AES-256-GCM encrypted at rest

Email that stays private. No exceptions.

Every email body is encrypted with AES-256-GCM at rest. Incoming mail is encrypted within seconds. Karelia-to-Karelia emails are end-to-end encrypted with RSA-2048. Even if our servers are compromised, stored emails are unreadable ciphertext.

Zero-access encryption
No ads, no tracking
Built for privacy

Why Karelia Mail is different

Services like Gmail and Outlook have access to your inbox. With Karelia, every email body is encrypted on disk: nobody can read them but you.

Full At-Rest Encryption

All email stored on our servers is encrypted with AES-256-GCM. Sent mail encrypted instantly. Incoming mail encrypted within seconds of arrival. Even if our server is breached, stored emails are unreadable ciphertext: not even we can read them.

Zero Surveillance

We never scan your inbox, never run ads, and never sell your data. TLS encryption is enforced on all incoming and outgoing mail. Karelia Mail is funded by subscriptions: not by monetizing your privacy.

Recovery Phrase Backup

Your account is protected by a 24-word recovery phrase. Lose your password? Your phrase restores everything: no personal info required.

No Phone Number Required

Create an account with just an email and password. We do not require phone numbers, identity verification, or personal details.

Built on Open Standards

Powered by Postfix and Dovecot on standard SMTP/IMAP protocols. Use any email client: Thunderbird, Outlook, Apple Mail, or our web app.

One Account, Everything

The Karelia Vault holds your identity, mail, storage, and business keys in one unified encrypted account. One password unlocks all Karelia services.

Everything you need

More than just encrypted — a complete mail client with all the features you expect.

Full-Text Search

Search across from, to, subject, and email body content. Find any message in milliseconds.

Attachments

Send and receive files up to 25 MB. Attachments appear inline in messages. Download with one click.

Passkey Login

Sign in with your fingerprint or face using WebAuthn. No password to type. Register in Settings.

Filters & Rules

Auto-sort incoming mail by sender, subject, or content. Move, delete, or star messages automatically.

Contact Auto-Suggest

Start typing and contacts appear. Learned automatically from your sent mail and Karelia's user directory.

Dark & Light Theme

Switch between dark and light mode. Your preference persists across sessions in local storage.

Mobile & Tablet PWA

Install on iPhone, iPad, or Android. Full-featured on any screen. Push notifications for new mail. Works offline.

Push Notifications

Get notified the moment new mail arrives. Includes sender name and subject line in the alert.

IMAP & SMTP Access

Connect Thunderbird, Outlook, or Apple Mail. Standard IMAP on port 993 and SMTP submission on port 587.

Bulk Operations

Select multiple messages with checkboxes. Delete all at once. Select All for efficient inbox management.

Drafts with Auto-Save

Compose messages and drafts save automatically every 30 seconds. Pick up right where you left off.

Reply & Forward

Reply quotes the original message. Forward pre-fills with full headers. Standard email workflow.

Email Threading

Conversations grouped automatically. Expand threads to read the full discussion in chronological order.

Import & Export

Download individual emails as .eml. Export your entire inbox as .mbox. Import .eml files from other services.

Email Signature

Set a personal signature that auto-appends to every new message. Edit it anytime in Settings.

Read/Unread Tracking

Unread messages stand out in bold with a gold accent bar. Unread counts displayed on every folder.

Quota & Usage

Storage bar in the sidebar always visible. Detailed usage breakdown in Settings. Know your limits.

PGP Encryption

Import or generate PGP keypairs. Send end-to-end encrypted email to non-Karelia users who use PGP.

How encryption works

It happens automatically. You use email normally: encryption runs in the background.

1

You send an email

Compose and send as usual. External recipients receive normal plaintext email.

2

Auto-encrypted on disk

Your copy is encrypted with AES-256-GCM before storage. The file on disk is pure ciphertext.

3

Incoming mail encrypted

New emails are encrypted within seconds. When you open your inbox, encryption triggers immediately.

