Enterprise communications platform

Enterprise communications system on your infrastructure.

Email, calendars, contacts, tasks, encryption, andΒ API in one private platform. No endless subscriptions, no hidden access, full data control, and secure storage in encrypted mailboxes.

100%
Privacy
E2EE
Encryption
API
Integration

Problems we solve

Cloud subscriptions create dependencies that are increasingly hard to remove

πŸ“¦

Black-box systems

No code visibility. No way to verify what happens to data. Your communications can be used beyond your control.

πŸ”Œ

Service disruption risk

A provider can change terms, raise prices, or stop regional operations. Your communications depend on external decisions.

Ecosystem

More than just email

A complete communications platform on your servers. Everything in one system, without patchwork integrations.

πŸ“§

Email

SMTP/IMAP. Compatible with Outlook, AppleΒ Mail, Thunderbird, and mobile devices.

SMTP / IMAP
πŸ“…

Calendars

Meeting sync, a unified corporate calendar, and support for popular clients.

CalDAV
πŸ“‡

Contacts

Unified corporate address book with cross-device sync.

CardDAV
βœ…

Tasks

Task management and to-do list sync via standard clients.

CalDAV VTODO
βš™οΈ

Sieve filters

Server-side filtering: autoresponders, sorting, forwarding, blocking.

RFC 5228
πŸ”

Encryption

OpenPGP, S/MIME, WKD. Mailboxes are stored encrypted (ChaCha20-Poly1305).

E2EE
πŸ”—

REST API and Webhooks

API integration for CRM/ERP. Webhooks with HMAC-SHA256 signatures.

REST API
πŸ“±

iOS Push

Instant push notifications for email, calendars, and contacts on iOS.

APNs
🧩

All modern email clients

Ready for daily work across desktop and mobile clients without proprietary lock-in.

Outlook Β· Apple Mail Β· Thunderbird Β· Desktop Β· iOS Β· Android
🌐

Built-in WebMail

Full browser workspace for end users and admins with no extra components required.

Themes Β· Contacts Β· Calendar Β· Multi-account Β· Offline-ready
Automation

Server-side email filtering (Sieve)

A powerful standardized server-side filtering language. Rules work continuously regardless of client state.

Filtering capabilities

βœ“ Autoresponders (vacation)
βœ“ Automatic folder sorting
βœ“ Forwarding (redirect)
βœ“ Sender blocking
βœ“ Header-based conditions
βœ“ Regular expressions
βœ“ Flag tagging
βœ“ Notifications (notify)

Filter management

Via web UI, REST API, or standard clients with ManageSieve support (RFC 5804): Thunderbird, K-9 Mail, Roundcube.

sieve-filter.siv 
require ["fileinto", "vacation", "regex"];

# Vacation autoresponder
vacation :days 7
    :subject "Auto-reply"
    "I am on vacation until February 15.";

# Sender-based sorting
if header :contains "from" "@partner.ru" {
    fileinto "Partners";
}

# Spam blocking
if header :regex "subject"
    "(?i)(viagra|casino|lottery)" {
    discard;
}
20+ RFC 5228 extensions ManageSieve (RFC 5804)
Encryption

Message encryption

Multi-layer protection: from transport encryption to end-to-end message encryption

πŸ”‘

OpenPGP (E2EE)

End-to-end encryption: only sender and recipient can read the message. Neither server nor admin can access content.

PGP/MIME Inline PGP
πŸ›οΈ

S/MIME (X.509)

Enterprise encryption based on X.509 certificates. Integration with organizational PKI and digital signatures for authenticity.

X.509 PKI
🌐

Web Key Directory

Automatic public-key discovery by email address. In isolated environments, use an internal WKD server for internal PKI.

WKD Auto-discovery

Storage encryption

Each mailbox is a separate encrypted file with an individual key derived from the owner password. Algorithm: ChaCha20-Poly1305, a modern alternative to AES. Even a server administrator cannot read another user mailbox (Zero-Knowledge).

