Security & infrastructure
The following describes the operational posture of Tokmail as of the most recent audit. We update this page when material changes occur. No marketing content is published here.
- All mailboxes are issued with a per-account PGP key pair. Private keys never leave the client device after onboarding.
- Mail is stored on encrypted volumes using LUKS with keys held in TPM-bound storage. Volumes are unlocked manually on every restart.
- All inbound and outbound SMTP enforces TLS 1.3 with DANE/TLSA where supported. Plaintext fallback is disabled.
- Inbound mail is filtered by Rspamd. We do not scan content for advertising or profiling purposes.
- Webmail sessions require a hardware security key (FIDO2 / WebAuthn). Software TOTP is not accepted.
- Account access logs are retained for 14 days, then deleted. We publish a quarterly warrant canary on this page.
- Infrastructure is operated from two facilities within the European Union (Germany, Netherlands). No cloud providers, no managed services.
- We do not operate a mobile application. IMAP and SMTP credentials are issued per-device with revocation.
- No third-party JavaScript, fonts, analytics, or tracking pixels are served from this domain or our webmail.
- Mailbox data is not backed up to off-site storage by default. Backup terms are negotiated individually during onboarding.
Warrant canary — last updated 2026-06-25
We have received no production orders, gag orders,
or compelled-access requests in the preceding quarter.
Next scheduled update: 2026-09-25.