Replace M365 and Google by owning your collaboration backend — not renting another cloud.
A “sovereign cloud” still hands your mailboxes to a hoster who can be subpoenaed, pressured, sanctioned. OxiMail is a single Rust binary you run on your own metal, with your own keys — so the operator is no one but you. Mail, calendar, contacts, tasks, files and chat, shipping today, under one compliance boundary.
You can only own what you can actually run.
Bleu runs on Azure. S3NS runs on Google. Delos runs on Microsoft. Every “sovereign cloud” keeps a third-party operator between you and your data — and an operator can be compelled to act against you. Owned sovereignty is the only model where that third party does not exist: you operate the binary, on your infrastructure, and the encryption keys never leave your machine. OxiMail is small enough — one process, 2 to 4 GB of RAM instead of a 10-to-18 GB legacy stack — that self-operation is realistic for an institution, not a fantasy reserved for hyperscalers.
Read the full argument: own vs rent →The mandated body that can move fast — and the integrator who serves it.
This is not the 50,000-seat ministry RFP. It is the mandated body of 200 to 3,000 seats that has a sovereignty motion and the authority to act on it within a budget cycle.
Communes & regional departments
A cantonal or regional administration, or a commune, with a sovereignty mandate and a reachable IT decision-maker. 200 to 3,000 seats, identity already in LDAP or AD.
Public hospital pilots
A clinical site or health network running a sovereign-collaboration pilot. Encryption at rest and a single compliance boundary matter from day one; audit and archive land on the roadmap.
University faculties & public agencies
A faculty, a research institute or a public agency with federated identity (SWITCHaai and similar) and a strong data-sovereignty position. Fast-moving, often ahead of the central IT cycle.
Regional health networks & large institutions
A regional health network or a larger institution with an internal DSI. You can own and operate it directly — the binary, the keys and the data stay yours.
Integrators & system integrators
You serve these bodies. OxiMail is the sovereign collaboration backend you deploy, harden and hand over — the operator stays your client, the result stays sovereign.
Own it yourself. If you lack mail-ops capacity, we deploy it and hand it over.
The recommendation is simple: own the backend. If your team already runs infrastructure, you install the binary, wire identity and operate it — total sovereignty, no third party in the loop. If you have the mandate but not the mail-ops capacity, our deployment service installs OxiMail on your metal, migrates your mailboxes, hardens the host and trains your team, then steps back. Either way the keys, the data and the operation end up in your hands. The integrator is not the operator — sovereignty stays intact.
A sovereignty and control posture built on shipped capabilities.
The value here is not a rented ROI number — it is control. Everything below runs today, in production, in one binary, under one compliance boundary you own:
Mail, calendar, contacts, tasks
JMAP-native (RFC 8620/8621/9610), the modern successor to IMAP — push, mobile, a clean API, all under one login.
Collaborative files & chat
Shared files and team chat in the same Workspace web client your users actually open. One interface, one identity, no separate silo to govern.
Workspace web client
A webmail your people want to use — mail, calendar, contacts, tasks, files and chat in a single integrated interface.
Encryption at rest + passkeys
A per-tenant key hierarchy — keys never leave your infrastructure. Phishing-resistant passkey sign-in for staff.
SMTP, IMAP, CalDAV, CardDAV
Full legacy-protocol support with DKIM / SPF / DMARC / ARC, a multi-stage spam pipeline and server-side filtering — your existing clients keep working.
Identity sync
LDAP, Active Directory and SWITCHaai-style federated identity, with per-tenant configuration for multi-department or multi-campus deployments.
On shipped capabilities alone — mail, calendar, contacts, tasks, files and chat for a few hundred to a few thousand seats — owning the backend removes per-seat hyperscaler licensing and replaces it with your own infrastructure plus, if you choose them, a licence for the Pro components. The honest framing is sovereignty and control, not a headline savings figure. Anything tied to the Drive file-server replacement is roadmap (pilot Q3 2026) and is deliberately left out of any number we put in front of you today.
Built for regulated environments.
- Encryption at rest with a per-tenant key hierarchy. Keys never leave your infrastructure; the server decrypts only for the authenticated user, so search, server-side rules and clients all keep working.
- Fail-loud integrity. OxiMail never silently drops messages, swallows errors or ignores invalid identifiers. Every failure surfaces in logs with structured context — the property regulated environments actually need.
- Passkey authentication for phishing-resistant staff sign-in, with the full legacy-protocol surface still available for existing clients.
- Audit compliance — a tamper-evident event log with hash-chained integrity, an ISO 27001 / SOC 2 / HIPAA event catalogue, retention policies and compliance reports. Roadmap 2027
- Legal archive — long-term sealed retention of audit events and mail for legal hold. Roadmap 2027
- Distribution groups & managed mailing lists — the Community edition covers internal distribution groups; the Pro edition adds moderation, archives, DMARC-friendly ARC signing and external-subscriber management for corporate-grade list management.
Tell us about your institution.
Number of seats, current stack, identity source, compliance framework and target migration window. We respond with a scoped, sovereign deployment plan — owned by you — within a few business days.