4

Only you hold the key

Your encryption key lives in the Karelia Vault, unlocked only by your password. We cannot decrypt your email.

Simple, transparent pricing

All plans include zero-access encryption. Mail storage is exclusive to mail — not shared with other Karelia services.

Starter

Free
Forever free
  • 1 email address
  • 1 GB storage
  • AES-256-GCM encryption
  • Zero-access privacy
  • Recovery phrase backup
  • Standard support

Business

€12/month
billed monthly
  • Unlimited addresses
  • 50 GB storage per user
  • AES-256-GCM encryption
  • Zero-access privacy
  • Admin dashboard
  • Priority support
  • Custom domains (soon)
  • Team recovery controls (soon)

All plans include AES-256-GCM encryption at rest. E2EE on Karelia-to-Karelia emails.

How we compare

Most email providers can access your messages. Karelia Mail is different.

Gmail / Outlook

  • × Provider can read your email
  • × Targeted advertising
  • × Requires phone number
  • × Plaintext storage on disk
  • × Tracks your online activity
  • × Proprietary lock-in

Proton Mail

  • End-to-end encrypted
  • No ads or tracking
  • No phone required
  • Encrypted at rest
  • × Proprietary server stack
  • × No standard IMAP/SMTP
  • × Shared storage quota
  • × No passkey login
  • × No multi-domain
  • × No unified vault

Karelia Mail

  • E2EE between Karelia users
  • AES-256-GCM at rest
  • No ads, no tracking
  • No phone required
  • Enforced TLS on all mail
  • Standard SMTP/IMAP
  • Passkey / biometric login
  • Multi-domain support
  • Mail-only storage quota
  • Bulk operations
  • Recovery phrase backup
  • Unified Vault system

Keep your communications private

Choose email that is encrypted by default. No ads, no surveillance, no compromises.

Frequently asked questions

What makes Karelia Mail private?

Every email body is encrypted with AES-256-GCM using your personal mail key before it is written to disk. Even if our servers are compromised, all an attacker sees is encrypted ciphertext. Your key is stored in the Karelia Vault and only unlocked with your password: we have no way to access it.

Can external recipients read my emails?

Yes. When you send to someone on Gmail, Outlook, or any other service, they receive a normal plaintext email. Only your local copy stored on our servers is encrypted. Incoming emails from external senders are encrypted within seconds of arrival.

What happens if I lose my password?

Your account is protected by a 24-word recovery phrase generated during registration. This phrase can restore your vault and set a new password. Karelia does not store your recovery phrase: keep it safe offline. Without it, your encrypted data is irrecoverable.

What is the difference between the free and Pro plans?

The free Starter plan includes 1 GB storage and 1 email address with full encryption. The Pro plan adds 10 GB mail storage, 5 email addresses, custom display names, and priority support. All plans use the same AES-256-GCM encryption: privacy is never a paid feature.

How is this different from Proton Mail?

Both services provide encrypted email. Karelia Mail runs on standard open-source infrastructure (Postfix and Dovecot) with standard SMTP/IMAP protocols, so you can use any email client. Proton Mail uses a proprietary server stack. Karelia also offers a unified Vault system that manages all your encryption keys in one place.

Is mail between Karelia users end-to-end encrypted?

Yes. When you email another @kareliaflow.com user, the email body is encrypted on your browser with their RSA-2048 public key before it ever leaves your device. The ciphertext travels through our servers and is only decryptable by the recipient's browser using their private key from the Karelia Vault. Our servers never see the plaintext: true zero-access encryption.

What is the Karelia Vault?

The Vault is Karelia's unified identity and encryption system. A single account holds all your cryptographic keys: mail, storage, business, identity: encrypted with AES-256-GCM. One password unlocks every Karelia service. No separate logins for different applications.

Mail storage is separate. Unlike Proton and Google where photos, files, and email compete for the same quota — your mail storage is exclusively for mail. When Karelia Storage launches, it gets its own allocation. Your inbox will never fill up because of a photo backup.