Your encrypted mail and calendar —
your brand, your servers, your data
A white-label, client-side encrypted mail and calendar workspace for regulated institutions — built from the live ASTIS Mail core and scoped around your brand, domain, identity, key custody, mail-stack integration, deployment topology, and custom extensions. Readable business data stays on the client.
Live product: mail.astis.io · White-label path: your brand, domain, identity, and deployment model
ASTIS and infrastructure providers handle routing, storage, and key operations — without access to mail or calendar content.
Four things that rarely come together
Many secure-mail products encrypt content, but do not give institutions full control over brand, key custody, and deployment model. Many white-label email stacks still rely on gateway trust models where provider infrastructure may access content. ASTIS Mail WL brings these together: encrypted mail and calendar, EU-sovereign deployment, your brand, your keys.
What you control
ASTIS Mail WL adapts to your institution — not the other way around. You choose identity, infrastructure, key custody, brand, and deployment model. ASTIS engineering configures the workspace to your security policy.
Your brand
Your logo, colours, domain, and app experience — mail.yourorg.com, your visual identity, your user journey. Users interact with your workspace, not an ASTIS-branded product.
Your mail servers
ASTIS Mail WL can be scoped for your mail stack: Gmail / Microsoft 365 today, and supported IMAP/SMTP workflows as part of the productization engagement.
Your identity
SSO / identity integration can be scoped for production white-label deployments — OIDC, Entra, Okta, Ping, or your own IdP depending on requirements. Lock access to your organization only, with no consumer accounts.
Your keys
Key custody stays with you: managed HYOK where ASTIS operates the service while you control the key, or self-hosted CryptoVault Service in your own infrastructure. Business data is encrypted on the client before it reaches storage or routing infrastructure.
What's included
Encrypted email
OpenPGP + AES-256-GCM, encrypted and decrypted on the device. Infrastructure stores and routes protected content; readable business data stays on the client.
Encrypted calendar
End-to-end encrypted events for business data such as title, description, location, attendees, meeting links, and attachments. Provider calendars can still route, store, and schedule encrypted records.
Standalone or embedded
Run it as your own branded workspace: PWA in the browser today; optional desktop and mobile app packaging (Windows, macOS, Linux, iOS, Android) can be scoped as part of the white-label engagement; or embedded inside your existing product or customer portal.
Built to extend
Need a workflow your institution depends on — a custom plugin, sector-specific integration, internal approval flow, or product module? Because each deployment is a dedicated engagement, ASTIS engineering can extend the workspace to your roadmap.
Designed to support NIS2 / DORA controls and SOC 2 evidence
ASTIS Mail WL is built for regulated control environments: customer-held keys, client-side encryption, role separation, tamper-evident audit evidence, and clear trust boundaries between storage, routing, encryption, access, and audit.
Different paths, different depth
Some teams only need ASTIS Mail with light branding. Regulated institutions and OEM partners usually need a dedicated productization engagement.
White-Label Productization
For regulated institutions, banks, platforms, and OEM partners that need their own brand, domain, identity model, key custody, deployment topology, integrations, plugins, and product-level customization.
This is a product and engineering engagement, not a logo-only setup.
Annual platform license + productization + per-seat or active-user pricing.
Use ASTIS Mail
Start with the live ASTIS Mail product — encrypted mail and calendar workflows, without a white-label engagement.
Open ASTIS MailAdd light branding
Need something lighter? ASTIS also supports branded workspaces on top of the live product — your logo, workspace name, basic theme, and an ASTIS-managed branded subdomain. No custom SSO, deployment topology, or product engineering.
Discuss branding options