Proton

Privacy Policy

Last modified: September 25, 2024

At Proton, we strongly believe in an internet where privacy is the default.

Proton’s Privacy Policy describes how Proton collects, uses, and deletes your data. In addition to this Privacy Policy, we provide data and privacy information specific to our products that use your personal data. This product-specific information can be found in the following privacy policies :

By using the proton.me or protonvpn.com website and making use of a Proton Account (the “Account”) and all its related features, including Proton Mail, Proton Calendar, Proton Drive, Proton VPN and Proton Pass (the “Services”) and other services like Proton Wallet operated by Proton Financial AG, you understand that your data in relation with your use of our Services is processed according to the following Privacy Policy and its product-specific privacy policies (together, the "Privacy Policy"). The Privacy Policy states (i) what data we collect through your access and uses of the Services; (ii) the use we make of such data; and (iii) the safeguards put in place to protect your data. The Privacy Policy is to be read and understood as being a complement to our Terms of Service.

The Services are operated by Proton AG (the “Company”, “We”), domiciled at Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva, Switzerland. It is therefore governed by the laws and regulations of Switzerland. Additional information about the legal framework can be found in our transparency report.

We are also GDPR compliant. The designated representative of the Company in the European Union (notably for the purpose of art. 27 GDPR) is Proton Europe sàrl, rue de Grünewald 94, L-1912 Luxembourg.

2. Data Proton collects from you, and how we use it

Our overriding policy is to collect as little user information (personal data included) as possible to ensure a private user experience when using the Services. We do not have the technical means to access the content of your encrypted emails, files, calendar events, passwords, or notes.

Data collection is limited to the following:

2.1 Visiting proton.me or protonvpn.com website: We employ a local installation of self-developed analytics tools. Analytics are anonymized whenever possible and stored locally (and not on the cloud). IP addresses are not retained and stored for such analytics.

2.2 Account creation: Depending on the Services you want to use, you can either create a Proton account with a Proton Mail address, or use an external (non-Proton) address. 

Creating a Proton account will give you access to all our Services. It is not necessary to provide personal information in order to create an Account. You can provide an external email address for notification or password recovery purposes. Should you choose to provide it, we associate this email address with your Account (for password recovery or notification purposes). Such data will only be used to contact you with important notifications about the Services, to send you information related to security, to verify your account or to send you password recovery links if you enable the option. We may also inform you about Proton products in which you might have an interest. The legal basis for processing is consent and you are free to modify this in your Account settings panel at any time. 

You also have the possibility to use our Proton VPN, Drive and Pass services with an external address. In this case, you have to provide your external address, which will be used as your account identifier. You can choose at any moment to create a Proton email address for this account to use Proton Mail and Calendar, too. Your email will only be used to contact you with important notifications about the Services, to send you information related to security, to verify your account or to send you password recovery links if you enable the option. We may also inform you about Proton products in which you might have an interest. The legal basis for processing is consent and you are free to modify this in your Account settings panel at any time. 

In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, we use a variety of human verification methods. Verification may also be requested for some sensitive operations besides account creation in order to protect against brute-force attacks. You may be asked to verify using either Proton Captcha, email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and for anti-spam purposes. The period of temporary data retention is determined by our legitimate interests of protecting the service from spam, and also by any applicable Swiss legal requirements we must comply with. If this data is saved permanently, it is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us. Learn more

2.3 Referral program: Proton has a referral program that is open to Proton users, publications, non-profit organizations, etc. If you are coming to Proton via such a referral program, your subscription may be attributed to the referrer. Some referrals are managed internally by Proton while others may rely upon third-party platforms used by the referrers, and if you are coming to Proton via a referrer, our site may communicate with such referrer platforms for the purposes of crediting referrers.

2.4 Account activity: The processing activities carried out by Proton for the operation of our different Services may vary depending on the Service. These activities are described in the specific Services' Privacy Policies. We may use the data mentioned above and below to detect abusive and fraudulent use of our services, and take appropriate measures. The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities.

2.5 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our Terms of Service (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities. If you enable authentication logging for your Account or voluntarily participate in Proton's advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.

2.6 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. We may also rely on third parties, such as Zendesk or Calendly (see below). If you use Proton's live chat support, you consent to having the data contained within your live chat interaction processed by Zendesk Inc, the provider of Proton's live chat support platform. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services. The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics), but we do not do any targeted advertising or any profiling. 

2.7 Communicating with Proton's Sales team: if you are a Business customer or a business prospect and are contacting our Sales team via the dedicated forms, the data you provide is used solely for the purpose of processing your request and contacting you to assess whether our products will suit your needs. The legal basis for this processing activity is your consent.

2.8 Communications from Proton: We mainly use your email address for account-related questions, communication, and recovery. By signing up to our Service, you agree to receive communications from us, which may include promotional emails. You can stop receiving emails from us by following the unsubscribe instructions included in every email we send. Alternatively, you can login(nuova finestra) to the Proton dashboard and adjust your email preferences under the ‘Account’ tab.

