Tuta - Secure email & calendar

Tuta, previously known as Tutanota, stands out as the most secure email service available - it is fast, encrypted, open source, and free of charge. With a user base exceeding 10 million individuals, both personal and professional, and endorsed by security and privacy specialists, this application is essential for safeguarding your private emails and calendars from unwanted scrutiny.

How to use

The complimentary secure email application from Tuta also features an encrypted calendar and contacts. Tuta Mail allows you to enjoy the advantages of cloud services - accessibility, flexibility, and automatic backups - all while maintaining top-notch security and privacy.

This free email application boasts a sleek and attractive user interface, a dark mode option, instant push notifications, auto-sync capabilities, secure full-text search on encrypted data, swipe gestures, and additional features. Business email plans provide adaptable user management and administrative levels to simplify the handling of your organization's email requirements.

Here’s what you’ll appreciate about the Tuta email client for Android:

- Set up a free email address (ending in @tuta.com, @tutanota.com, @tutanota.de, @tutamail.com, @tuta.io or @keemail.me) with 1 GB of complimentary storage.

- Establish custom domain email addresses for €3 monthly, including optional catch-all and unlimited email addresses.

- Emails display instantly upon receipt, eliminating the need to refresh.

- Convenient access to your encrypted emails, calendars, and contacts – even when offline.

- Use swipe gestures for efficient inbox management.

- Receive immediate push notifications.

- Enjoy auto-complete functionality for email addresses while composing messages.

- Benefit from auto-sync across app, web, and desktop clients.

- Tuta is completely free and open source (FOSS), ensuring that security professionals can verify the code.

- Utilize our secure and private full-text search to find everything within your encrypted emails.

- Enjoy anonymous registration without the need for a phone number.

- Dispatch calendar invites straight from the secure calendar application.

- Create an unlimited number of encrypted calendars provided you choose a paid plan.

- Send and receive end-to-end encrypted emails at no cost.

- Exchange conventional emails (not end-to-end encrypted).

- Automatically encrypt subjects, content, and attachments to maximize security.

- Conduct business emailing with flexible user creation and administrative privileges.

Tuta values you and your data:

- You have exclusive access to your encrypted emails, calendars, and contacts.

- Tuta does not monitor or profile its users.

- The applications and clients are free and open source.

- We utilize TLS with support for PFS, DMARC, DKIM, DNSSEC, and DANE, ensuring secure email transmission.

- Our password reset process guarantees that we cannot gain access.

- Fully developed and hosted in Germany under strict data protection laws (GDPR) on our own servers.

- Our operations rely entirely on renewable energy.

The Tuta email application requires minimal permissions to protect your privacy:

- Full network access: Necessary for sending and receiving emails.

- Receive data from the internet: To alert you to new incoming emails.

- View network connections: To verify the existence of an internet connection.

- Read your contacts: Allows you to select recipients directly from your phone's contact list.

- Read from SD card: Enables the addition of attachments from SD cards to emails.

- Manage vibration: Keeps you notified upon the arrival of new emails.

- Disable sleep mode: Ensures you are alerted when new emails arrive.

Tuta Business FAQ

How is the paid version of Tuta Mail different to free?

Paid Tuta Mail features include support for custom domains (@yourcompany.com), unlimited email addresses with your own domain, 99.5% guaranteed uptime, up to 1 TB storage per user (depending on your plan), direct support, multiple calendars, sharing options for your calendars, and more. Benefit of all these usability features on top of best privacy and security.

What is business email and why is it important?

Business email is a company’s official email account. A professional email address includes your company name or a customized domain name – @companyname.com. Having a professional email address instead of one ending in @gmail.com is important for both small and big entities because it builds trust, credibility and brand awareness. With Tuta Mail for business, companies can create secure business email accounts quick and easy.

What is the best email address to use professionally?

Tuta Mail for business enables you to create a professional email address for your company with your custom domains, unlimited email alias addresses, and multiple users. Given the high level of privacy and security with quantum-resistant end-to-end encryption, Tuta Mail is best solution to use for secure business emails.

Does Tuta Mail have a spam filter and phishing protection?

Yes. Tuta Mail does have a spam filter and phishing protection. On top of that, you can manually create company-wide spam rules to keep your employees' mailboxes free from junk mails.

Can a user have several email addresses?

Yes. You can create up to 30 email alias addresses per user, plus an unlimited number of email alias addresses with your own domain.

What is the difference between an email user and an administrator?

With paid business plans in Tuta, there can be multiple administrators and users. Mail administrators can configure all general settings, manage users, reset passwords and second factors, and manage payments. For organizations we recommend having at least two administrators, in case one of them loses their login credentials and recovery code.

What is an email alias address?

An email alias is an additional email address that you can use within your mailbox. Tuta lets you add multiple alias email addresses per user in any of our business plans. You can use these email addresses for both receiving and sending emails. Administrators can set up email alias addresses and link them to the user. Email alias addresses can be used for different purposes and are a good option to increase your privacy.

Where are my emails stored?

