ASTIS Mail WL — White-Label · for NIS2 / DORA institutions

Your encrypted mail and calendar — your brand, your servers, your data

A white-label, client-side encrypted mail and calendar workspace for regulated institutions — built from the live ASTIS Mail core and scoped around your brand, domain, identity, key custody, mail-stack integration, deployment topology, and custom extensions. Readable business data stays on the client.

Live product: mail.astis.io · White-label path: your brand, domain, identity, and deployment model

ASTIS and infrastructure providers handle routing, storage, and key operations — without access to mail or calendar content.

Four things that rarely come together

End-to-end encrypted mail and calendar
EU-sovereign deployment
White-label — your brand
Customer-held keys (HYOK)

Many secure-mail products encrypt content, but do not give institutions full control over brand, key custody, and deployment model. Many white-label email stacks still rely on gateway trust models where provider infrastructure may access content. ASTIS Mail WL brings these together: encrypted mail and calendar, EU-sovereign deployment, your brand, your keys.

What you control

ASTIS Mail WL adapts to your institution — not the other way around. You choose identity, infrastructure, key custody, brand, and deployment model. ASTIS engineering configures the workspace to your security policy.

Your brand

Your logo, colours, domain, and app experience — mail.yourorg.com, your visual identity, your user journey. Users interact with your workspace, not an ASTIS-branded product.

Your mail servers

ASTIS Mail WL can be scoped for your mail stack: Gmail / Microsoft 365 today, and supported IMAP/SMTP workflows as part of the productization engagement.

Your identity

SSO / identity integration can be scoped for production white-label deployments — OIDC, Entra, Okta, Ping, or your own IdP depending on requirements. Lock access to your organization only, with no consumer accounts.

Your keys

Key custody stays with you: managed HYOK where ASTIS operates the service while you control the key, or self-hosted CryptoVault Service in your own infrastructure. Business data is encrypted on the client before it reaches storage or routing infrastructure.

What's included

Encrypted email

OpenPGP + AES-256-GCM, encrypted and decrypted on the device. Infrastructure stores and routes protected content; readable business data stays on the client.

Encrypted calendar

End-to-end encrypted events for business data such as title, description, location, attendees, meeting links, and attachments. Provider calendars can still route, store, and schedule encrypted records.

Standalone or embedded

Run it as your own branded workspace: PWA in the browser today; optional desktop and mobile app packaging (Windows, macOS, Linux, iOS, Android) can be scoped as part of the white-label engagement; or embedded inside your existing product or customer portal.

Built to extend

Need a workflow your institution depends on — a custom plugin, sector-specific integration, internal approval flow, or product module? Because each deployment is a dedicated engagement, ASTIS engineering can extend the workspace to your roadmap.

Designed to support NIS2 / DORA controls and SOC 2 evidence

ASTIS Mail WL is built for regulated control environments: customer-held keys, client-side encryption, role separation, tamper-evident audit evidence, and clear trust boundaries between storage, routing, encryption, access, and audit.

Customer-held key custody — supports cryptography and access-control requirements
Client-side encryption — readable business data stays on the client
Role separation by architecture — storage, routing, encryption, access, and audit are separated
Tamper-evident audit evidence — designed to support internal and external reviews
EU-sovereign deployment options — aligned with regulated-sector data governance

Different paths, different depth

Some teams only need ASTIS Mail with light branding. Regulated institutions and OEM partners usually need a dedicated productization engagement.

Main engagement

White-Label Productization

For regulated institutions, banks, platforms, and OEM partners that need their own brand, domain, identity model, key custody, deployment topology, integrations, plugins, and product-level customization.

This is a product and engineering engagement, not a logo-only setup.

Annual platform license + productization + per-seat or active-user pricing.

Talk to sales

Use ASTIS Mail

Start with the live ASTIS Mail product — encrypted mail and calendar workflows, without a white-label engagement.

Open ASTIS Mail

Add light branding

Need something lighter? ASTIS also supports branded workspaces on top of the live product — your logo, workspace name, basic theme, and an ASTIS-managed branded subdomain. No custom SSO, deployment topology, or product engineering.

Discuss branding options