Sign In
Law firm · § 203 StGB

Client mail.Encrypted.Mapped to § 203.

Client communication and case-file transfer with explicit reference to attorney-client privilege under § 203 StGB. Outlook add-in for the firm, EU hosting, audit log per GDPR Art. 30. As of 2026.

Request a demoSecureMail in detail
At a glanceAs of 2026

Confidentiality as a default, not a surcharge.

  • Client mail via S/MIME, key distribution as a projectS/MIME, OpenPGP, web reader for external recipients
  • File handover via FTP or cloud dropSecureFiles as a direct line between firm and client
  • Confidentiality as a manual processConfidentiality as default in Outlook
Conbool supports attorney-client privilege under § 203 StGB technically through end-to-end encryption, audit log and EU hosting. Outlook add-in for the entire firm, modular licensing.
Right for you if:Firm size 5–500Microsoft 365 + Outlook§ 203 StGB
100 %
EU hosting
§ 203
StGB context
Outlook
Classic, New, Web
30 min.
Setup per mailbox

Compliance anchors

§ 203 StGB confidentialityBORA and BRAOGDPR Art. 5 and Art. 32Digital case file

Reference to the listed provisions assumes correct configuration. Conbool does not replace beA and does not supplement the legally mandated electronic attorney mailboxes; it covers everyday client and firm communication.

Four building blocks, tailored to the firm.

SecureMail for daily client mail, SecureFiles for the digital case file, MailGuard against partner-level CEO fraud, Disclaimer for required professional disclosures.

SecureMail

SecureMail

S/MIME, OpenPGP and web reader for external recipients without a certificate. Outlook add-in for Classic, New and Web.

SecureMail in detail
SecureFiles

SecureFiles

Direct line for case files, evidence and pleading bundles. Optional zero-knowledge in the browser.

SecureFiles in detail
MailGuard

MailGuard

Detect BEC, CEO fraud and phishing at partner, secretary and IT level before instructions are executed.

MailGuard in detail
Disclaimer

Disclaimer

Required disclosures from BORA and BRAO server-side in every outbound mail, consistent across devices.

Disclaimer in detail
Typical workflows

Four scenarios from a working law firm.

From first contact to file handover.

1

First contact, encrypted

A prospective client writes from a private inbox. The web reader makes the response readable without a certificate install.

2

Pleading bundle to the client

Pleadings, exhibits and evidence as one bundle. SecureFiles replaces email attachments and runs an audit log per access.

3

Group mail to multiple lawyers

BEC attempts to secretaries pretending to be a partner ordering a wire transfer are blocked at the authentication layer by MailGuard.

4

Recurring engagements

Passwordless return for 12 months. Repeat recipients access without a fresh password per handover.

Architecture

How Conbool plugs into the firm.

Conbool sits in front of Microsoft 365. MX switch in under 30 minutes, Outlook add-in rolls out from the Microsoft admin centre. Existing legal workflows remain unchanged.

MX switch

Inbound SMTP runs through Conbool, outbound continues through the M365 tenant.

Outlook add-in

Classic, New Outlook and Outlook Web. No end-user setup, rollout via admin console.

Entra ID

SSO via Entra ID, automatic provisioning and deprovisioning when AD adds or removes a user.

Existing legal software

Conbool coexists with common legal-tech tools through Outlook and standard mail protocols.

Compliance mapping

What § 203 StGB expects technically.

Confidentiality is both a professional and a criminal-law obligation. Technically that means: traceable access, verified recipients, documented path.

End-to-end encryption

S/MIME or OpenPGP, alternatively a web reader with a server-side session.

Audit log per GDPR Art. 30

Per client conversation: who, when, from where accessed.

Retention

Configurable per matter, with deletion and retention windows.

Sub-processing

DPA per Art. 28 GDPR, sub-processor list in the DPA.

Migration

From a practice-group pilot to firm-wide rollout.

Pilot in one practice group, then rollout via admin console. No hard interaction with beA, which keeps running in parallel.

Pilot

One practice group or department starts, the rest of the firm remains unchanged.

Rollout

Outlook add-in for all attorneys and assistants via admin centre.

beA boundary

beA remains the mandatory channel for court correspondence; Conbool covers client and firm mail outside beA.

Existing contracts

Existing DMS and legal-tech contracts continue, Conbool adds a transmission layer.

Frequently asked questions

Does Conbool replace beA?
No. beA is the legally mandated channel for court correspondence in Germany and remains unchanged. Conbool covers everyday client and firm communication outside beA, with § 203 context.
Is Conbool GDPR compliant?
Yes. Conbool is a German company and runs MailGuard, SecureMail, SecureFiles and Disclaimer exclusively in EU data centres on ISO-27001 certified infrastructure. DPA per GDPR Art. 28 is included, audit log per Art. 30 is prepared.
How does this map to § 203 StGB?
Conbool supports attorney confidentiality under § 203 StGB technically through end-to-end encryption, audit log and EU hosting. Professional responsibility remains with the firm; correct configuration and staff training are prerequisites.
How do clients see our mail?
Clients with S/MIME or OpenPGP are reached encrypted directly. Clients without a certificate receive a link to the web reader and read the message in a browser session, no account needed.
How long does rollout take?
Pilot in one practice group in less than a week. Firm-wide rollout via the Microsoft admin centre, no setup on individual lawyer machines.
What does Conbool cost for law firms?
Conbool is licensed modularly per function and per mailbox. Firms pay only for what they use. Concrete pricing on request, depending on headcount and modules.
Can we use SecureFiles for our digital case file?
Yes. SecureFiles works as an additional line for case bundles, evidence and large attachments. Configurable retention per matter, audit log per access, optional zero-knowledge in the browser.

Verwandte Lösungen

SEPPmail-Alternative

SaaS-SecureMail aus der EU, ohne Appliance-Pflege.

NIS-2 E-Mail-Verschlüsselung

S/MIME, PGP und Domain-Verschlüsselung nach NIS-2 angemessen.

NIS-2 E-Mail-Sicherheit

NIS-2-konforme E-Mail-Sicherheit mit Audit-Trail.

PDF-Verschlüsselung

Sensible PDFs verschlüsselt versenden, ohne Empfänger-Konto.

Secure Message Portal

Empfänger-Web-Reader für Schlüssel-lose Empfänger.

Verwandte Branchen

Conbool ist in benachbarten Branchen mit ähnlichem Compliance-Profil im Einsatz.

Steuerberater

Auch berufsständische Verschwiegenheit nach § 203 StGB und § 57 StBerG.

Arztpraxis & MVZ

Schweigepflicht digital — ärztliches Pendant zur anwaltlichen Verschwiegenheit.

Versicherungen

Korrespondenz mit Rechtsschutzversicherern und Berufshaftpflicht-Trägern.

Client mail encrypted, with no hurdle for the client.

Demo in 30 minutes. Pilot in one practice group. Modular by function.

Request a demoSecureMail in detail

Sources and date

Statements about § 203 StGB, BORA and BRAO are based on the respective German statutory and professional-conduct rules in force. Statements about GDPR are based on Regulation (EU) 2016/679. Statements about beA are based on the published guidance of the German Federal Bar (BRAK). As of 2026.

beA is a designation of the BRAK. Microsoft, Microsoft 365 and Outlook are trademarks of Microsoft Corporation. Conbool is a trademark of Conbool GmbH. Statements without warranty of continued accuracy.