CTemplar has shut down as of May 26, 2022. The announcement was made on the group’s reddit channel here, and also the website:
CTemplar is closing and the last day of operation for this email service will be on May 26 of 2022.
Unfortunately, CTemplar staff did not offer any explanation or reasons for the abrupt closure. This has left many users speculating as to exactly what has happened behind the scenes.
While there is no way to be certain until more information is available, there are a few different possible reasons for the closure:
- Funding – Many tech companies struggle to remain financially solvent, especially small startups entering a competitive space, as we saw with CTemplar launching in 2019. Additionally, they hosted everything in Iceland, which is an expensive location for servers.
- Government intervention – CTemplar always promised to provide an “armored email” solution to its customers, keeping user data secure and protected. However, if a government somewhere came and demanded access to everything, one response could be to abruptly shut down. This is exactly what we saw with Lavabit back in 2013. The US government demanded encryption keys and full access to the servers, but the owner decided to just pull the plug instead.
- Life changes – Many people change career paths and directions in life. This could also be the case with the people behind CTemplar.
Whatever the case, the rest of us need solutions to secure our data. Here at RestorePrivacy we’ve got you covered, just keep on reading.
Alternatives to CTemplar
To start with, check out our roundup of the top secure email services here. There you will find a list of the best alternatives to CTemplar that provide you with privacy and security.
Here are also some other secure email services we have tested and reviewed:
- ProtonMail Review
- Tutanota Review
- Mailfence Review
- Mailbox.org Review
- Hushmail Review
- Runbox Review
- Posteo Review
- Fastmail Review
Below is our previous review of CTemplar…
In 2019 we investigated CTemplar, a new secure email service that claimed to be, “The most secure & private email service in the world.” We called it a promising service that was worth trying out if you could get your hands on an invitation code. Now, we are revisiting the service for an updated and in-depth CTemplar review.
So let’s begin with the Pros and Cons of CTemplar that we identified in this review:
- Strong encryption standards (4096-bit RSA) with built-in support for end-to-end encrypted emails (using OpenPGPjs)
- 100% open source code
- Based in Iceland, with some of the strongest privacy laws in the world
- Passwords protected by “Zero Knowledge Password” technology
- Zero logs; IP address stripped from emails
- Anonymous signup options (no phone verification)
- Anonymous payment option using Monero
- Self-destructing emails and Dead Man’s Timer
- Can send encrypted emails to non-CTemplar users
- Custom email domains
- Desktop, mobile, and browser apps
- 2FA and anti-phishing support
- 14 day money-back guarantee
- Email Subject line only encrypted in paid plans
- Above-average prices
- Metadata not encrypted (work in progress)
- No support for IMAP/SMTP and third-party email clients (work in progress)
First we will examine the features.
CTemplar features overview
CTemplar uses the proven encryption algorithms of OpenPGPjs to apply end-to-end (E2E) 4096-bit RSA encryption to your email and contacts. All data is encrypted in transit and at rest. The only place the data is decrypted is in your browser or email client. While their encryption is based on PGP, CTemplar offers paid subscribers the ability to encrypt the subject line of messages, a privacy-boost over the other leading PGP-based service, ProtonMail. This is important since hackers seem to be endlessly resourceful in getting into secure services, like this hacker selling email credentials of hundreds of C-level executives with Microsoft email accounts.
Additional interesting features of CTemplar include:
- The ability to sign up for the service anonymously, paying for your account with the Monero cryptocurrency. Pseudonymous payment using Bitcoin.
- Desktop clients for Windows, Mac OS, and Linux.
- Android and iOS mobile apps, with Google-free access to the Android App through F-Droid.
- Open source code.
- Premium accounts with a range of additional benefits.
- The ability to send encrypted emails to non-CTemplar users.
- Dark and Light themes.
CTemplar company history and funding sources
CTemplar is a product of Templar Software Systems Ltd, a Seychelles Limited Liability Company that was founded in 2017. The Seychelles is generally regarded as a privacy-friendly location, with a constitutionally guaranteed right to privacy, no mandatory data retention requirements, and an independent legal system.
CTemplar is a small organization that is completely self-funded and pledges never to accept corporate or government funding. This too should reduce the risk that they can be pressured into sharing data on their customers.
CTemplar servers and data security
Ctemplar stores all your data on servers in Iceland. Iceland has very strong privacy laws, perhaps among the best in the world. Beyond that, the country is not part of the 14 Eyes surveillance alliance, or the international data-sharing MLAT treaties. In other words, like the Seychelles, Iceland is a highly-rated country for online privacy and a good place for your data to be stored. We also see Trust.Zone VPN operating in this same jurisdiction.
