The service uses the popular OpenPGP email encryption standard that's based on public-key cryptography. Each user will have a public and a private key that will form a keypair. The public key will be advertised publicly and will be used by other users to encrypt messages sent to the key owner and the key owner will then use his private key to decrypt those messages.
"Key handling is a very sensitive issue," Lavaboom said in a technical FAQ section on its website. "We let you download your keypair during registration. This is to ensure that your key remains in your possession."
"Never clear your cache from Lavaboom," the email service provider warns on its website. "We do not offer password recovery, since we can't! Once you flush your private key, all your data stays encrypted until you somehow rediscover your private key. We will not provide you with any refunds if you lose your private key."
Lavaboom claims that it doesn't know the exact locations of its servers and doesn't have physical access to them, making it more difficult to respond to government requests for data.
"If we should become scrutinized by law enforcement we rely on a severe public outcry, since we are under jurisdiction of the German law and the best privacy laws in the world," the email service provider says on its website. "If we should ever be forced by the BSI or the BND [Germany's information security and foreign intelligence agencies] to give up all our data, rest assured that we do have something in place that will destroy our hard disks in a matter of minutes and turn them into little more than coasters."