Secure corporate email for institutions.
Overview
A domestic, zero-access encrypted email platform built for government institutions and large organizations. KVKK, GDPR and BTK compliant. Multi-tenant by design — each institution runs as a fully isolated tenant on shared infrastructure. Written in Rust from the ground up.
Key facts
- Status
- Live
- Category
- Platform
- Founded
- 2026
- Parent
- RUBIKLABS
Technology
- Rust
- Kubernetes
- HSM
- SAML 2.0 / OIDC
- PGP / S/MIME
- TLS 1.3
Why Mail
Zero-access encryption
Emails are encrypted on arrival with the recipient's key. Decryption happens on the recipient's device only. No one — not even RUBIKLABS — can read the contents.
End-to-end encryption
Automatic E2EE between users on the platform. PGP and S/MIME for external correspondents.
Domestic and sovereign
All data hosted in Turkish data centers. No foreign dependency. Full data sovereignty for KVKK and BTK requirements.
Unlimited multi-tenant
Unlimited domains and institutions on a single platform. Each tenant is fully isolated — keys, policies, archives.
Enterprise identity
Active Directory, LDAP, SAML SSO, OpenID Connect and e-Devlet identity, all out of the box.
International standards
Targeting ISO 27001 and Common Criteria. Full SPF, DKIM, DMARC and MTA-STS support.
Six layers of security
Network
TLS 1.3, DDoS protection, web application firewall.
Transport
SPF, DKIM, DMARC and MTA-STS verification on every message in and out.
Application
Two-factor authentication (TOTP), FIDO2 / WebAuthn, trusted-device recognition.
Data
Zero-access encryption + end-to-end encryption combined.
Key management
Hardware security module (HSM) protected key store.
Audit
Immutable, append-only log chain. Ten-year retention.
Capabilities
Smart inbox
Automatic threading, label system, advanced search syntax (from:, has:attachment, is:unread).
Spam and virus protection
Twelve-stage filter line with ML-based spam detection and active virus scanning.
Every device
Web, mobile and desktop clients. Exchange ActiveSync support.
Centralized administration
Unified admin console, user groups, role-based access control (RBAC).
Your own domains
Unlimited domains with automatic DNS configuration and per-domain policies.
Built-in archiving
Three-tier deduplication — typically 45–60% storage savings on institutional workloads.
Compliance and archiving
KVKK / GDPR
Personal data inventory, right-to-be-forgotten workflow with 72-hour SLA, DLP for TC ID, IBAN and card numbers.
Legal hold
Dual-approval, query-based legal hold. Held mail is exempt from deletion until the hold is lifted.
e-Discovery
Bulk export to PST, MBOX and EML for litigation and audit response.
Flexible retention
10-year for government, 7-year corporate default, custom rules per institution, domain or user.
Why Rust
Mail is written in Rust from the ground up. For a security product the choice matters: memory safety eliminates an entire class of vulnerabilities, resource consumption runs three to five times lower than equivalent stacks, and it sits in the language category recommended by NSA and CISA for safety-critical systems.
Built for
Government institutions
Data sovereignty, e-Devlet identity, BTK and KVKK compliance, ten-year retention.
Universities
Hundreds of thousands of users, LDAP / Active Directory, multi-domain by faculty, academic archive requirements.
Large enterprises
Enterprise SSO, DLP, e-discovery and legal hold, integration with existing infrastructure.
Defense industry
Military-grade encryption, HSM-backed key management, zero-trust architecture, fully isolated tenant model.
Demo and deployment
Mail is in production today. For a demo or to discuss deployment for your institution, get in touch.