Hosted in Norway

Email: Uncompromisingly Private and Secure

Private email hosting built around data minimization and open-source infrastructure.

Create Your Account Code

Securely Designed to Protect Privacy

Privacy by Design

Only data required to run the email servers is collected, and any data no longer needed is deleted.

Verifiable Security

All our code is open source and can be audited by the community and external cybersecurity firms.

10 Devices

Per account

0 Compromise

On what matters

20,00 € One time payment

One registration fee. No subscriptions and no recurring costs.

Compatible with

Command Line Linux macOS Windows Android No iPhone support

Norwegian Privacy

Private and Secure Access to the Internet Is a Human Right

An email address is a requirement for participating in the modern internet. It is the first thing most modern services ask for. Its privacy should be protected.

Your email address is the key to most of your online life. When your email provider tracks it, your identity becomes easier to profile, target, and expose.

Privacy.Fish treats email as private infrastructure, not as a data source.

We collect only what is required to run the mail servers, publish our code, and design every technical decision around privacy and security.

Read our company philosophy page

Privacy Aliases

20 €

One Time Payment

10

Devices

0

Compromise on Privacy and Security

What we do differently

What separates us from all others

Every design decision puts your privacy first — from encryption at rest to how we handle payments and logs.

Data Minimization by Default

  • We do not want data we don't need and prefer deleting data over trying to protect it.
  • No analytics, trackers, website-, mail- or ssh auth logs.
  • You download and delete mail from our servers yourself. Mail you do not delete is deleted after 14 days.

Private Payment

  • After signup, you receive a temporary payment code valid for 30 days.
  • Once payment is received and the account is created, the code is deleted so the payment cannot be linked to the account anymore.
  • We support cash by letter, cryptocurrencies, SEPA bank transfer, PayPal and credit cards.

Norway’s Privacy Jurisdiction

  • Norwegian law only requires us to save when you logged in and from with IP:port, for 12 months.
  • All other jurisdictions come with broader surveillance requirements. For example Switzerland can require sender, recipient, protocol, mailbox-event, and server metadata, while Germany requires large email providers to maintain lawful-interception infrastructure.
  • VPN access is encouraged and tor .onion addresses are available for all servers.

Security Model

  • Built using the most secure open source software (OpenBSD, OpenSMTPD, OpenSSH) and only minimal custom code. Everything is auditable open source code.
  • To prevent patched exploits from leaving persistent access, all servers are rebuilt weekly, while only stored emails and your SSH public keys are migrated.
  • Admin workstations are OpenBSD Raspberry Pis, replaced monthly with only the SSH private key migrated, and firewalled to only reach our servers and stw.no.

Secure Email Workflow

  • Security before convenience - There is no webmail, password login, IMAP, or POP3 - only SSH and SFTP access through our client app.
  • Your emails are stored age-encrypted using your SSH public keys and are securely deleted after 14 days or when you delete them yourself.
  • If a recipient’s mail server cannot prove its identity with a valid TLS certificate, the app asks you to cancel or send anyway.

Should you use it?

Privacy Requires Making a Choice

Built for

  • You are privacy-conscious and want an email provider that collects as little data as possible.
  • You do not want your email or personal data permanently stored on someone else’s servers.
  • You prefer a small, focused service built exclusively for the best possible privacy and security.

Not built for

  • You need your email provider to permanently store mail instead of downloading it to your own devices.
  • You need browser email access, even if that means exposing even more metadata or readable mail to the provider.
  • You need bundled extras like calendar, contacts, cloud storage, or office tools, even if they add attackable code.

How it works

From Signup to Inbox

After the legal consumer refund period of 14 days has expired, we will permanently delete all information on which account is associated with which received payment.

01

Use the App to Generate Keypairs on Your Devices

Install the open source Privacy.Fish app and generate SSH keypairs for each device. Copy the public keys to the device you complete the signup form with.

02

Signup and Pay Privately

Copy your list of public keys into the signup form and use our privacy-respecting payment methods. We create your account within 24 hours after payment.

03

Connect the App to Your Email Client

Point your email app to this app’s local SMTP and POP3 ports, and it will handle sending, fetching, and decrypting your mail through our servers.

Our Trust Model

You Verify Everything

“Every secret creates a potential failure point.” — Bruce Schneier

Everything Open Source

All software used to build and administrate Privacy.Fish is public on github and our infrastructure can be inspected instead of blindly trusted.

Norwegian Jurisdiction

We chose Norway for the best privacy-respecting laws for our service, even though they have rather high taxes. Bcause privacy comes first.

Aligned Incentives

Privacy.Fish is funded by a one-time account fee, not ads, tracking, subscriptions, or selling access to your data.

Pricing

One Time Payment

No subscriptions or hidden fees. Payment to account association is deleted after account creation.

One-time payment
€ 20

For company lifetime access

Manual provisioning

Accounts are created by an administrator within 24 hours of payment.

Create Your Account

What’s included

  • Main username, 10 random and unlimited rotating aliases
  • All our domains work with your main username and all aliases
  • Maximum of 10 devices per account

Payment methods:

Cash by letter, Cryptocurrencies, SEPA bank transfer, Credit card and PayPal

Refund information:

Refunds are only possible before the account is created, because the payment-to-account association is destroyed right after.