Zum Inhalt springen
Unabhängig verifiziert · Quartalsweises Re-Audit
EU VETTED

Mailbox.org

VERIFIZIERT
Privates E-Mail · Germany
Founded 2014 · mailbox.org ↗

Berlin-based private email + drive + meet + office bundle (Heinlein Support GmbH); ISO 27001 + BSI C5, €1/mo entry.

Warum diese Bewertung?

Mailbox.org is operated by Heinlein Support GmbH (Berlin, founded 2014) on own German data centres, holds ISO/IEC 27001:2022 + BSI C5 Type 1 (rare full BSI-standard certification for an SMB email vendor), GDPR-compliant, PGP-supported, 100% renewable energy; entry tier €1/mo; full 5/5 with no CLOUD Act exposure.

SCORE
5.0/5
CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
JUMP TO
OVERVIEW

About Mailbox.org

**Mailbox.org** (operated by **Heinlein Support GmbH**, Berlin) is a procurement-grade German private-email-plus-productivity suite — **Mail + Drive + Meet + Office** in a single bundled offering — entry tier from **€1/mo** (Light), business plans from €1/user/mo. The compliance posture is rare: **ISO/IEC 27001:2022 + BSI C5 Type 1** (Bundesamt für Sicherheit in der Informationstechnik Type-1 Cloud Computing Compliance certification, the BSI's standard for trusted cloud services in Germany), plus full **PGP** support for end-to-end-encrypted mail. Servers in own German data centres on 100% renewable energy. Slogan "Ihre Daten. Ihre Kontrolle." For DACH compliance buyers this is one of the cleanest picks across the entire directory.
SUB-PROCESSORS

Unterauftragsverarbeiter-Karte · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Rahmenwerke & Zertifizierungen

ISO/IEC 27001
ACTIVE
C5
ACTIVE
FEATURES

Funktionsmatrix

INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Preise & Tarife

KOSTENPFLICHTIG
ab €1/Monat
Preisseite ansehen ↗
PUBLIC DOCUMENTS

Öffentliche Dokumente

DPA accessibility is not scored for this listing. Self-hosted or local software, vendors that are not data processors, and products carrying a SecNumCloud, EUCS or BSI C5 certification are not assessed on DPA accessibility — see How we score.
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — not assessed
    n/a
  • Sub-processors list
    — missing
    missing
  • Terms of Service
    mailbox.org/en…
    Open ↗
ALTERNATIVES

Alternativen in dieser Kategorie

Infomaniak Mail (kSuite)
Switzerland

Swiss email + groupware (Infomaniak Group SA, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, free tier with @ik.me address.
Posteo
Germany

Berlin one-person-shop privacy email at €1/mo (Posteo e.K., since 2009); anonymous signup, BSI TR-03108 certified.
Proton Mail
Switzerland

Swiss end-to-end encrypted email by Proton AG (Geneva); 100M+ users, Foundation-controlled since June 2024.
See all privates e-mail alternatives →