This all looks excellent. But what would happen if some high-priced lawyer, or government bureaucrat were to pressure CTemplar to turn over your data? Here’s what the company has to say on the subject,
CTemplar will only comply with valid Icelandic court orders. When presented with a valid Icelandic court order, we will give them your content. Due to our zero access password technology, we do not know your password/passphrase so we are not able to decrypt your emails.
CTemplar technical specifications
CTemplar relies on the OpenPGPjs encryption library for the 4096-bit implementation of PGP they use to encrypt your email and contacts. They are in the process of implementing encrypted metadata as well, which will greatly increase your privacy when using their service. In addition, they use TLS to protect your data while in transit.
CTemplar hands-on testing
I used a free CTemplar account, along with F-Droid version of the Android app, for testing in this review.
Creating a free CTemplar account
You still need to enter an invitation code during the signup process for a free account. Here are three ways you can get one according to their website:
- Request a code from one of your CTemplar contacts who has a paid account
- Send a message to their team: email@example.com
- Contact them on social media
Note: Invitation codes are only needed if you want to signup for the free service. You can signup for any paid plan right away (no code required).
As part of the sign-up process, you can enter a recovery email address. With this, CTemplar can help you regain access to your account. If you don’t enter one and lose your login information, you will permanently lose access to the data in your account.
Note: Instead of entering a recovery email address, you can store your login info in a high-quality password manager like Bitwarden. You’ll find a full range of options in our review of the best password managers.
Signing in to CTemplar
To sign in to your encrypted CTemplar account, just go to their homepage, click the Login button, and enter your login credentials into the respective fields.
The look and feel of CTemplar
Here’s what the CTemplar email view looks like. Nothing fancy, just clean and easy to read.
On the left side of the CTemplar mailbox you’ll find a list of the predefined email folders, along with an Add Folder option for creating your own. As is common with privacy-oriented email services, CTemplar blocks remote content like images by default.
Note: If you are using the encrypted Subjects option, it can make viewing your mailbox clumsy. To get around this, you can decrypt all of the subjects of the current page by clicking on the lock icon.
Here’s the Contact view:
As you can see, the CTemplar interface is menu-based, rather than drag-and-drop. That is, you select one or more items by setting the checkboxes to the left of them, then selecting an option to act on them.
CTemplar doesn’t offer a lot of optional views for your email or contacts, but if you select the General tab in Settings you can switch between light and dark mode, as well as control how many email messages appear on a single page.
Interestingly, there is also an option to write custom CSS (Cascading Style Sheets) that changes how your mailbox appears. This isn’t a capability too many of us are equipped to take advantage of, but certainly opens up possibilities.
Clicking the Settings button in the top right of the window brings you to a large range of settings and other options, including filters, rules, whitelists, and blacklists. If you go to the Security tab in Settings, you’ll be able to adjust some unusual security settings. You have the ability to enable or disable:
- Subjects encryption – Encrypt the Subject line of messages. Only available with paid CTemplar accounts. While I would prefer that the Subject line was always encrypted, the ability to enable this is good motivation to upgrade to a paid plan.
- Contacts encryption – CTemplar doesn’t encrypt contacts by default. If you enable this option, CTemplar will encrypt your contacts for better privacy and security. However, when this is enabled, CTemplar can no longer suggest contacts when you are composing messages. Also, when this is enabled, it will be impossible to search contacts.
- Attachments encryption – CTemplar doesn’t encrypt attachments by default. If you enable this option, message attachments will be encrypted for better privacy and security. However, when this is enabled, CTemplar doesn’t support attachments in the body of a message. Among other things, that means images in the body of messages will automatically be extracted from the body of the message and converted to external attachments.
- Anti Phishing – I’ll let the CTemplar folks explain this one themselves, “The Anti-Phishing phrase allows users to link a custom word or phrase of your choice to your CTemplar account. Once set, if you ever log into your webmail and your Anti-Phishing phrase is either missing or incorrect, you may be the victim of phishing.”
The CTemplar default is to compose messages using an HTML editor in a small pop-up window. The editor has a good range of HTML options, along with some more exotic offerings:
- Encryption for non-CTemplar users – Requires sharing a password with the recipient through an alternate channel. When you send an encrytped message to a non-CTemplar recipient, the recipient receives an email with a link to the CTemplar web client. Once there, the recipient needs to enter the shared password to decrypt and read the message.
- Self Destruct Email (paid plans only) – Configure a message to automatically delete itself on a particular date and time. This only works if both you and the recipient are using CTemplar. You can’t make a message sent to a Gmail account (for example) self destruct.
- Delayed Delivery (paid plans only) – Specify the date and time to send the message.
