Trust center

Security,
where it belongs.

Hosted in EU regions you pick. Keys you can hold. Open architecture, and a compliance roadmap you can hold us to.

AES-256
At-rest encryption
TLS 1.3
In-transit, PFS, HSTS preload
E2EE
PGP · S/MIME · optional per tenant
EU-only
Region you choose · 3× redundancy
Compliance roadmap

Built to the standards we're certifying against.

We don't claim certifications we don't yet hold. The architecture is designed to these frameworks from day one — here's where each one stands.

EUGDPRProcessor obligationsCompliant by design
ISO27001Information security managementTargeted 2026
ISO27701Privacy information managementTargeted 2026
AICPASOC 2Operational controlsOn roadmap
EUNIS2Critical-entity obligationsOn roadmap
FRSecNumCloudANSSI qualificationOn roadmap
Architecture

Tenant isolation
all the way down.

Every customer gets dedicated encryption keys, dedicated storage paths, and — on Enterprise — dedicated compute. Compromise of one tenant must never reach another. It's a design invariant we build and test against, not a slogan.

  • Per-tenant keys in an HSM we do not hold
  • Per-tenant indexing shards, per-tenant search
  • Per-tenant rate limits & quota enforcement
  • Zero shared-secret paths by design
trust.email.eu/architecture
Tenant isolation map · illustrative example
tenant/meridiaan · key.eu-west● isolated
tenant/nordhavn · key.eu-north● isolated
tenant/caldera · key.eu-central · HSM● isolated
tenant/helveta · key.eu-central● isolated
tenant/ministere-nl · key.bring-your-own · rotating↻ rotating
Cross-tenant isolation tested continuously in CI● example
Transparency

We publish
what others don't.

From launch: quarterly transparency reports, a machine-readable subprocessor list with 30-day change notifications, a public incident log, and a bug bounty that pays — up to €250.000.

  • Government request log · published quarterly
  • Subprocessor RSS feed + webhooks
  • Post-incident writeups within 7 days
  • Bug bounty at launch · €500 – €250.000
trust.email.eu/reports
Transparency report · illustrative
Example layout · first report published at launch
Third-country requests
EU court orders
Security incidents
Bounties paid
Illustrative layout — the first real report publishes at launch.

Security, done
properly.

Per-tenant isolation, keys you can hold, EU-only by design — and a DPA and compliance roadmap you can read line by line.

Read the DPATalk to our security team