Interview with Runbox Email Provider

0) Please tell us, what is your role (in the email provider company, where do you stand, owner, marketer, advertiser etc)?

I am one of the founders and co-owners, and the Managing Director, of Runbox Solutions AS. Runbox is a mainly employee-owned company, which we see as a strength because it gives us a great degree of independence, freedom, and flexibility. Our team is close-knit and we have all known each other for several years, which brings a unique level of trust and dedication that in turn benefits our customers.

1) Does Runbox Email keep or enforce any logs, IP Addresses, Timestamps, Bandwidth caps, Traffic or other data on users?

A responsible email provider must enforce some sort of storage and/or bandwidth limits, and log email delivery and access/error records for security and troubleshooting reasons.

Runbox does this too, which ensures that our services are running smoothly and that all messages are delivered correctly. We typically keep email logs for one week and IMAP/POP/web access and error logs for a few months.

2) What type of Encryption do you use to secure emails?

We provide TLS/SSL on all our interfaces (Web, POP, IMAP, SMTP) and support Perfect Forward Secrecy and Extended Validation on our main web interface at https://runbox.com to encrypt the communication between our customers and our servers. This gives our website an A rating on SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=runbox.com

An aspect many people forget is the transfer of email between email providers once a message is sent via an email service. Runbox always attempts to establish an encrypted TLS connection to the receiving service to prevent eavesdropping on this leg of an email’s journey.

Additionally we are currently testing Roundcube with basic PGP support as an alternative to our main Webmail interface, to provide end-to-end encryption on top of TLS/SSL.

3) Where are your servers located and what jurisdiction do you operate under?

All our email servers are located in a top security facility in Oslo, Norway and operate under Norwegian jurisdiction. The strong privacy regulations in Norway protect our customers’ data regardless of their country of origin.

We offer domain and web hosting services as well, and our customers can choose whether to have their website hosted in Norway or the US.

4) When a user deletes an email or draft, is it actually deleted? (many mainstream providers keep users email even after deletion)

Yes, a deleted email or draft is permanently deleted when the Trash folder is emptied (or individual messages are deleted from the Trash folder).

We keep snapshot backups of all data for up to 6 months, and offer free backup restores in the event of mistakenly deleted data.

5) How do you generally handle requests from law enforcement?

Runbox will not disclose any account data to anyone but the account owner, except when presented with a Norwegian court order.

6) Do you track users in any way with trackers, advertisements, or cookies?

Runbox is a premium email service and has never used advertisements on our websites.

We have no tracking cookies at all on our websites. The only cookie we use is a session cookie to allow our users to remain logged into the service until they log out (or until the session expires after 3 hours of inactivity).

7) How much do your encrypted email services cost?

Runbox does not charge extra for encrypted services as they are integral to a secure email service.

We offer 4 different price plans starting at USD 19.95 per year: