Tuta (formerly Tutanota) vs ProtonMail — Pros, Cons & Jurisdictions

A summary of my analysis of these two email services.

Read carefully to the end. Then decide which one is best for you, or which one you can use in certain situations.

Don't trust, verify. DYOR.

Tuta leans ideological; Proton leans institutional.

Let's see.

Tuta and ProtonMail both promise a privacy-first email.

But privacy isn’t only about encryption — it’s also about who runs the company and where it lives.

Privacy lives in three layers: math, law, and trust. Decide which one you’re willing to rely on.

Both Tuta and ProtonMail are partially open source.

Tuta: its web, desktop, and mobile clients are fully open source, but the server code is closed. You can audit the encryption logic, not the full backend.

ProtonMail: also open source on the client side (apps, web, Bridge) under GPLv3, but the servers remain proprietary. Proton compensates with third-party audits and transparency reports.

In short, both are open enough to verify encryption, but not fully transparent end-to-end.

Tuta — Pros

• Encrypts more: subject, body, internal metadata

• Open-source foundation

• Post-quantum encryption roadmap (“TutaCrypt”)

• Lower entry cost for mail + calendar

Tuta — Cons

• Smaller ecosystem, limited integrations

• Interface less refined

• Based in Germany, part of the 14 Eyes intelligence alliance — meaning potential metadata-sharing under court orders

• Less convenient for non-encrypted recipients

ProtonMail — Pros

• Based in Switzerland, outside EU and 14 Eyes — strong privacy laws and an independent judiciary

• Broader ecosystem: Mail, Calendar, Drive, VPN

• Polished UX and long-standing reputation

ProtonMail — Cons

• Some metadata (like subject lines) is not always encrypted

• Slightly higher pricing for premium tiers

• One of the board members, Rosemary Leith, was a member of the World Economic Forum, where she chaired the Global Agenda Council on Internet Security. This WEF connection may raise eyebrows among users wary of institutional influence, even if it doesn’t imply control.

Legal cases & compliance

• Proton AG (Swiss company operating ProtonMail) – founded in 2014. Key founders include Andy Yen (Founder & CEO), along with other scientists who worked at CERN

• ProtonMail has complied with Swiss court orders — in one case, disclosing an activist’s IP and device data to authorities

• Tutao GmbH (German company behind Tuta — formerly known as Tutanota) — founded in 2011 in Hanover, Germany. Key founders: Matthias Pfau and Arne Möhle.

• Tuta was ordered by a German court to monitor a specific account and deliver non-encrypted emails

• Neither provider has decrypted end-to-end encrypted content, but both must obey national laws when valid orders are issued

Bottom line:

Tuta maximizes cryptographic purity but operates under EU oversight.

ProtonMail balances Swiss legal protection with a more corporate, global posture — including leadership with ties to major policy circles.