“Privacy. It’s not just our policy. It’s our mission.”

StartMail is built by the people behind StartPage, the world’s most private search engine. We believe that privacy is a human right. As early as 2005 we recognized that clever technical solutions would be required so that you can exercise your right to privacy online. We turned out to be ahead of our time. Over the next decade, revelation after revelation showed how much our online privacy had come under attack. In response, we built more and more defenses into our search engines to protect our users. People now use StartPage to find information millions of times per day, without being tracked or profiled.

We then turned to our next challenge: email privacy. Everyone uses email, but sending regular email is like sending a postcard—it makes snooping very easy! Advanced encryption technology already exists to stop hacking and mass surveillance, but making this technology user‐friendly was our challenge. That’s why we built StartMail from scratch: a total solution for protecting your email privacy that includes features like extra-secure data storage, disposable email addresses, and an ownership that will resist unwarranted intrusion. It has easy‐to‐use ‘one‐click’ encryption, and a very clear privacy policy.

We have the ambition to empower people everywhere to take back their online privacy. StartMail is the latest addition to our state-of-the-art privacy-enhancing technologies.

Robert Beens

StartMail has been developed to Protect your Privacy

StartMail believes that privacy is a fundamental human right. Using StartMail, you can protect yourself against unwarranted intrusion and mass surveillance, and take back your right to communications privacy. Our core values include “privacy by design” and “minimal data retention”.

Read more

Our core values are:

  • Privacy by design. Privacy shouldn’t be an afterthought. We built StartMail from scratch, and privacy has always been our main objective.
  • Encryption made easy. Encryption is a must to achieve privacy. While existing encryption solutions for email are cumbersome, StartMail makes encryption easy for everyone.
  • Optimal security. Privacy and security must go hand in hand. There can be no privacy without security.
  • Minimal data retention. We store and process as little personal information about you as possible.
  • Transparency of purpose. We have no hidden agenda with your information. If we store your data at all, we always tell you exactly why.
  • Responsible protection of users’ civil rights. We believe communications privacy is a fundamental right. StartMail protects your email against unauthorized and unconstitutional intrusions.
  • Transparency about our solutions and remaining threat vectors. 100% privacy or security does not exist. We strive to be as open and clear as possible about what our solution can and cannot offer.

Definitions of the capitalized terms are included in the Terms of Service.

We put you Back in Control

We are fully transparent about which data we process and why. We put you back in the driver’s seat when it comes to your data.

Read more

Your inbox and other personal information are yours even though we help you by storing it and making it accessible through our user-friendly interface. Exactly which part of your data is processed by us and why, depends on how you are using our Website and the StartMail Service.

1. Visiting our Website, until the session ends

When you visit the Website, the following details are automatically processed for the duration of your session:

  • Your IP address
    → to allow effective troubleshooting.
  • Browser and operating system type and version
    → to display the Website in the right format for your browser and operating system.
  • Browser language settings
    → to show you the Website in the right language.
  • Country (based on IP-address), date and time
    → to know in which countries and at what moments our marketing efforts appear to be effective.
  • Origin of your visit (such as whether you directly typed the Website URL, or accessed the Website through a search engine query or link from another website)
    → to assess the success of our search engine optimization and information outreach efforts.
  • Clicked links and visited (parts of) pages on our Website
    → to help us get an idea of which of our pages appear to be effective to inform our visitors. When your session ends all of this information is either deleted or anonymized, with the exception of the IP address, which will be anonymized (using a sha-256 hash with salt) after a maximum of 48 hours, and completely deleted within a maximum of 3 days (33 days for beta accounts).

When your session ends all of this information is either deleted or anonymized, with the exception of the IP address, which will be anonymized (using a sha-256 hash with salt) after a maximum of 48 hours, and completely deleted within a maximum of 3 days (33 days for beta accounts).

We collect the anonymized information above, excluding the SHA-256 hash of your IP address, on an aggregate level, in order to analyse usage trends and for troubleshooting purposes.