βœ“ TLS 1.3 βœ“ Perfect Forward Secrecy βœ“ HSTS βœ“ SPF + DKIM + DMARC
100
out of 100
Internet.nl (Mail & Site)
Security

"Glass Box" principle

Instead of a black box that requires blind trust, a transparent system that can be verified line by line

Auditable architecture

βœ“

Auditable code

All executable code is readable files. Your security team can run a full audit.

βœ“

No telemetry

No phone-home calls, no kill switch, no ad targeting. Data is not used to train AI.

βœ“

Anti-spam

Built-in anti-spam filtering, DNSBL checks, greylisting, and SPF/DKIM/DMARC validation on inbound email.

Two-factor authentication (2FA)

πŸ“±

TOTP

Google Authenticator, Authy, and similar apps

πŸ”

WebAuthn / Passkeys

Hardware keys, biometrics

πŸ”‘

Recovery codes

One-time recovery codes

Security scores

100/100
Internet.nl
A+
Mozilla Observatory
A+
Qualys SSL Labs

For comparison: Gmail - 83/100, Proton Mail - 85/100

Rate Limiting and Quotas

Multi-layer limits protect against abuse and ensure fair resource allocation.

βœ“ Sending limits per-user / per-domain
βœ“ Storage quotas per-user / per-domain
βœ“ Protection from brute-force attacks

Additional capabilities

Bounce/DSN handling

Automatic classification of undelivered messages and delivery status notifications.

Webhooks (Inbound + Bounce)

On inbound message and on delivery failure. HMAC-SHA256 signature for verification.

Full-text search (FTS5)

Instant mailbox-content search with Unicode support.

Deployment

3 deployment perimeters

Choose the isolation level that matches your organization requirements

🌐
Standard

Online

Full online operation with external email, automatic updates, and cloud DNS.

  • βœ“ External mail (SMTP/IMAP)
  • βœ“ Automatic updates
  • βœ“ Let's Encrypt certificates
  • βœ“ Public WKD
  • βœ“ iOS Push notifications
πŸ›‘οΈ
Restricted

Restricted

Controlled network perimeter. Restricted internet egress through proxy. Local package mirrors.

  • βœ“ Controlled outbound access
  • βœ“ Local package mirrors
  • βœ“ Internal CA
  • βœ“ Local DNS
  • βœ“ Relay through gateway
πŸ”’
Maximum protection

Air-gap

Fully isolated network with no internet access. Manual updates via USB. Internal mail only.

  • βœ“ Zero internet connectivity
  • βœ“ Updates via USB
  • βœ“ Internal DNS / PKI / WKD
  • βœ“ Own root CA
  • βœ“ Ideal for R&D, accounting, HR
Operating model

Operational independence

Three steps to full independence. No support lock-in.

1
πŸ”

Assessment

Analysis of current infrastructure, server capacity assessment, migration planning, and security perimeter definition.

2
βš™οΈ

Deployment

Turnkey deployment. Configuration of encryption, filtering, 2FA, domain authentication, Sieve rules. Testing and data migration.

3
πŸ”‘

Handover

Full root administrative access, admin training, full documentation, and backup/update procedures. Everything is yours.

Technical support is optional, not required for system operation. The system will continue running even if we stop operations.

Technology

Modern architecture

Not a legacy 20-year-old stack, but modern solutions for modern tasks

πŸ”

Glass Box Security

All code is available for security audit. Readable files, not opaque binaries. No hidden connections, telemetry, or kill switch.

Zero-Knowledge ChaCha20
⚑

Modern Stack

Asynchronous processing of thousands of connections. FTS5 search with Unicode. Sieve filtering (RFC 5228). OpenPGP/S/MIME encryption.

Async I/O Sieve E2EE
πŸ”—

API First

REST API for full automation. Webhooks (Inbound + Bounce) with HMAC-SHA256 signatures. Integration with CRM, ERP, and internal systems.

REST API Webhooks HMAC-SHA256