What "Cloud" Actually Means for Your Email

When a company says their service runs "in the cloud," what they mean is that their servers are virtual machines running on top of physical hardware owned and operated by a third party — almost always AWS, Google Cloud, Microsoft Azure, or a similar hyperscale provider.

This creates a multi-tenancy environment. Your virtual machine shares a physical host with potentially dozens of other tenants — other companies, other applications, and their data. A hypervisor — a software layer — separates these virtual machines from each other. It is the only thing standing between your data and your neighbours.

But the hypervisor is controlled by the cloud provider. And the cloud provider has access to the physical machine. This means:

  • The cloud provider could snapshot the memory of any running virtual machine, capturing encryption keys and plaintext data in flight
  • The cloud provider must comply with legal demands from the jurisdiction in which it operates — and in some cases, from foreign jurisdictions under laws like the US CLOUD Act
  • Security vulnerabilities in the hypervisor itself (like Spectre and Meltdown) can allow one tenant to read data from neighbouring virtual machines

For most applications, this is an acceptable risk. For private email, it is not.

The Dedicated Server Difference

A dedicated server — also called bare-metal — is a physical machine assigned exclusively to a single customer. There is no hypervisor between your software and the hardware. There are no neighbours sharing your CPU, memory, or storage. The physical machine exists entirely for you.

This changes the threat model fundamentally. Without a hypervisor, there is no hypervisor-level attack surface. Without shared hardware, there is no noisy-neighbour risk and no possibility of side-channel hardware attacks from co-tenants. The only way to access the data on a dedicated server is to have physical or administrative access to that specific machine — and that access belongs entirely to its operator.

For an email service, this means that the only entities who could theoretically access your data are the email provider itself and — under a valid legal order targeting that specific server — law enforcement in the relevant jurisdiction. No cloud provider intermediary exists in the chain.

A cloud provider can technically image your server's memory. With dedicated hardware, that attack vector doesn't exist. The physical machine has one operator, and memory snapshots are not a service the hardware vendor can provide remotely.

Why enemail Chose Dedicated Infrastructure

enemail runs on dedicated bare-metal servers by Evolushost, located in Frankfurt, Berlin, and Vienna. This was not the cheapest option. It was the only option consistent with our privacy commitments.

Evolushost is a European infrastructure provider with no US parent company and no exposure to US jurisdiction. Their data centres in Germany and Austria are subject to some of the strongest data protection regimes in the world — GDPR-native, with no CLOUD Act reach. When we say your data is in the EU, we mean it is physically located on European hardware, operated by a European company, under European law.

Running on dedicated servers also means we have complete control over the software stack. We do not share kernel space, networking, or storage systems with any other tenant. Our security configurations, our firewall rules, our encryption at the hardware level — all of this is ours to control and audit. There is no cloud provider dashboard through which someone else could modify our environment.

Every email provider, regardless of how privacy-focused, operates under the laws of its jurisdiction. Legal orders — warrants, court orders, national security letters — are a real part of operating an email service. The question is not whether legal requests will come. The question is what we are technically capable of handing over when they do.

With cloud infrastructure, the answer gets complicated quickly. A court order could be served not just on the email provider, but on the cloud provider hosting the infrastructure. The cloud provider — AWS, Google, Microsoft — has its own legal team and its own compliance obligations, and they may not share the same privacy commitments as the email service running on top of them.

With dedicated servers, there is no second infrastructure provider to compel. A legal order targeting enemail data comes to enemail. And because of our zero-knowledge encryption architecture, what we are technically capable of handing over is — for the content of your emails — nothing readable. We can only give what we have, and what we have is ciphertext that we cannot decrypt.

The combination of dedicated infrastructure and zero-knowledge encryption means that even a valid legal order against us produces the same result: encrypted data that is useless without keys that only exist on your device.

The Cost of Doing It Right

Dedicated servers cost more than cloud virtual machines. Bare metal is more expensive to provision, requires more expertise to operate, and cannot be scaled up and down as elastically as cloud VMs. This is a real operational overhead, and it is why so many email providers — including some that call themselves "privacy-focused" — choose cloud infrastructure instead.

We think this is the wrong trade-off. Privacy is not a feature that can be bolted on after the fact. It is an infrastructure decision made before the first line of code is written. Choosing cloud infrastructure for cost reasons and then claiming to offer private email is like building a house out of glass and selling it as a private home because you fitted curtains.

The cost of dedicated infrastructure is passed on to our users in the form of a paid service. We do not run ads. We do not sell data. Our revenue comes entirely from subscriptions, which means our incentives are entirely aligned with protecting your privacy rather than monetising your data. The price you pay for enemail is the price of not being the product.