Skiff was an encrypted email and productivity service that launched with significant venture funding and aggressive growth ambitions. In February 2024, Skiff was acquired by Notion and the Skiff product was wound down within months. Existing users had to migrate or lose access.
The Skiff story is worth examining because it illustrates structural risks in the consumer encrypted-services market that recur across products. Understanding what happened to Skiff helps make better choices about which providers to trust with your communications.
What happened
Skiff was founded in 2020 by ex-Stripe engineers and raised approximately $14.2 million in venture funding. The product launched as encrypted email plus calendar plus document collaboration, with a polished interface and aggressive marketing in the privacy-tools space.
The company grew quickly. By 2023, Skiff had several hundred thousand users, was being mentioned alongside ProtonMail and Tutanota in mainstream coverage, and was seen as a credible alternative.
In February 2024, Notion announced the acquisition of Skiff. The deal terms were not disclosed publicly. The Skiff product would be wound down within six months. Existing users were given migration tools to export their data and offered limited time to find alternatives.
The user community reaction was mixed. Some users appreciated the orderly migration process. Many users felt betrayed by an encrypted-service provider being acquired and shut down without longer-term commitments.
By August 2024, Skiff was offline. The product no longer existed.
Why this matters
Several structural lessons emerge from the Skiff story.
Venture-funded encrypted services have a fundamental tension. Venture investors expect significant returns within 5-10 years. The exit options are limited: IPO, acquisition by a larger company, or generating sufficient cash flow to buy out investors. For a privacy-focused encrypted service, the IPO path is rare; acquisition is the more common exit; and acquirers often have different priorities than the original product team.
The acquirer determines the product’s future. When Skiff was acquired by Notion, Notion’s interests dictated what happened next. Notion wanted Skiff’s engineering team and some technology; Notion did not want to operate an encrypted email service. The product was wound down because it did not fit Notion’s strategy, not because the product had problems.
Migration is friction even when handled well. Skiff’s wind-down had migration tools, advance notice, and reasonable handling. Users still had to find new providers, migrate data, update contacts, deal with edge cases. Encrypted email is a long-term relationship; switching providers is not painless.
Trust is structural, not promised. Skiff’s privacy claims were technically valid; the encryption did what it said. The company’s continued operation was not guaranteed by privacy claims; it was guaranteed by their business model continuing to function. When the business model led to acquisition and shutdown, the privacy guarantees became moot for users who lost access.
What this teaches about provider selection
When evaluating an encrypted service for long-term use, consider:
Funding model and runway. Venture-funded companies have structural pressure toward exit. Profitable bootstrapped companies can operate indefinitely without that pressure. Mullvad and Posteo are examples of profitable bootstrap; ProtonMail is somewhere in between (significant funding but with a non-profit foundation structure that limits acquisition risk).
Corporate structure. Companies controlled by foundations or with anti-acquisition charters (Proton AG’s Proton Foundation structure) are structurally more durable than standard for-profit companies. Privately-held companies with consistent leadership over long periods (Mullvad’s Amagicom, Posteo’s Heinlein Support) suggest stability.
Track record duration. A company that has been operating consistently for 10+ years is more likely to continue. Companies operating for only 2-4 years are still in their startup phase, with all the volatility that implies.
Acquirer alignment risk. If the company is acquired, what happens? An encrypted email provider acquired by a marketing company is a different situation than one acquired by another encrypted services company.
Migration cost. Choose providers where switching out is feasible if needed. IMAP/SMTP support, standard file formats, export tools all reduce vendor lock-in.
Specific provider risk assessment
Looking at the major encrypted email providers through this lens:
ProtonMail (Proton AG): Swiss corporation with a non-profit foundation holding controlling stake. Significant funding but with structural anti-acquisition protections. Operating since 2014, profitable. Risk: low to moderate.
Tutanota / Tuta (Tutao GmbH): German company, privately held, founder-led, operating since 2011. No outside investment. Risk: low.
Mailbox.org (Heinlein Support GmbH): German company, founded by Peer Heinlein in 1989 (originally for activists), pivoted to encrypted email in 2014. Privately held, stable leadership. Risk: very low.
Posteo (Posteo e.K.): German company, founded 2009, founder-led, privately held, profitable. Risk: very low.
StartMail (Startpage BV): Dutch company, founded 2014, owned by the same parent as the Startpage search engine. Privately held but with some investment. Risk: low to moderate.
Skiff: would have been listed here as moderate-risk venture-funded. Now: offline.
Smaller indie providers (Cryptee, etc.): high risk due to small operation; significant continuity uncertainty.
What to do practically
Pick providers with structural durability when possible. ProtonMail, Tutanota, Mailbox.org, Posteo all have track records that suggest continued operation.
Maintain migration capability. If your provider went offline tomorrow, could you export your data and move to a new provider within a week? If yes, your risk is bounded. If no, work to reduce that risk now.
Backup independently. Keep your own backup of important emails (export to local files quarterly). Do not depend on any single provider’s continued operation for data preservation.
Use IMAP/SMTP where possible. Providers that support standard protocols are easier to migrate from. Tuta’s lack of IMAP/SMTP is a real consideration if vendor lock-in matters to you.
Diversify if specific data matters extremely. For users with extremely important communications, having two encrypted email providers (one primary, one for backup) provides resilience against single-provider failure.
Skiff users’ migration paths
For Skiff users who had to migrate:
ProtonMail received many Skiff migrants. The Easy Switch tool from Proton supports importing from various sources.
Tuta received some Skiff migrants. The migration was more manual.
A small number went to self-hosted alternatives (mail server on a VPS), accepting the operational burden in exchange for full control.
The Skiff calendar and document features had less direct successors. Most former users adopted ProtonCalendar and ProtonDocs (when available) as the closest replacement.
A specific recommendation
For users currently choosing encrypted email: pick providers with structural durability. ProtonMail, Tutanota, Mailbox.org, Posteo are all reasonable choices.
For users who picked Skiff or similar venture-funded options that have since shut down: evaluate the long-term durability of your replacement.
For users currently happy with their provider: periodically reassess. The Skiff story took two years to play out from “promising new provider” to “service offline.”
The lesson is not that you should distrust all encrypted service providers. The lesson is that encrypted-service trustworthiness is about more than encryption claims; it is about the company’s structural incentives and durability.
ProtonMail | Tutanota / Tuta | Mailbox.org | Posteo
Related: The day I left Gmail, Tutanota in 2026, How to evaluate any privacy tool