2. Signing up for an Account

When signing up for the StartMail Service you are asked to provide:

  • A name that you choose (optional and may be an alias or pseudonym, but see also our Terms of Service),
  • → to be able to address you when we communicate with you.
  • Verification email address → This address is used to send you an activation link to activate your StartMail trial account. To maintain the integrity of the StartMail service, StartMail must take measures to avoid the automatic creation of accounts by spammers. This is because if spammers use StartMail to send messages, StartMail’s IP addresses can become blocked by major mail providers such as Gmail, Yahoo, Outlook, etc.
  • Your desired email address (required),
    → to provide you with your StartMail email address
  • A password (required),
    → to provide authentication for your Account.
  • A Recovery Email Address (optional, see also our ToS),
    → to communicate with you in the event that you need to recover access to your StartMail Account should you ever lose your password.
  • An invite code (optional, if you have one),
    → to give you the benefit of a promotional offer.
  • Your preference as to whether you would like to subscribe to our newsletter(s),
    → to send you our newsletters only if you want to receive them.

3. Paying for a Personal Account

StartMail offers a paid subscription service which can be paid for with various online payment methods. To facilitate payment and to manage the customers’ subscription, StartMail works with third-party payment providers and a subscription management provider.

  • For payment processing, StartMail relies on third parties such as Stripe and Paypal to process payment details such as credit card information to process your payments or refunding such payments. In accordance with Payment Card Industry Security Standards (PCI DSS), which our payment and subscriptions providers all adhere to, they are not permitted to use your information for anything other than processing your payment.
  • For subscription management, StartMail relies on Chargebee to manage customer lifecycle operations such as managing trials, assigning credits, issuing refunds and making mid-cycle subscription Our subscription management provider processes data only as our ‘processor’ (as intended in the GDPR). Through our data processing agreement, we have bound this provider to only process data in order to provide their services to us and not for other purposes. In addition, we pseudonymize your data before providing it to our subscription management provider.

StartMail necessarily must share some information with these third-party data processors to provide the StartMail Service

The legal basis of this processing is the performance of the contract between you and StartMail.

In order to protect your privacy, StartMail will minimize the type and amount of data which is being shared with our data processors so you can make use of the StartMail service without sharing more of your private information than necessary.

For example: For StartMail to manage your subscription through Chargebee, a unique and random identifier is generated and shared with Chargebee. This unique identifier enables StartMail to link your StartMail e-mail address to your subscription at Chargebee but not the other way around. Chargebee only receives this unique identifier and as a result Chargebee cannot directly link the payment details to the email address you have registered at StartMail. This provides an additional safeguard to protect your privacy. For additional privacy, StartMail also offers anonymous payment methods. Please send a message to support@startmail.com to receive more information on how to perform such a payment.

Information required for Payment, billing and subscription information

The specialized payment and subscription providers Stripe, Paypal and Chargebee have been carefully chosen to responsibly process payment details and billing information which is used to manage your subscription. These companies have strict security standards, as laid down in the Payment Card Industry Security Standards (PCI DSS), with which they are fully compliant. These providers store account payment details under a unique number but cannot connect the payment data to the account email address. The StartMail system also works with this unique number and has no direct access to Stripe’s system – effectively separating the two systems

Privacy Policies


The information that you provide through Chargebee is subject to the Chargebee Privacy Policy. In addition to the payment details, an e-mail address which functions as an alias which is generated when you register at StartMail will be shared with Chargebee to help you and StartMail manage your subscription for example: you can receive notification when a charge is about to be incurred or has failed.


The information that you provide through Stripe such as your credit card number, credit card expiration date, card security code is subject to the Stripe Privacy Policy


StartMail supports PayPal as a payment processing provider. If you choose to pay with Paypal you agree with their privacy policy. You can find their privacy policy here: To make payments as easy and user-friendly as possible, StartMail sends your name and e-mail address to Paypal during a payment process. All this information would be requested by the provider anyway.

Privacy Shield

  • Both Stripe and Chargebee are certified under the EU-US and Swiss-US Privacy Shield.
  • Chargebee’s Privacy Shield certification can be viewed here. For more information, please visit Chargebee’s EU data transfers support page here
  • Stripe’s Privacy Shield certification is here, and Stripe’s Privacy Shield Policy here. For more information, please visit Stripe’s EU data transfers support page here.

4. Location of data


The StartMail databases (containing customer emails which are stored in encrypted user vaults) are located in data centers in the Netherlands. Payment and subscription details are stored in the (cloud) servers used by our payment and subscription management providers, outside of the EU. See below for more information.


Stripe’s data (credit card information for payment processing) is hosted solely in data centers in the US. Under EU data protection law, there is no requirement to localize, i.e., to store data in the EU. However, when data is transferred to a non-EU country that does not offer the same level of data protection as the European Union’s General Data Protection Regulation (GDPR), a data transfer mechanism has to be implemented to ensure this protection. To ensure this protection, Stripe has certified to the EU-U.S. and Swiss-U.S. Privacy Shield.


Chargebee has servers located in Northern Virginia (US) and the DR site in Frankfurt (EU). As it is not mandatory to maintain servers in the EU region. To facilitate this, StartMail and Chargebee have a Data Processing Addendum (DPA) for the transfer of data outside of the EU. StartMail uses pseudonymization to ensure that our subscription management provider cannot relate your subscription information to your e-mail address.


Paypal processes data in the US and is certified under EU-US Privacy Shield. Please see Paypal’s privacy statement to understand how they manage your payment details.

5. Using the StartMail Service

  • All of your email messages are stored in a secure User Vault on our servers. All information in the vault is encrypted (see StartMail Gives You Ironclad Data Protection on how we use encryption to protect your data)
  • Everything you can see through the regular user interface (your inbox and folders, including spam folder) is stored, and is stored safely in the User Vault.
  • Additionally, the following is also stored in the User Vault:
    • personalized spam preferences of the User as part of the self-learning process of the spam filter
    • a search index, which allows an efficient email search functionality

For several functions in the StartMail Service, such as logging in or account recovery, a SHA-256 hash of your IP-address is stored for several minutes for the purpose of preventing brute force attacks.

When you use the StartMail Service to send an email, your IP address is not included in the header of the email. Instead our IP address is shown.

6. Communicating with Us

When you communicate with us for support, our StartMail Support Privacy Policy applies.

7. Subscribing to our newsletter

On our support form, you have the option to subscribe to our newsletter. If you have subscribed, you may receive our newsletters until you have unsubscribed. You can unsubscribe at any time.

8. Deleted is Deleted

When you delete an email, it is immediately deleted from our production servers, unlike what happens with many other webmail providers. Only on the off-site backups (which are fully encrypted, of course) a copy will remain for the maximum retention period of three days.

Your Account will be stored for as long as our Agreement remains in force. When an Agreement is fully terminated, all data contained in the Account, including all emails, will be deleted permanently.

9. Viewing and Amending your Personal Data

If you have any questions about our Privacy Policy or if you have questions about viewing, amending or deleting your personal data, you can contact us via email at: legal AT startmail.com.

No Tracking or Advertising – Guaranteed

StartMail is an ad-free service. StartMail does not collect or share any data with a third party for advertisement or tracking purposes. We only use cookies to the extent that this is necessary to provide you with a smooth and user-friendly experience, and to understand how our Website is used in general.

Read more

Other webmail providers collect and use your personal data to display personalized ads to you. As a result you pay for your webmail with your privacy. We think your privacy is worth more than gold. We therefore don’t track your behaviour online and we don’t build any personal profiles of you. The StartMail Service is strictly ad-free.