- Dead Man Timer (paid plans only) – Create a message that will be sent only if you do not log into CTemplar for the specified amount of time. For example, you could use this to send an email containing the login information for your Bitcoin wallet to your children if you were to die or become incapacitated.
Searching for messages in CTemplar
CTemplar offers partial support for searching messages. You can search for email addresses and words or phrases in the Subject line of messages. As of now, May 2021, you cannot search the body of messages.
This is one place where CTemplar (and ProtonMail) fall behind another leading secure email service, Tutanota. Tutanota has been offering full-text search capabilities (searching the bodies of messages as well as the header information) since 2017. Tutanota creates an encrypted search index that is stored on your device.
The email search only needs to decrypt and search this index, rather than each individual message. I’m not going to claim I understand the nuances of the Tutanota approach. I will say that I have been using Tutanota for years and the search works pretty darn well. (See our Tutanota review here)
The CTemplar Mobile Apps
In March of this year CTemplar rolled out their mobile apps. They have an iOS app, along with a standard Android app and an Android app on F-Droid. Here’s what the CTemplar Android app looks like:
The app has 88 reviews in the Play store, with a rating of 3.6 stars out of 5.
Is CTemplar really secure?
CTemplar is more secure than the typical email service. After all, services like Gmail and Outlook.com read your messages to help them send targeted ads your way. That can’t happen with a secure email service like CTemplar, since they cannot decrypt your messages. The fact that your messages are end-to-end (E2E) encrypted is reassuring in the face of stories like this one from May 11, 2021. According to Ars Technica, ransomware crooks posted personal data about individual policemen that was stolen from off the Washington DC Metropolitan Police Department’s servers.
Even if hackers did somehow break into CTemplar’s servers, all they would see is encrypted gibberish instead of your personal data and messages.
That said, there are still aspects of your email and contacts that are not encrypted as of today. Things that are not encrypted by default in CTemplar’s design are:
- Subjects of messages
- Message attachments
- Contact data
This means you will need to look at your threat model and decide if CTemplar is secure enough for your purposes. Beyond the things we just discussed, here are a few additional CTemplar factors to consider:
- CTemplar can be compelled by law to disclose information about their users. As of May 2021, their Transparency Report lists 19 requests for user information. None of those requests were accompanied by an Icelandic Court Order, and none of the requests were granted. This is excellent, but you need to realize that all email services must abide by local laws and CTemplar may need to respond to a valid request in the future.
The route to CTemplar support is through their Help pages. These pages are useful, with almost 70 major entries, many of which include multiple sub-entries. I’ve found them to be very helpful, with the only issue being that it can be tough to find the specific topic you need.
When it comes to reaching the support team, there is a ticket-based system available. In addition, the company has a varied social media presence, including Facebook, Twitter, LinkedIn, and Reddit.
CTemplar cost and pricing plans
CTemplar offers one Free pricing plan, and four paid plans. As you might expect, as you go up through the plans (Prime -> Knight -> Marshall -> Champion) you gain more storage, the ability to send more messages per day, and additional features (including custom domain names). Default pricing is billed yearly; monthly billing is available for a higher price.
The Free plan is a great way to check out the service. If you don’t mind the lack of encrypted Subject lines, the Free plan, with its 1 GB of storage and 200 message a day limit, could be good enough to meet your needs without upgrading.
In my opinion, the two best alternatives to CTemplar are the secure email services I’ve mentioned several times throughout this review: ProtonMail and Tutanota. Both services have much bigger user bases (important for easily exchanging secure messages) and more features than CTemplar.
Two other email services you may want to consider are Posteo and Mailbox.org. But there are many others to consider as well. Our best secure email guide gives an overview of our top 12 picks.
CTemplar review conclusion
CTemplar is a solid secure email service that has been busy rounding out their offering during this COVID-plagued year. They are worth a test drive if you can swing a free version invitation code. That free version, with its 1 GB of storage, may be all you need.
As with most any other secure email provider, to give yourself the maximum security possible, I strongly urge you to connect to CTemplar through a good VPN with a secure browser.
You can learn more about CTemplar on their website here:
And see these email reviews for other options:
This CTemplar review was last updated on April 28, 2022.
About “famous, secure Proton”: Proton accepting GDPR!!!!!