Your emails are stored on our own servers in ISO 27001-certified data centers in Germany, fully compliant with the GDPR. All user data in Tuta is automatically encrypted end-to-end so that only you can access your data. Not even we at Tuta can see your data.

Tuta Calendar FAQ

What is Tuta?

Tuta (formerly Tutanota) launched in 2014 to create a better web. Today, Tuta is the most secure calendar, email, and contacts service. We are innovation leaders in encrypted communication and have already implemented post-quantum secure encryption to keep your private data safe from future threats. We are at the forefront of the privacy revolution by offering everyone in the world private email, calendar, and contacts for free.

Is the information on my Tuta Calendar safe?

Yes. The seamlessly integrated end-to-end encryption makes the Tuta Calendar one of the most secure calendars available worldwide. The Tuta Calendar protects all your events and even your push reminders from prying eyes. No unauthorized person can decrypt or gain access to your personal or business events stored in the Tuta Calendar.

Can I import and sync all my calendars?

Yes. You can easily import all your calendars to Tuta via the settings. Once imported your calendars sync automatically across all your devices, no matter where you use the Tuta app. Find details on how to import your calendars here..

Does the calendar have event reminders?

Yes. The Tuta Calendar pushes event reminders reminders directly to your Android, iPhone, iPad or PC to make sure you never miss an event, even when offline. These reminders are kept hidden from your phone's operating system so that not even Google or Apple can see your events.

Is the Tuta Calendar available on mobile devices?

Tuta has encrypted mobile apps for Android and iOS allowing you to access your schedule, plan events, and stay organized easily from your smartphone. Tuta’s secure calendar is also available on web and desktop clients.

Can I create and share calendars?

Yes. You can create an encrypted calendar that all people or only certain employees in your organization can access. When sharing your calendar, you can assign different access rights: Read only, Read and write, Write and manage sharing. For instance, you can have a company-wide group which you use to share important appointments, public holidays, vacation days and repeating events such as team meetings. All data in the Tuta Calendar is always encrypted - even when you share your calendar.

NEWS

by  Willow Published on: 2025-04-16 / First published: 2020-01-30

When we redesigned the Tuta client back in 2017, we strictly focused on our mission to liberate everyone from being forced to use Google's services. New evidence now shows this was an excellent move as Google and Apple monitor all your push notifications. Except when you use Tuta: We offer one of the very few email apps available without Google's push notification service. Technically, this was a true challenge; so let's explain how we succeeded!

Enabling everyone to leave Google completely

Our aim with Tuta is to enable everyone to switch to a secure email service that respects your data and your right to privacy. It is very important to us that everyone can leave Gmail, also known as to “deGoogle”, completely.

Thus, getting rid of Google’s push notification services was our top priority when rebuilding our secure mail app from scratch. We are very happy that we have managed to replace Google’s GCM for push so that the Tuta app has zero connection to Google. This protects you from Google’s massive data collection as well as warrantless government snooping.

Now new evidence shows that this preemptive shift was an important step in protecting your privacy. Tuta is the only encrypted email provider offering this level of privacy, not even the secure alternative Protonmail is taking this extra step.

Apple and Google Monitor All Your Push Notifications

Startling revelations were made by Reuters on December 7th, 2023, with evidence that governments around the world are spying on Apple and Google users by monitoring push notifications which are sent to their devices. This alternative form of surveillance was first brought to public attention after an open letter sent by US Senator Ron Wyden to the US Department of Justice was released.

These notifications allow intelligence and law enforcement agencies to link already collected metadata to Google or Apple accounts.

The Tuta Team was already aware of this potential risk years ago and in 2017, we replaced Google’s notification services with our own push notification service. If you are using Tuta on Android, no push notification data is shared with Google. Your privacy is safe with us.

We also support installing the Tuta app on Android devices through F-Droid which allows you to use the software without providing Google with the information that you are using it. But no matter whether you install the Android app via F-Droid or Google Play, your push notifications are safe with us and not susceptible to Google’s data collection and surveillance.

For maximum privacy protection, in the past all push notifications on iOS devices only display minimal information, merely informing you that a new email has been received. This way, we limit the potential data that could be collected by Apple and government surveillance attempts. When we added a notification preview to show sender and subject line in notifications, we made sure that this information is securely encrypted to protect you from surveillance by Apple! By now, you can even use quick actions on notificaitons from the Tuta app all while we are protecting your privacy to the maximum.

How we replaced GCM

GCM (or, how it’s called now, FCM, Firebase Cloud Messaging) is a service owned by Google. We at Tuta used to use FCM for our old Android app, up until 2017. Unfortunately, FCM includes Google’s tracking code for analytics, which we didn’t want to have in our secure email app.

And, even more importantly: For being able to use FCM, you have to send all your notification data to Google - which should be a no-go for any secure email service. You also have to use their proprietary libraries. Because of the privacy and security concerns that naturally go along with this, we did not send any information along with the notification messages with the old app (which, understandably, led to complaints from our users). Therefore, the push notification in the old Android app only mentioned that you received a new message without any reference to the email itself or to the mailbox the message has been placed in.