What (tracking) cookies are and what they can do

A cookie is a small file that is stored on a computer (such as a PC, smartphone or tablet) when visiting a website. Cookies are very useful to enable a smooth and user-friendly experience on a website, for example to prevent that visitors would have to supply their login details again for every action on the website, or to remember the contents of a shopping basket. However, so-called ‘tracking cookies’ can also be used to track users across multiple websites and to build personalized profiles for advertising or other purposes, negatively affecting privacy.

StartMail will set cookies for the following purposes; First of all, we want to better understand how our StartMail product is used so that we can improve the service. And secondly, we want to evaluate the effectiveness of our marketing efforts aimed at attracting new StartMail users.  Click here for a complete and up-to-date overview of the cookies used by StartMail.

We use only anonymous data to try to improve our services

We collect only strictly anonymous statistics from our domain. Anonymous data is collected only in order to get an idea about what pages are effective in informing our users about the StartMail Service, and to improve the user interface. For example, we count the total number of times each page is being visited and we may get some insight into which pages or features are usually accessed consecutively, but we never know who has visited which pages and when.

We use an open source statistical measurement tool for this, called Matomo. We run this very lightweight tool on our own infrastructure to prevent anybody snooping the data, and we have specifically configured it for minimal data collection to ensure that no personal data is recorded at any time.

StartMail blocks remote content by default, to protect your privacy

Some emails contain remote content (such as images, which may even be invisible). If such remote content is loaded automatically, this enables the sender to know when the e-mail was opened, because the sender can detect when its content was loaded and by whom.

To protect your privacy, StartMail prevents any remote content to be loaded automatically when you open an email. It is possible to explicitly choose to always load such content automatically in your Settings. Please note that you should still be careful to avoid opening any attachments or clicking on any links in any email, unless you trust the sender and the content.

StartMail gives you Ironclad Data Protection

We use state-of-the-art technical and organizational security measures to protect your data.

Read more

On the Technical Side, we use state-of-the-art cryptography to protect your data. For example:

  • Traffic between the User and our servers is encrypted with SSL, and perfect forward secrecy is applied.
  • We only store passwords in hashed form on our servers.
  • Your StartMail inbox and its folders are stored in your own encrypted User Vault. Your User Vault is only opened when you login. When it is closed it is inaccessible to anyone.
  • When you are logged out of StartMail, your entire inbox is encrypted. When you are logged in, your unencrypted emails are unencrypted, but all of your PGP-encrypted emails are still encrypted unless you open an encrypted email by submitting your PGP-passphrase.
  • Users can encrypt emails via OpenPGP.
  • The users’ key-pair is stored in the User Vault. Additionally, the private key is encrypted by means of the passphrase. Without the passphrase the private key it can’t be decrypted or used.
  • We only use validated encryption algorithms that are considered safe by respected cryptographers.

For more detailed information about our technical security measures, please read our Security White Paper.

On the Organizational Side we have strict protocols in place to ensure the safety of your data. For example:

  • At each level, access to our systems is restricted to authorized staff with a legitimate need to know. This access is tightly limited, and is only for the purpose of providing the StartMail Service to you.
  • Any individual, who is given access to the StartMail system, is required to sign a confidentiality agreement.
  • No third party, contractor, or sub-contractor of StartMail is given access to the system, except for the purpose of enabling us to provide the StartMail Service to you. All such parties must sign a data processing agreement, containing confidentiality provisions and stringent security protocols.

Compliance with Legitimate Requests by Authorities

While we respect and try to protect your privacy to the best of our abilities, your use of StartMail does not place you above the law. But neither do we place authorities above the law. ONLY if we receive a request from Dutch judicial authorities to hand over information about one of our Users, we will have our lawyers check the validity of the request and determine whether we are obliged to comply. We will NOT comply with such requests unless we are convinced that the request is legally valid and we believe that it is undeniably our legal obligation to comply.