“The General Data Protection Regulation (GDPR) is a legitimate system that expects organizations to secure the individual information and security of European Union (EU) residents for exchanges that happen inside EU part states. It covers all organizations that manage the information of EU residents, banks, insurance agencies, and other monetary …”
SO, PROTON IS EXPECTED TO SECURE THE INDIVIDUAL INFORMATION AND SECURITY OF EUROPEAN RESIDENTS…….EXPECTED IS NOT OBLIGATED! RIGHT? They received 2 millions from EU for “some of their “program”. Now is clear why they accepting GDPR. They are not member of EU and all their customers are NOT residents of EU! They do not have to accept GDPR. Even when they did accepted GDPR, they do not have any legal right to collect any info from their non EU residents!. In other words, Proton is violating their privacy rights. They are criminals. Period.
Afomaik or infomaik , that email ,is worth checking out.
Anyone know why? And any suggestions other than protonmail for a similar product, especially ones in Iceland? This was such a good service.
We have a roundup of other secure email services here.
CTemplar is closing and the last day of operation for this email service will be on May 26 of 2022……
Hope they come back
Yes. I agree. However, I am in the process of changing over all of my emails to my back up email.
I will say they are refunding my money beyond what I had expected. They were always helpful to me. So I will miss using them.
But for now it is back to ProtonMail for my NPO.
You might be interested in Countermail. Privacy and security beyond what you’d normally expect to get.
need a invitation code
CTemplar is shutting down!
I am sorry to see this go this way. They had been very responsive for my needs and helped me out a lot on many things. I am sorry to see them go this way.
I think they seem okay, so i will try them out on the paid plan.
Your alternatives surprise me though, 3 out of 4 are in Germany, who is going full authoritarian on its people, and the other one is in Switzerland, which isnt any better nowadays.
In that case i trust Iceland a bit more.
Maybe the difference that should be highlighted more is about the difference between security and privacy.
Privacy is done in Germany, schluss.
Although I think the free options Riseup, Disroot and Elude are even better, they are hard to get into, since they sort of want to get to know you first.
Little late to the comment, but here is what I should say:
1. Their website does not respond as quickly. When you push send, it takes a little for it to send.
2. The contacts tab has a little redundancy and choppy. It does not alphabetize the contexts, and sometimes duplicates an email.
3. The system does have a few quirks that takes some getting used to. But all in all, it does work.
4. Their DDOS attacks does take them down some. The first time it happened, it was a week solid where I did not have access to my account from eleven to about four my time. However, the last time it happened (two weeks ago), I was able to access the account after about five minutes or so.
5. Their customer service has been very good so I will give them that as well as they seem to have good security and privacy in place. I pay simply because my NPO has a domain and I use it. But I have been happy with them.
Try them out and see what you think.
R. M. From RI usa
There the worst company I’ve had the misfortune to work with. I never used them but tried for a free account turns out it was paid and its been almost 2 years and they won’t stop taking my money. I’ve begged them and everything. I use proton its free and no problems. Nothing like the hell im in now.
CTemplar, for all of the rough edges, seems to be a very responsive company.
I was not sure about them at first, but every issue I have had, they responded very quickly, professionally, and accurately on fixing the issues. It did take a few times for a couple of the issues but was solved.
Do know it is not the smoothest or most polished service but They have been good in helping me.
I’ve been trying ctemplar out and have sent a number of messages to and from other accounts, many encrypted.
There are a couple of big gotchas that I’ve encountered (the asterisks are a 1-5 scale of annoyance):
1) It threads everything in a conversation view and so far I haven’t figured out how to go back to a previous message in the conversation and reply to that. I tend to do this a lot. There appears to be a way to turn off the conversation view in the settings, but it doesn’t work for me.
2) When sending an encrypted message, it stores the sent message in the encrypted form and so I cannot go back and refer to it. The only workaround I can find is to send myself a CC of the message and I can read that copy.
Both of these are major roadblocks for me with the second being the biggest roadblock. It would be less severe if there was at least an option to always CC myself.
There is also an option for “Plain test hard wrap”. I haven’t played with this to see exactly what it does. For example, when does it wrap? Also, it doesn’t quote with something like a “> “. I’d really love it if it worked kind of like the old pine text editor where it would wrap the quotes as needed while keeping the appropriate number of “> “. And doing a ^w to wrap the paragraph in such a way that it would append shorter lines together and wrap them as well.
R. M. From RI usa
THERE THE WORST WAIT UNTIL YOU TRY AND CANCEL YOUR ACCOUNT. IT WONT HAPPEN!
How is anyone going to trust these people to secure their privacy when they cannot even be trusted to implement the most basic of security features properly. In the Android app go to your inbox, open one of your emails then close out the app. Now bring up the recents menu. See how your supposed secure encrypted email was screen captured by Android? That is because the ctemplar devs forgot to prevent that in the app by using something like FLAG_SECURE lol. Very Amateurish.
That aside, but seriously though, expecting privacy on Android doesnt seem that consistent to me, as Android sees all, knows all on your phone.