Proton
For Business

Proton Business - Privacy policy

Last modified: June 16th, 2025

At Proton, we are committed to privacy, security, and transparency in how we process data. Proton’s core principles ensure no activity logs and no tracking for personal use. However, certain Proton Business plan features require additional data processing for security, compliance, and administrative purposes.

This page outlines specific data processing activities applicable only to Proton Business plans.

These additional data processing activities do not apply to Free, Plus, Unlimited, Duo, Family, Visionary, or any other consumer plan.

1. Activity events

For customers of Proton Business subscriptions across all products (Mail, Drive, VPN, and Pass), some account and activity events may be processed to enhance security and administrative oversight.

What is collected?

  • Sign-in and sign-out events
  • Multi-factor authentication (2FA) events
  • SSO (Single Sign-On) authentication events
  • Account recovery operations
  • Device and IP metadata associated with account-related events

Why is this processed?

This data helps organizations:

  • Monitor login attempts to detect unauthorized access or potential intrusions
  • Enforce internal security policies (e.g., ensuring secure logins)
  • Audit account usage for compliance and administrative purposes

This data is never used for tracking or profiling and is only accessible to authorized administrators of the business account.

2. Dedicated VPN server events

Customers using Proton VPN Professional or Proton Business Suite may rent and configure dedicated VPN servers. When Gateway Monitoring is enabled for the organization, Proton collects limited metadata to enhance the security and visibility of the organization managing a dedicated server.

What is collected?

The following data may be collected and made accessible to the administrator of the organization:

  • Connection and disconnection timestamps
  • Device metadata, such as device type and operating system
  • IP address used to connect to the server (used exclusively to support organizational monitoring and access auditing)

Why is this processed?

This metadata is processed exclusively to support the organization’s operational and security needs. Specifically, it enables organizations to:

  • Monitor usage of dedicated VPN servers for proper resource allocation
  • Provide IT administrators with tools for access visibility and auditing
  • Detect unusual activity and strengthen internal security

This data is never used for profiling, advertising, or shared with unauthorized third parties.

Gateway Monitoring is optional and can be disabled by the organization at any time.