We will NOT comply with requests from any authorities other than Dutch authorities. If we receive a request from any foreign government, we will refuse to comply and will instead instruct the requestor to place a formal request to the Dutch authorities for mutual assistance.

StartMail will never cooperate with any voluntary surveillance programs. Under the strong laws that protect the right to privacy in Europe, European governments cannot legally force service providers like StartMail to implement a blanket-spying program on their users.

Requests by Private Third Parties

We will NOT comply with any requests from private third parties to provide information about our Users, unless we would receive a valid Dutch court order and we believe it is undeniably our legal obligation to comply.

We will not reduce your rights without your explicit consent

We may change our Privacy Policy from time to time. Any changes to our Privacy Policy will be posted on this page, and we will provide a more prominent notice, such as an email message, if we believe a change significantly affects your privacy. You may also review older versions of our Privacy Policy through our Website.

StartMail complies with the World’s toughest Privacy Laws

StartMail is based in The Netherlands, Europe, where privacy laws and regulations are among the strictest in the world.

For example, we do the following to comply with the General Data Protection Regulation, which is widely renowned as one of the strongest privacy laws in the world and gives you formidable legal rights:

  • clearly state our identity as a ‘controller’ of your personal data and how you can contact us with questions or requests about your privacy;
  • clearly explain for what legitimate purposes and interests and under which legal basis we process personal data, as we do in this privacy policy;
  • clearly state which kinds of parties may need to receive your personal data from us and why;
  • first request your express consent to the processing of your personal data in cases where your consent is required, giving you the right to withdraw your consent at any time;
  • do everything we can to prevent that we would process more personal data than necessary for our legitimate purposes, or store it for longer than necessary;
  • implement appropriate security measures to protect your personal data, and demand the same of any party processing personal data on our instructions;
  • respect your right to request inspection of your personal data and have them corrected or deleted, or to restrict our processing of it.

Legal basis for processing your data

The following legal grounds apply to process your personal data:

  • Your consent. By using the StartMail Service, you consent to our processing of your data as part of the StartMail Service.
  • Necessary to perform a contract with you, or take steps before entering into a contract with you at your request. By signing up for the StartMail Service, you request us to prepare your contract. Once your contract has been entered into, we may process your data as necessary to perform our contract with you (providing the StartMail Service to you).
  • Our legitimate interest, to provide the StartMail Service to you in the best way we can.
  • Our legal obligations, for example our obligation to store invoices for tax purposes.

Your rights with respect to your data

You may ask us at any time to access, correct or erase your data. You may also request us to keep your information but block it from further processing. You can submit any such request by using our contact details below.

If you inform us that you withdraw your consent to process your information, we will delete your information, unless we are legally required to keep it (e.g. invoices, as explained below under retention periods).

Retention periods

We store invoices for 7 years, or whichever period may be prescribed under applicable tax law.

E-mail account
If you have subscribed to the StartMail Service, your Account will be stored for as long as our Agreement remains in force. When an Agreement is fully terminated, all data contained in the Account, including all emails, will be deleted permanently.

Dutch Data Protection Authority

We are always here to help. If you have any feedback or complaint about our services in general, or more specifically about how your privacy is protected when you use our services, please let us know via the contact details below. In accordance with EU privacy laws and regulations, you have the right to lodge a complaint with the national supervisory authority responsible for the protection of personal data if you think we have unlawfully processed your personal data. For the Netherlands, this supervisory authority is the Dutch Data Protection Authority, which you can contact here.

Our company and contact information

Still have privacy questions?

With this privacy policy we have done our utmost to inform you as well as possible about your privacy while using our services. We hope that you agree that your privacy is in good hands with us. Startmail.com is owned and operated by Startmail BV, Boulevard 11, 3707 BK Zeist, The Netherlands. Representative for the Privacy Policy is Robert E.G. Beens. You can contact us at privacypolicy AT startmail.com.

Last Modified: December 19th 2019

Effective: December 20th 2019

Privacy. It’s not just our Policy – it’s our Mission!