FCM is quite convenient to use, over the years Google made changes to Android which made it harder not to use their service for notifications. On the other hand, giving up Google’s notification service would free us from requiring our users to have Google Play Services on their phones. So that’s exactly what we did!

The challenge to replace Google’s FCM

The Tuta apps are Libre software, and we want to provide a true open source alternative to Gmail, which to us includes publishing our Android app on F-Droid. We wanted our users to be able to use Tuta on every ROM and every device, without the interference of a third-party service like Google.

We decided to take on the challenge and to build our own push notification service.

When we started designing our push system, we had several goals in mind:

It must be secure

It must be fast

It must be power-efficient

We’ve made research on how other secure and private apps (Signal, Wire, Conversations, Riot, Mastodon) have been solving similar problems. We had several options in mind, including WebSockets, MQTT, Server Sent Events and HTTP/2 Server Push.

Replacing FCM with SSE

We settled on the SSE (Server Sent Events) because it seemed like a simple solution. By that I mean “easy to implement, easy to debug”. Debugging these types of things can be a major headache so one should not underestimate this factor. Another argument in favour of SSE was relative power efficiency: We didn’t need upstream messages and a constant connection to the server was not our goal.

So, what is SSE?

SSE is a web API which allows a server to send events to the connected clients. It is a relatively old API which is, in my opinion, underused. I’ve never heard about SSE before looking at the federated network Mastodon: They use SSE for real-time timeline updates, and it is working great.

The protocol itself is very simple and resembles good old polling: The client opens a connection, and the server keeps it open. The difference from classical polling is that we keep this connection open for multiple events. The server can send events and data messages; they are just separated by new lines. So the only thing the client needs to do is to open a connection with big timeout and read the stream in a loop.

SSE fits our needs better than WebSocket would (it is cheaper and converges faster, because it’s not duplex). We’ve seen multiple chat apps trying to use WebSocket for push notifications, and it didn’t seem power efficient.

We had some experience with WebSocket already, and we knew that firewalls don’t like keep-alive connections. To solve this, we used the same workaround for SSE as we did for WebSocket: We send “heartbeat” empty messages every few minutes. We made this interval adjustable from the server side and randomised to not overwhelm the server.

Multi-account support poses extra challenges

It should be noted that the Tuta app has multi-account support, and this posed a challenge for us: We wanted to keep only one connection open per device. After a few iterations, we’ve found the design that satisfied us. Each device has only one identifier. When opening the connection, the client sends the list of users for which it wants to receive notifications. The server validates this list against user records and filters out invalid ones.

Users may delete a notification token from their Settings but it would not affect other logins on this device. In addition to that, we had to build a delivery tracking mechanism when a notification is received. Unfortunately, we discovered that our server is unable to detect when a connection is broken so we had to send confirmations from the client side.

To receive notifications, we leverage Android capabilities. We run a background service which keeps the connection to the server open, similar to what the FCM process does. Another difficulty was caused by the Doze mode, introduced in Android M. The Doze, which is turned on after a period of inactivity, among other things prevents background processes to access the network. As you can imagine, this prevents our app from receiving notifications.

We mitigate this problem by asking users to make an exemption from battery optimizations for our app. It worked fairly well. The similar problem, but unrelated to Doze is vendor-specific battery optimizations. In order to prolong the battery life of their devices phone manufacturers, like Xiaomi, enable strict battery optimizations by default. Luckily users can disable them, but we must communicate this better.

Another problem was caused by the Android O changes. One of them is background process restrictions: Unless your app is visible to the user, your background processes are going to be stopped, and you’re unable to launch new ones.

Initially we thought that we can solve this by showing a persistent notification with minimal priority, which is visible in the notification gutter, but not in the status bar. This didn’t work for Oreo: If you try to launch a background service and use priority minimum for its notification, the notification priority is upgraded to a higher priority (visible all the time) and, in addition to that, the system shows another persistent notification: “App X is using battery”.

We initially planned to explain users how they can hide these persistent notifications but that wasn’t a great user experience, so we had to find a better solution. We leveraged Android Job mechanism to launch our service periodically (at least every 15 minutes), and we also try to keep it alive after-wards. We don’t hold WakeLocks manually – the system does this for us. We were able to ditch persistent notifications altogether. Even if notifications sometimes have a small delay, it will always be received and emails are there instantly.

In the end, we had to do some work, but it was totally worth it. We freed our users from Google Play Services requirement. Finally, everyone is able to get the Tuta app on F-Droid. The system now combines both: good power efficiency and speed.

The new Tuta Calendar app can also be found on F-Droid, our favorite app store.

Final thought: Every user should be able to choose a “Notification Provider” for every app

Wouldn’t it be great if the user could just pick a “push notifications provider” in the phone settings and OS managed all these hard details by itself? So every app, which doesn’t want to be policed by the platform owner, didn’t have to invent the system anew? It could be end-to-end encrypted between the app and the app server. There’s no real technical difficulty in that, but as long as our systems are controlled by big players who do not allow this, we have to solve it by ourselves.

For a free and open web, we need to stop giving all our private data to big corporations. That’s why we are saying: #NoMoreGoogle.