ShieldBox vs Fastmail
Fastmail is an excellent Australian-founded email service. But “Australian-owned” and “Australian-hosted” are very different things — and for compliance, only one of them matters.
Fastmail's servers are in the US and Netherlands — making your data subject to the CLOUD Act and outside Australian Privacy Act jurisdiction.
Fair comparison — Fastmail is genuinely good
Unlike Gmail or Outlook, Fastmail is Australian-founded, privacy-focused, and ad-free. We respect them as a company. The core issue for Australian compliance is purely about data residency and IRAP. If you don't have compliance obligations, Fastmail is a solid choice. If you do — you need ShieldBox.
The 4 differences that matter for Australian compliance
Australian-owned ≠ Australian-hosted
Fastmail was founded in Melbourne — but your emails sit on servers in the United States and Netherlands, where the CLOUD Act applies. ShieldBox keeps data on Australian soil, contractually guaranteed.
IRAP where Fastmail can't
Fastmail holds no IRAP assessment. For APS agencies, defence contractors, and regulated industries, IRAP is non-negotiable. ShieldBox has it — Fastmail doesn't.
Proper AI inbox, not just filters
Fastmail offers smart filtering and basic rules. ShieldBox includes a full AI inbox assistant — summarisation, draft assist, priority flagging — all processed on Australian servers.
Zero-knowledge vs staff-readable
Fastmail staff can access your emails for abuse/spam review. ShieldBox is architecturally zero-knowledge — even ShieldBox staff cannot read your email content.
Fastmail's servers are in the US — making emails subject to the CLOUD Act
Despite being Australian-owned, Fastmail stores email data on servers in the United States (New York) and Europe. The US CLOUD Act gives US authorities the power to compel any US-located provider — including Fastmail's US data centres — to hand over email data. This directly conflicts with Australian Privacy Principle 8 (cross-border disclosure obligations). ShieldBox's Sydney and Melbourne data centres have zero US jurisdiction exposure.
ShieldBox vs Fastmail: full comparison
| Feature | ShieldBox | Fastmail |
|---|---|---|
Australian Compliance | ||
Australian data sovereignty | Yes | No |
Servers located exclusively in Australia | Yes | US & Netherlands |
CLOUD Act (US law) exposure | Never exposed | Exposed (US servers) |
Privacy Act 1988 — all 13 APPs | Yes | Partial |
IRAP assessment | Yes | No |
ASD Essential Eight alignment | Yes | No |
NDB scheme compliance | Yes | Partial |
Spam Act 2003 compliance | Yes | Partial |
Ownership & Trust | ||
Australian-owned company | Yes | Yes |
Australian-operated infrastructure | Yes | No |
ISO 27001 certified | Yes | No |
Contractual Australian data guarantee | Yes | No |
Security & Privacy | ||
Zero-knowledge architecture | Yes | No |
End-to-end encryption (E2EE) | Yes | Optional (PGP) |
AES-256 encryption at rest | Yes | Yes |
MFA / hardware key support | Yes | Yes |
Ad-free experience | Yes | Yes |
Features & AI | ||
AI inbox assistant | Yes | Basic only |
AI processed on Australian servers | Yes | No |
Custom domain hosting | Yes | Yes |
CalDAV / CardDAV sync | Yes | Yes |
Shared team inboxes | Yes | Yes |
REST API access | Yes | Limited |
Support & Business | ||
Free tier | Yes | No |
Australian support team | Yes | Yes |
Government sector (APS) approved | Yes | No |
Healthcare / Legal sector approved (AU) | Yes | Limited |
Who needs to switch from Fastmail to ShieldBox?
IRAP assessment is required by the PSPF. Fastmail has no IRAP assessment. Government users on Fastmail are operating outside framework requirements.
Patient health records must be stored under Australian law. Fastmail's US-based servers put you in breach of APP 8.
Legal professional privilege obligations require data under Australian legal jurisdiction. US-hosted email does not qualify.
ISM controls and PSPF requirements mandate Australian data residency. Fastmail's US/EU infrastructure fails this test.
Tax File Number handling under APP 11 requires data security on Australian-jurisdiction servers.
CPS 234 requirements for critical data mandate jurisdictions with adequate data protections — US law does not meet this bar for Australian financial entities.
Ready to move off Fastmail?
Full Fastmail migration support included — IMAP sync, contacts, calendars. Our team handles it at no extra cost on Business plans.
Start migrating from Fastmail