridge equivalent; you use Tuta’s apps. ASTIS Mail is also its own client (PWA), but your underlying Gmail/M365 mailbox and clients keep working for everything else.

Which is post-quantum?

Tuta — TutaCrypt, in production since 2024. ASTIS Mail currently uses classical Cv25519; treat any vendor’s PQ statements as roadmap until shipped.

Can a company recover a former employee’s encrypted mail?

ASTIS Mail organization tiers: yes — recovery via the org key in CVS, with custody as an explicit choice: ASTIS Managed CVS, or self-hosted HYOK CVS where ASTIS never touches key material. Tuta: account-level recovery codes; check current admin capabilities against your offboarding requirements.

Sources — retrieved July 2026

All trademarks belong to their owners. Prices and features change — verify before deciding. Found an inaccuracy? [email protected] — we fix verified inaccuracies within one business day.

Don’t trust either vendor — verify.

Read the security documentation, then run the 30-day trial on your existing Gmail or Microsoft 365 mailbox. Keep the provider. Protect the content.