Comparison · Verified July 2026 · Every claim links to its source
ASTIS Mail vs Zivver
Zivver secures delivery through its platform and portal. ASTIS Mail seals content on your device. And since June 2025, Zivver’s owner is a California company — their own press release below.
TL;DR. Zivver is mature and widely deployed — 10,000+ organizations, strongest in Dutch and UK healthcare and government — with a genuinely useful pre-send DLP layer and a portal that lets unprepared recipients read secure mail with an SMS or access code, no account needed. Its “zero-access encryption” is a server-side platform claim you verify through audits; ASTIS Mail’s zero-knowledge is client-side architecture you verify in code. Two 2025–2026 facts changed the calculus: Zivver was acquired by Kiteworks (California, US) in June 2025 — announced in their own press release — and EU procurement under NIS2/DORA increasingly asks who has jurisdiction over the vendor. Both realities are linked below; check them yourself.
At a glance
The icon next to a claim opens its primary source — the vendor’s own page for their claims, our verifiable docs for ours. Security platforms shouldn’t ask to be believed.
| ASTIS Mail | Zivver | |
|---|---|---|
| Model | Client-side E2EE; ciphertext in your own mailbox | |
| Encryption claim | ||
| Vendor ownership | ||
| External recipient (no product) | One-time key invite (browser client) | |
| Pre-send DLP / error prevention | Not an ASTIS Mail feature | |
| Subject lines encrypted | ||
| Where mail lives | Your Gmail/M365 mailbox (as ciphertext) | |
| Certifications issued today | ||
| Published pricing | ||
| Track record | New product, no public review base |
Where is the trust boundary?
Every product on this market draws a line: everything left of it cannot read your content; everything right of it you have to trust. The only question that matters is where the line sits.
Keys generated and used client-side. No service can produce plaintext.
Content encrypted, but a vendor-run key server authorizes every decryption.
Encryption and access control live in the vendor’s server-side platform.
TLS in transit; content readable at rest by providers and gateways.
Zivver’s encryption and access control run in its server-side platform — the company states it never holds decryption keys, and audits back the claim. The boundary still sits at a vendor platform you trust, now owned by a US parent.
Where your data lives
ASTIS Mail deliberately does not host message content: decrypted mail exists only on your devices, ciphertext rides your own mailbox. Compare where each product puts plaintext.
Who holds the keys?
ASTIS Mail’s model
Encryption happens in the client before anything leaves your device: body, subject, attachments, filenames sealed per message; keys wrapped per recipient; ASTIS servers store encrypted capsules keyed by address hashes — and no message content.
No server-side component could decrypt — and this is inspectable: open SDK, GPG-signed releases. “Zero-knowledge should be architecture, not a promise.”
Zivver’s model
Mail flagged as sensitive is delivered via Zivver’s platform: the recipient proves identity (SMS code, pre-agreed access code, or email verification) and reads in a secure web portal. “Zero-access encryption” is their stated design — a serious claim from a serious company, verified by trusting their audits, because the key handling lives server-side.
That server-side position is also what enables their best features: the friction-free external portal and pre-send DLP checks.
“Not even Zivver, as the service provider, can decrypt your data.” — their claim, their words; the architecture that enforces it runs on their platform.— zivver.com — zero-access encryption
Ownership and recipients — the honest section
The ownership question, stated plainly
In June 2025 Zivver was acquired by Kiteworks, a California company backed by US growth equity — announced in their own press release, linked below. Nothing improper about it. But if “European vendor, European jurisdiction” was part of why you chose Zivver, that premise changed; NIS2/DORA vendor reviews should re-open that line.
ASTIS is an EU entity with no US hyperscalers anywhere in the stack — data sits with French and German operators (OVH; Contabo) in DE + UK under adequacy. Same standard applied to ourselves: Contabo’s operator is German, its majority investor since 2022 is US-based KKR — disclosed here, because a vendor-jurisdiction review should get the whole picture from us, not discover it.
Where Zivver is genuinely stronger today
Zero-setup external delivery: emailing a patient or citizen who will never install anything — Zivver’s portal + SMS flow handles it. This is the single biggest functional gap between the products.
Error-prevention DLP before send, mature admin tooling, NHS-scale references, and issued ISO 27001/SOC 2 today. Their reviews’ recurring friction: 30-day session expiry, SMS-code hassle for recipients, content-check false positives.
Pricing
ASTIS Mail
- Solo $179/year · Team $15/seat/mo · Organization $20/seat/mo
- Self-serve, 30-day trial, no services engagement
- 25-seat firm: ≈ $4,500–6,000/year
Two honest shortlists
Pick Zivver if
- Dutch/UK healthcare, government, legal mailing unprepared citizens and patients
- DLP nudges against misaddressed mail matter as much as encryption
- Issued ISO 27001 / SOC 2 required on day one
- NTA 7516-aligned workflows for Dutch healthcare
Pick ASTIS Mail if
- EU firms whose vendor-risk review now flags US ownership
- Repeat correspondents — one-time key invite beats per-message SMS codes
- Threat model requires that no vendor platform could ever produce plaintext
- Mail must stay in your own mailbox, not a parallel vendor store
FAQ
Is Zivver end-to-end encrypted?
Zivver markets “zero-access encryption” and states it never holds decryption keys. Its architecture is a server-side platform with client plugins; verification of the claim rests on audits. ASTIS Mail’s encryption runs entirely client-side and is inspectable in the open SDK.
Is Zivver still a European company?
Zivver operates from Amsterdam but has been owned by Kiteworks (California, US) since June 2025 — per Kiteworks’ own press release.
Did Zivver lose its NTA 7516 certification?
In May 2022 the Dutch standards body NEN withdrew NTA 7516 supplier certificates from all vendors due to flawed testing criteria — not a Zivver-specific failure. Zivver now positions its product as enabling customer compliance with NTA 7516.
Can ASTIS Mail send to someone with no key?
Not encrypted — the sender is warned and must choose. External recipients go through a one-time key invite first (browser-based, no install). If your daily flow is one-off mail to strangers, Zivver’s portal fits better today.
Sources — retrieved July 2026
- Kiteworks acquires Zivver — official press release
- Zivver: zero-access encryption
- Zivver pricing
- Zivver: NTA 7516 status
- Capterra — Zivver reviews
- ASTIS security whitepaper
All trademarks belong to their owners. Prices and features change — verify before deciding. Found an inaccuracy? [email protected] — we fix verified inaccuracies within one business day.
Don’t trust either vendor — verify.
Read the security documentation, then run the 30-day trial on your existing Gmail or Microsoft 365 mailbox. Keep the provider. Protect the content.