An email client that fits how developers actually use email.

A day with four mailboxes

At 08:10, the work Gmail has the on-call rotation update for the week. You read it, archive it with E, move on. At 09:45, the personal Gmail has a code-review request from the open-source project you maintain on the side; the GitHub notification went to a third address you set up exactly so it could be triaged separately. ⌘K, type the repo name, jump to the thread. At 13:20, the alumni address forwards a reply about a panel at next month’s conference; you draft an answer from the right identity (the nonprofit board uses a fourth one) and ⌘↵. None of those four accounts share a client today on most setups: each one arrived with its own app, its own shortcuts, its own font.

Epistles is one client for all of them. Each connected account speaks its provider’s native protocol (Gmail API for Google, MS Graph for Microsoft 365, JMAP for Fastmail, Proton with OpenPGP for ProtonMail, IMAP and SMTP for everywhere else), so Gmail’s labels, Microsoft’s threading, and Fastmail’s instant push aren’t flattened to the lowest common denominator on the way in. Each thread carries a quiet chip naming the address it belongs to, so you don’t reply from the wrong identity at midnight.

Native on Linux. Native on Mac.

The Linux build is a Tauri 2 binary. Real native, real .deb, real AppImage; the Rust runtime is a few megabytes and the rendered UI uses the system WebView rather than a bundled browser. OAuth opens in your real system browser instead of an embedded WebView, so the consent screen looks like the consent screen you already trust and there’s no Electron-shaped fingerprint on the network. IMAP and SMTP run over a Rust TCP transport. CalDAV and CardDAV are first-class for the self-hosted Nextcloud crowd.

The Mac build is a signed, notarized React Native macOS app: native menu bar, native keychain, native push for Gmail (via Pub/Sub) and Microsoft 365 (via OWA SignalR), Spotlight on the local cache. It is not a wrapped web app. Both desktop builds share most of their code with the iOS and Android apps; what differs is the system surface, not the engine.

The keyboard

Every verb has a letter. ⌘K opens a command palette that searches accounts, mailboxes, threads, and actions. J and K walk the list. E archives, S stars, ⌘↵ sends. The bindings are remappable in Settings, including chord alternates, so the muscle memory you carry from Gmail, Mail.app, or Mailspring lands in the same shape here. If you want x for select and g i for go-to-inbox the way Gmail does, that’s a configuration, not a fork. The palette is the same surface across mail, calendar, and contacts.

Open source, zero telemetry

The repository is at github.com/epistlesapp/epistles. The migration from the private working tree to the public repo is in progress, the project was built from day one with that move in mind, and we’ll publish a note when it’s done.

The desktop and mobile apps ship with no analytics SDK, no third-party crash reporter, and no usage telemetry. The only network calls Epistles makes to our infrastructure are functional ones: vault sync, push registration, OAuth refresh, image proxy, opt-in outbound tracking. Debugging happens through named logs that stay on your device until you choose to export a diagnostic bundle. If we don’t hear from you, we don’t hear from your app. The security page documents the subprocessors we use and what each one sees.

Privacy as a default, not a feature flag

Mail lives on your device, in a local SQLite store, and search runs against that cache, milliseconds, no round trip, no signal required. The local DB sits behind your operating system’s disk encryption (FileVault on Mac, Data Protection on iOS, File-Based Encryption on Android, BitLocker on Windows when that build ships, your luks setup on Linux).

Cross-device credential sync goes through a zero-knowledge Cloud Vault: OAuth tokens and IMAP passwords are encrypted on your device with a key derived from your Epistles password, and the server stores opaque AES-256-GCM bytes it cannot read. ProtonMail key material is carved out and stays in the OS keychain only; it never enters the vault. The security page walks through the full design, including the failure modes.

What isn’t there yet

An honest pitch lists the gaps. As of today:

• No Windows build yet. In development on the same Tauri 2 codebase as Linux.
• No web app at app.epistles.com yet. The origin is reserved; the hardest parts are WebCrypto for the vault and IMAP-via-WebSocket for providers that can’t be reached from a browser.
• The combined-list unified inbox lands later this year. Multi-account today means one client, one keyboard, one set of shortcuts across every account; the single chronological combined list is on the same 2026 roadmap as snooze and send-later.
• No Slack, Linear, or task-app integrations. Email is the job here.
• No AI summarization. Local-first and zero-knowledge are real constraints; we don’t send the contents of your mail to a model provider, and we have no plans to.
• The source repo is not yet public. See above.

Try it, or read the code

Mac, Linux, iOS, and Android ship today. Free covers up to three connected accounts; Pro at $35 a year is unlimited, with a 15-day no-card trial. Request an invitation, or read the security page if you want to verify the encryption and storage claims before signing up. We write back to engineers who want to verify; that’s the audience this page was written for.