Data Haven
Built in Lelystad. Protecting communications across the Netherlands. Co-funded by the European Union.
An extension to SecuMailer that lets you manage temporary email storage entirely within your own infrastructure.
Data sovereignty
You decide where and how temporary email data is stored
Trusted European Solution
ECSO-certified and hosted entirely on European servers
Compliant by design
Comply with all relevant regulations such as GDPR, NTA 7516, and eIDAS.
The problem
Your email is not as private as you think.
In 2021, 800 patients’ email addresses were leaked from Flevoziekenhuis, a hospital in Lelystad. That same year, a neighbouring care organisation suffered an identical breach. The cause in both cases: email routed through non-European cloud servers, legally accessible to foreign governments under the US CLOUD Act.
These incidents were not accidents. They were symptoms of a structural gap: no affordable, user-friendly solution existed for organisations that needed to send legally sensitive email without entrusting data to foreign infrastructure.
Between 70 and 80 percent of European cloud infrastructure is controlled by US-based companies – Proofpoint, Microsoft and Kiteworks among them, all subject to American law. Under the CLOUD Act, US authorities can compel disclosure of data stored anywhere in the world.
Data Haven changes that.
What is Data Haven?
The digital world must be as safe as the physical one – for every citizen, as a right.
Data Haven is a hybrid email security platform that processes and temporarily stores sensitive email data on sovereign Dutch infrastructure – entirely independent of US cloud providers. Security and privacy are not settings you have to activate. They are the default architecture.
Customer-managed encryption
Every email is encrypted with a unique key derived from a master key held by the customer. Even SecuMailer cannot read your messages. This is called Key-Based Key Derivation (KBKDF) and no comparable SaaS email product offers customers this level of cryptographic ownership.
Nine authentication methods in one platform
The first platform in the Netherlands to unify DigiD, UZI-pas, Advocatenpas, iDIN, Itsme, BankID and UAEPass in a single modular interface. All eIDAS-compliant. Ready for the EU Digital Identity Wallet (eIDAS 2.0, mandatory from 2026).
Dutch private cloud – no US dependency
Core processing logic runs on Uniserver’s Dutch infrastructure, not on Amazon Web Services. This is not a configuration option. It is the architecture. The migration blueprint – replacing AWS-proprietary services with open-standard European equivalents – is documented and replicable by any European organization.
Results
What Data Haven has achieved
- 35% reduction in CO₂ emissions per email processed, against 45% traffic growth – validated through Greenhouse Gas Protocol measurements
- The Dutch central government is evaluating migration of 7 of its 14 ministries to SecuMailer on the Data Haven private cloud – the largest public-sector commitment to email sovereignty in the EU
- Market leader for secure email among Dutch national government clients
EU funding & REGIOSTARS
Co-funded by the European Union
Data Haven was developed with support from the European Regional Development Fund (ERDF) through the Kansen voor West III programme (project number KvW3-00317). ERDF co-funding enabled a Lelystad-based SME to bridge from TRL 6 to TRL 9 – bringing a concept to a fully deployed, commercially active product.
In 2026, Data Haven has been nominated for the REGIOSTARS Award by the European Commission, in the category “A Competitive and Smart Europe”. REGIOSTARS is the EU’s most prestigious award for innovative, ERDF-funded projects.
Ready for a deep dive?
Want to see how Data Haven works in practice? Book a live demo with one of our experts. Prefer to discuss your organization’s requirements first? Get in touch with our team directly.