Where your e-mail lives matters
Your e-mail metadata reveals who you talk to, when, and how often. Where that data is stored determines who can legally access it — with or without your knowledge.
Most email providers are headquartered in the United States, where federal law allows warrantless surveillance of non-US persons' communications and compels companies to hand over data stored anywhere in the world. Others operate in countries that share intelligence across alliances of 5, 9, or 14 nations.
RacterMX stores your data in Islande — outside all surveillance alliances, with full GDPR protection by law.
Juridiction comparaison
How e-mail providers compare on juridiction, surveillance exposure, and confidentialité law.
| Provider | Juridiction | Data Storage | Surveillance Exposure | Confidentialité Laws |
|---|---|---|---|---|
| RacterMX | 🇮🇸 Islande (Texas LLC) | Islande | None — outside all Eyes alliances | Islandais Data Protection Act, GDPR via EEA, strongest internet freedom rating globally |
| Renvoyer | 🇺🇸 États-Unis | États-Unis | FISA 702, CLOUD Act, NSLs, Patriot Act | Limited federal confidentialité law, no comprehensive data protection |
| SendGrid (Twilio) | 🇺🇸 États-Unis | États-Unis | FISA 702, CLOUD Act, NSLs, Patriot Act | Limited federal confidentialité law, no comprehensive data protection |
| Mailgun (Sinch) | 🇺🇸 États-Unis | États-Unis | FISA 702, CLOUD Act, NSLs, Patriot Act | Limited federal confidentialité law, no comprehensive data protection |
| Postmark (ActiveCampaign) | 🇺🇸 États-Unis | États-Unis | FISA 702, CLOUD Act, NSLs, Patriot Act | Limited federal confidentialité law, no comprehensive data protection |
| Amazon SES | 🇺🇸 États-Unis | Multiple US regions | FISA 702, CLOUD Act, NSLs, Patriot Act | Limited federal confidentialité law, no comprehensive data protection |
| ImprovMX | 🇫🇷 France | France / EU | French intelligence laws (DGSI), EU data retention directives | GDPR, but France is a Nine Eyes member |
| Fastmail | 🇦🇺 Australie | Australie / États-Unis | Loi australienne Assistance and Access Act (AA Act), Five Eyes | La loi AA permet des portes dérobées imposées avec des ordonnances de silence |
| ProtonMail | 🇨🇭 Suisse | Suisse | Swiss intelligence cooperation agreements | Strong confidentialité laws, but Swiss MLAT allows cooperation |
| Tutanota (Tuta) | 🇩🇪 Allemagne | Allemagne | German intelligence (BND), Nine Eyes via EU cooperation | GDPR, but Allemagne is a Fourteen Eyes member |
| Forward E-mail | 🇺🇸 États-Unis | États-Unis | FISA 702, CLOUD Act, NSLs | Limited federal confidentialité law, no comprehensive data protection |
| SimpleLogin (Proton) | 🇨🇭 Suisse / 🇫🇷 France | Suisse | Swiss MLAT, French Nine Eyes membership | Mixed — Swiss hosting but French parent company context |
The Problem with US-Hosted E-mail
The majority of e-mail infrastructure companies — Resend, SendGrid, Mailgun, Postmark, Amazon SES, Forward E-mail — are incorporated in the États-Unis and store data on US soil. This subjects them to a set of federal surveillance laws with no equivalent in most democracies.
FISA Section 702
Allows the NSA to conduct warrantless bulk collection of communications involving non-US persons. In practice, US persons' data is routinely swept up through "incidental collection" — and can be searched by the FBI without a warrant. Reauthorized in April 2024 with expanded definitions of "electronic communications service provider."
CLOUD Act (2018)
Compels US companies to hand over data stored anywhere in the world, regardless of where the data is physically located or what local confidentialité laws apply. A US company hosting data in Allemagne must still comply with a US government order — even if doing so violates GDPR.
National Sécurité Letters
The FBI can demand customer data — including e-mail metadata, compte records, and transaction history — without judicial approval. NSLs come with a gag order: the company cannot tell you they received one, cannot tell you your data was disclosed, and faces criminal penalties for doing so.
No Comprehensive Federal Confidentialité Law
Contrairement à l'UE (RGPD), à l'Islande (Loi islandaise sur la protection des données) ou même au Brésil (LGPD), les États-Unis n'ont pas de législation fédérale complète sur la protection des données. Les protections de la vie privée sont fragmentées entre des lois sectorielles (HIPAA pour la santé, FERPA pour l'éducation) sans droit général à la protection des données.
The Problem with Five/Nine/Fourteen Eyes Countries
The "Eyes" alliances are intelligence-sharing agreements between nations that cooperate on signals intelligence (SIGINT) collection. If your e-mail provider operates in any member country, your data can be shared across the alliance — without your knowledge or consent.
Five Eyes
🇺🇸 États-Unis · 🇬🇧 Royaume-Uni · 🇨🇦 Canada · 🇦🇺 Australie · 🇳🇿 New Zealand
The core alliance. Members share raw signals intelligence freely, including intercepted communications and metadata. Originated from the post-WWII UKUSA Agreement (1946).
Nine Eyes
Five Eyes + 🇩🇰 Danemark · 🇫🇷 France · 🇳🇱 Pays-Bas · 🇳🇴 Norvège
Extended partners with access to shared intelligence. France's DGSI and Danemark's FE have been documented participating in joint surveillance operations.
Fourteen Eyes
Nine Eyes + 🇩🇪 Allemagne · 🇧🇪 Belgique · 🇮🇹 Italie · 🇸🇪 Suède · 🇪🇸 Espagne
Formally known as SIGINT Seniors Europe (SSEUR). Members cooperate on signals intelligence collection and analysis. Allemagne's BND has been documented sharing bulk metadata with the NSA.
If your e-mail provider is headquartered in any of these 14 countries, your data can be accessed and shared across the alliance through intelligence cooperation agreements — without a warrant, without notification, and without your consent.
Islande is not a member of any Eyes alliance.
Why Islande
RacterMX chose Islande because no other juridiction offers a comparable combination of confidentialité law, independence from surveillance alliances, and internet infrastructure.
- Outside all Eyes alliances. Islande is not a member of the Five Eyes, Nine Eyes, or Fourteen Eyes intelligence-sharing agreements. There is no obligation to share data with foreign intelligence agencies.
- EEA member — full GDPR conformité by law, not by contract. Islande adopted GDPR into national law through the Islandais Data Protection Act (No. 90/2018). This is the law of the land, enforced by an independent authority (Persónuvernd).
- Islandais Data Protection Act provides additional protections beyond GDPR. Islande's national implementation includes provisions specific to Islandais constitutional law, including explicit confidentialité protections rooted in Article 71 of the Islandais Constitution.
- No data retention mandates for e-mail providers. Unlike EU member states that have implemented data retention directives, Islande has no mandatory data retention requirement for e-mail service providers.
- Ranked #1 globally for internet freedom. Islande scored 94/100 in the Freedom House "Freedom on the Net" report — the highest score of any country assessed.
- Constitutional protection of confidentialité as a fundamental right. Article 71 of the Islandais Constitution guarantees the right to confidentialité, including the confidentialité of correspondence and communications.
- No history of mass surveillance programs. Islande has no documented mass surveillance infrastructure, no bulk data collection programs, and no equivalent to the NSA, GCHQ, or BND.
For a deeper look at Iceland's privacy infrastructure, renewable energy, and data center advantages, see our dedicated Islande page.
Ready to move your e-mail to Islande?
Start forwarding email through the world's most privacy-friendly jurisdiction. Pay only for what you use.
Commencer gratuitement →