Everything you'd ask
before signing up.

Yes. The Free plan is free forever — 2 GB of mailbox storage, one @tacitusmail.com address, unified inbox across unlimited external accounts, encrypted 1:1 chat, audio and video calls, calendar, notes and contacts. No credit card needed to sign up.

If you want more storage, custom domains, or group video calls, see the Plus and Unlimited plans.

Pick a username on the home page, choose a password, and you're in. Your inbox, Sent, Drafts and Spam folders plus a default calendar are provisioned automatically. Takes about 30 seconds.

Yes — and the nice thing is you don't have to commit. Add your existing mailbox via the IMAP/SMTP presets in /settings/accounts and it shows up in the unified inbox alongside your new @tacitusmail.com address. Use both in parallel for as long as you want, migrate at your own pace, and flip the Tacitus account to default when you're ready.

We'll also add bulk IMAP import (fetch a folder's entire history into your Tacitus mailbox) in an upcoming release — track the changelog for updates.

One-click presets for Gmail, Outlook, iCloud, Yahoo, Proton Bridge, Zoho, Fastmail, GMX, Yandex and AOL. A generic IMAP/SMTP form lets you plug in any standards-compliant server (your company's Exchange/Dovecot, mailbox.org, Posteo, you name it).

Credentials are encrypted at rest with AES-256-GCM in the application layer before being written to Postgres, so a stolen DB dump does not reveal them.

Every mailbox you add runs its own IMAP sync in the background. The unified inbox is a cross-account view that lists messages from every connected account, sorted by date, with a coloured account-dot so you can tell them apart at a glance. Conversation threading works across providers — a Gmail reply to an Outlook thread shows up in the same thread.

Yes — one custom domain on the Plus plan, three on Unlimited. Point your MX records at mail.tacitusmail.com, verify ownership via TXT record, and we handle DKIM, SPF and DMARC setup automatically. You can use any number of addresses on each custom domain.

Every inbound message goes through a full Rspamd stack: Spamhaus ZEN / DBL, SURBL, URIBL, SpamCop and Barracuda Reputation Block List, plus Bayesian and neural network scoring. Postscreen rejects known botnets at the TCP handshake before they ever spawn an smtpd worker. All DNSBL lookups route through a local recursive resolver, so we stay inside the per-IP free quotas.

See the Rspamd deployment blog post for the full technical breakdown.

Yes. Tacitus chat runs on the Olm double-ratchet protocol (the same one Matrix and Element use), built on X25519 key exchange, AES-256 for message encryption, and HMAC-SHA256 for authentication. Our server only ever sees ciphertext — the plaintext is decrypted on your device with a key we don't have.

Calls are WebRTC peer-to-peer. The offer/answer/ICE exchange happens over our WebSocket signalling server, but the actual audio and video stream flows directly between the two participants, encrypted with DTLS-SRTP. If direct UDP fails because of strict NAT, the media falls back to a TURN relay — but the relay still only sees encrypted frames, because the key exchange happens peer-to-peer.

On iOS the app is a full CallKit citizen. Incoming calls ring the lock screen like a phone call (as long as the app has been active recently; we're waiting on Apple's unrestricted-voip entitlement for full background push).

Group calls and persistent meeting rooms are an Unlimited-plan feature and are rolling out as this quarter's focus. On Free and Plus you can run 1:1 calls today.

No. We never scan your mail for advertising profiles, "smart" suggestions or AI model training. Standard IMAP semantics mean the bodies are stored on our servers (so search and sync work across devices), but we have no automated pipeline that reads the content, and no human reads it either — support agents do not have access to individual mail bodies.

If your threat model requires that the server operator cannot physically read a stored message, compose with your own OpenPGP client and paste the armoured body into Tacitus — we'll deliver it unchanged. That's the only way to get OpenPGP-grade content encryption end-to-end through any SMTP provider, us included.

Every byte lives on servers physically located in the European Union and governed by GDPR. We do not replicate private data to US clouds for caching, backup or CDN acceleration. The full privacy policy lists every sub-processor we use (Hetzner, Let's Encrypt, Stripe, APNs).

No. We store an Argon2id verifier, not the password itself. The forgot-password flow sends you a reset link via email — if you have access to your @tacitusmail.com inbox (or your recovery email), you can pick a new password. If you've lost access to both, we cannot retrieve the cryptographic material inside your account.

Yes. Every mail exports as .mbox, every contact as .vcard, calendars as .ics, notes as markdown. Go to /settings/display → "Data export" (rolling out this quarter); until then, write to [email protected] and we'll do a full Article 20 data portability export by email.

Yes. One click from /settings/billing. The plan stays active until the end of the period you already paid for, then auto-downgrades to Free — your data is not deleted.

Annual plans are refundable pro-rata within 30 days of renewal under EU consumer law — email us and we'll process it through Stripe. Monthly plans don't refund, but they simply stop renewing.

The account downgrades to Free. Everything over the 2 GB quota becomes read-only — you can still read and export your mail, but you can't send or receive new messages until you upgrade again or clear space. No data is deleted unless you explicitly delete the account.

All prices are in EUR. VAT is added automatically based on the billing country through Stripe Tax. If you're a business with a valid EU VAT number, add it in billing settings and we'll apply the reverse charge.

Yes. Built in SwiftUI with CallKit, APNs push notifications, an offline chat cache, iPhone contact import, and the same compose / reply / reply-all / forward / view-source menu as the web. The TestFlight build is rolling out; email us if you want early access.

Not yet. The web client is responsive and works well on mobile Chrome / Firefox / Samsung Internet. A native Android client is on the roadmap but not shipping this quarter.

Postfix + OpenDKIM for mail delivery, Rspamd + Unbound for spam filtering, ClamAV for virus scanning, PostgreSQL 16 for storage, Elasticsearch for full- text search, Redis for cache + pub/sub, FastAPI + Python for the web backend, SwiftUI for iOS, WebRTC + Coturn for audio/video, Olm (vodozemac) for chat encryption, Radicale for CalDAV, and Docker Compose for deployment with blue/green rollouts.

Full list on the about page.

The components of the stack — Postfix, Rspamd, Postgres, ClamAV, Olm, Radicale, Coturn — are all open source. The Tacitus glue code that wires them together is currently proprietary, which lets the team fund ongoing development without depending on donations or foundation grants. Releasing parts of it as open source is on our list; email us if you have a specific request.

Email [email protected] with a proof-of-concept. We acknowledge within 24 hours, triage within 72 hours, and ship critical fixes within 7 days. Full responsible-disclosure policy on the security page.