Please note that safeSpace is in live Beta testing until the end of 2018. We are happy to offer you a 50% discount until then.

1) safeSpace?
2) Privacy & security
3) How safe is it?
4) Work computers
5) How it all works
6) Rules & promises
7) Support
8) Complaints
9) What's up next?
10) Prices
11) Policies
12) Who are we?
13) The Polygraph
14) Contact details
15) Status update

2-1) The safeSpace servers are based in Iceland because that country's laws are the strongest in the world when it comes to protecting privacy and security. Iceland is "the Switzerland of data" – by law nobody is allowed to create a 'backdoor' or give bulk access to another person's data. Location information and IP numbers are considered in law to be personal data, and are protected as such. To give you some idea of how passionate Icelanders are about this, at the time of writing The Pirate Party has ten seats in Parliament (out of 63). The Icelandic Modern Media Initiative, unanimously adopted by Parliament in 2010, aims to make Iceland a journalistic safe haven, absolutely protecting the freedom of information and expression. Freedom House's annual 'Freedom on the Internet' report regularly rates Iceland as having the world's highest level of Internet freedom, as well as the highest rate of secure servers (more). Iceland is also a world leader in fibre deployment, which makes it fast. Don't take our word for it — do a bit of research. You'll find our decision is backed by a solid consensus among security specialists.

The key pieces of Icelandic legislation are here:
• The Data Protection Act;
• Act on the Protection of Privacy as Regards Processing of Personal Data;
• The Rules on Electronic Surveillance;
• The Information Act; and
• The National Archives Act.

2-2) Unless required to do so by the laws of the state of Iceland or to comply with a legal process duly served, safeSpace will never disclose, exchange, trade or sell any of your data, or any record that personally identifies you. Perhaps more importantly, our business model (which is explained below) ensures that we could not do so even if we wanted to. Such data does not exist. We publish a status update each day (see below) that will keep you informed about any problems or threats we face. If there is a third party enquiry about a safeSpace meeting room or email address, the account holder will be notified immediately. Our daily update to the wider network will also reflect this event.

2-3) We work with four separate service providers in Iceland to provide different aspects of the service. Without going into detail, for obvious reasons, the workflow is arranged in such a way that all four could be simultaneously compromised without any client identities being revealed. Client records (which exclude names and addresses) are only kept for long enough to process requests. They are then permanently deleted. All we know about our account holders is their anonymized email address and a corresponding PIN number.

2-4) Our separation of administrative and operational functions is taken one step further through a cooperative relationship with our sister organization Email4Life Ltd ( This invitation-only email service for the non-profit community also operates from servers based in Iceland. The folk at Email4Life process all invoices, marking the results against a randomised order number. They then advise us regarding the status of this order. From our side, that order number is then mapped (once) to an account number, and then deleted. This allows our account holders' requirements to be met without anybody, including our staff, being able to link financial information to comments, messages, payments or personal identifiers.

2-5) All communication between your computer and safeSpace is encrypted (https) while our own traffic is double-encrypted using an award-winning open virtual private network that provides access via a series of exit servers also hosted in Iceland. This process is audited regularly.

2-6) For the sake of transparency, safeSpace runs exclusively on modified versions of open source software and the website is written in simple code (html/css with a minimum of javascript and/or php) so that you can check what is going on. You may not have the skills to audit such code yourself, but you can be sure that many other people do! We're also happy to have our systems professionally audited, although certain information must be protected under our Terms of Use. The client would also need to meet the costs involved in such an audit. We would request the right to make the results public.

Those with heavy-duty security requirements, or those whose network use is closely monitored, should consider using their home computer in some cases. We'll send you the necessary details as part of our introductory package.