Before digitization, secure data exchange was straightforward. Documents were sent by mail or handed over in person in a Leitz folder.

With the complete digitization of our client processes, we have also switched communication from paper to digital channels. The challenge here is to ensure the same high level of security online as with postal mail — especially when handling sensitive and personal data. As professionals bound by professional secrecy, we process such information in accordance with the GDPR and handle it with particular care.

In 2020, we opted for the FTAPI email solution. This ensured that attachments to our messages were not transmitted unprotected over the internet.

Admittedly, receiving such emails was a bit cumbersome at first. You had to register with FTAPI and download the attachments manually. Nevertheless, the solution served its purpose — official letters and attachments from Pape & Co. were reliably protected against unauthorized access.

Since then, technological development has progressed rapidly — in two distinctly different directions.

On the one hand, modern AI technology makes it possible to analyze large amounts of data automatically. What used to be considered an illusion—“Who would read my emails?” — is no longer a technical problem today. This increases the risk that intercepted data will be specifically evaluated or further processed.

On the other hand, email providers have also made considerable progress. Almost all major providers now encrypt transmission between their servers. The days when emails traveled through the network like open postcards are thus over.

Nevertheless, there is no such thing as 100% security. Many providers use what is known as opportunistic TLS (STARTTLS). This means that emails are only transmitted in encrypted form if the receiving server supports this technology – otherwise they are transmitted unencrypted. For senders, it is usually not possible to tell how secure the transmission actually was.

With Pape & Co. SecureMail, we are responding to these developments.

What makes our solution special is that emails are only sent if secure, encrypted transmission with qualified transport encryption (qTLS) is possible. If this is not the case—for example, because the recipient’s server does not support the necessary security — the message is automatically encrypted and uploaded to our SecureMail Cloud. There, only authorized recipients can download it. This ensures that the exchange of confidential information remains highly secure — and easy to use at the same time.

Clients can choose from the following security levels:

SecureMail with normal security
Based on qualified transport encryption (qTLS) – as secure as registered mail.

SecureMail with high security
Based on our SecureMail Cloud – access to emails is only possible with an email address and individual password for authorized recipients.

Without additional security
Sent as a normal email without any special protective measures. With a bit of luck, the email will be sent using transport encryption – but this is not guaranteed.

You decide which level of security you want. Our standard is SecureMail with normal security. Would you like more or less security? Please let us know.

SecureMail is at least as secure as traditional registered mail.

If the recipient’s mail server ensures that only the intended recipient can read the message, it even achieves the security level of “registered mail delivered in person.”

We are convinced that Pape & Co. SecureMail offers exactly the right level of security – appropriate for the sensitive content that we typically send.

This is not a simple question. Both confidentiality obligations (Section 57 StBerG, Section 203 StGB) and the GDPR require an appropriate level of protection and suitable technical and organizational measures to protect confidential data from unauthorized access.

In our view, Pape & Co. SecureMail meets these requirements—in particular because the level of protection is equivalent to or even exceeds that of traditional postal mail.

At the same time, our clients always decide for themselves whether this level of security is sufficient for them.

Perfect security will probably never exist. End-to-end encryption is considered the highest level of security: an email remains protected from sender to recipient, and only these two parties have access to the content. We do not currently offer this level of security.

However, our SecureMail with the “High Security” setting offers a similar level of security. Here, protection is based not only on qTLS, but also on our SecureMail Cloud. The message is stored there in encrypted form, and only authorized recipients can access it with their email address and password.

This option is particularly secure, but somewhat less convenient—similar to FTAPI in the past.

Important emails permanently available
Relevant messages are automatically uploaded to the SecureMail Cloud when sent – regardless of the selected security level. This means they are permanently available for download.
We use Nextcloud, a proven platform for secure file storage. With the freely available clients, you can access your messages without an email program or synchronize them with your IT system.

Large attachments – no problem
Larger files are automatically transferred to the SecureMail Cloud, regardless of the security level. This allows us to send attachments of any size while reducing the load on our recipients’ mailboxes.

Emails in EML and MSG format
Emails that we upload to the cloud are stored in folders that contain not only the email text and attachments, but also the complete message in .EML and .MSG format – ideal for archiving or transferring to other systems.

We provide our clients with a cloud solution based on Nextcloud for sharing data or transferring large amounts of data. Our Pape & Co. Nextcloud server is operated by us and hosted exclusively in Germany.

If you are not yet using your personal Pape & Co. cloud, please contact your Pape & Co. team.

We have set up various “SubmitBoxes” to enable you to send us data securely. These can be used to transfer files to us in encrypted form. Of course, you can also send us normal emails or data via the personal client cloud. You decide for yourself whether and how confidentially you want to send us data.

Quick guide to using the SubmitBoxes:

1. Click on the link to one of our SubmitBoxes (Office | Career).There, you can create a so-called SubmitBox ticket by entering your email address, which will be sent to you by email.
2. Please check your spam folder if the ticket email does not appear in your inbox.
3. This email contains a unique upload link that you can use to leave us a short message and upload one or more files securely encrypted.
4. Once the upload is complete, our system will automatically notify you that the transfer was successful.