2.9 Payment information: We rely on Chargebee to process payments. Strictly necessary information is shared with Chargebee for credit card, PayPal, Stripe and Bitcoin transactions in order for the payment to be successful and associated with your account. Chargebee does not have access to your email or your Proton account information. We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with them. We do not retain full credit card details, we only save your name and the last 4 digits of the credit card number. Anonymous cash or Bitcoin payments and donations are accepted. We may use your account data for payment-related matters, including but not limited to sending you emails, invoices, receipts, notices of delinquency, and alerts to update payment information. The legal basis of these processing activities is the necessity to the execution of the contract to provide the Services. In order to respect the principle of data minimisation, we reserve our right to remove payment information from our systems that is no longer valid, without notice.

2.10 Native applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software, app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers in order to rapidly fix bugs. Some platforms, such as Google's Play Store or Apple's App Store may also collect aggregate, anonymous statistics, which may be governed by their respective privacy policies and Terms of Service. Such statistics can include most commonly used devices and operating systems, total number of installs and uninstalls, and the total number of active users.
Our applications do not access or track any location-based information from your device.

2.11 Proton Scribe: Proton Scribe is a feature that allows you to use our self-developed writing assistant to help you compose your messages or documents. By default, this feature operates locally on your device. You also have the possibility to have it operate server side, in which case only the minimal data necessary to make our service function will be shared with the servers. No log, account data or content data will be stored on our servers. Proton Scribe does not use content data or any of your data to train its models. 

2.12 Dark Web Monitor: Dark Web Monitor is an opt-in feature that scans hidden parts of the internet for breached or stolen personal data in relation with your Account. When you activate this feature, our systems will scan data associated with your Account (such as email addresses, usernames, phone numbers) against our own threat intelligence datasets and inform you of any detection. No user data is ever shared with third parties in that process.

2.13 Social Media: We are active on Facebook, Instagram, Linkedin, Twitter, Reddit, and Mastodon. Any information, communication, or material you submit to us via social media platforms is done at your own risk without any guarantee of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

2.14 Links to other websites and embedded content: Our website may contain links to other websites of interest. However, we are not responsible for the content of any website that we link to, and external sites are governed by their own Terms of Service and privacy policies. We may use third parties to provide embedded content (e.g. pictures) on our website which may collect information about you. The legal basis for this processing is our legitimate interest to operate our website economically.

3. Network traffic that may go through third-parties

Proton's alternative routing technology allows Proton Services to bypass many censorship blocks, but in doing so your network traffic may go through third-party networks, which we do not control. This could enable a third party to record your IP address or see that you are using Proton apps (the same information that your internet service provider is able to see). These third parties cannot see your actual data, which remain encrypted. By default, alternative routing is not used for Proton apps unless they detect that censorship measures are active on your network. Alternative routing can also be disabled in the settings panel of our mobile and desktop applications. However, doing so may cause you to be unable to access your Account from a network that is censoring Proton. Learn more

4. Data processors

To provide the Services, we rely on different data processors, which process different categories of data. Processors never store data outside of the scope of their specific purpose. Notably, they do not store data in relation with the general day-to-day use of your Account and Services, which is exclusively processed by the Company. Processors are as follow:

4.1 Proton Group processors

ProtonLabs DOOEL Skopje

  • Purpose: Process data in relation with customer support requests, or other direct communications with the company (section 2.6)
  • Data processing location: Macedonia

ProtonLabs Taiwan Co., Ltd

  • Purpose: Process data in relation with customer support requests, or other direct communications with the company (section 2.6)
  • Data processing location: Taiwan (R.O.C)

4.2 Third-party processors

Zendesk, Inc.

  • Purpose: Provide services in relation with the processing of customer support data (section 2.6)
  • Data processing location: United States
  • Guarantees for international transfer: Standard Contractual Clauses, Binding Corporate Rules, Certifications

Stripe, Inc.

  • Purpose: Provide services in relation with the processing of payment data (section 2.8)
  • Data processing location: United States
  • Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement

PayPal group

  • Purpose: Provide services in relation with the processing of payment data (section 2.8)
  • Data processing location: United States, Singapore
  • Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement

Chargebee, Inc.

  • Purpose: Provide services in relation with the processing of payment data (section 2.8)
  • Data processing location: United States
  • Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement

Atlassian Pty Ltd

  • Purpose: store data in relation with customer support
  • Data processing location: European Union, United States, United Kingdom
  • Guarantees for international transfer: Adequacy decision, Standard Contractual Clauses, Certifications

5. Data disclosure

We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. Proton’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Company. Under no circumstances can Proton decrypt end-to-end encrypted content and disclose decrypted copies. Aggregate statistics about data requests from the competent Swiss authorities can be found in the transparency reports listed in our products-specific policies.

6. Your privacy rights at Proton

Through your Account interface, you can directly access, edit, delete, or export personal data processed by the Company in your use of the Services.

If your Account has been suspended for a breach of our Terms of Service, and you would like to exercise the rights related to your personal data, you can make a request to our support team.

In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.

7. Modifications to Privacy Policy

Within the limits of applicable law, the Company reserves the right to review and change this Privacy Policy at any time. As long as you are using the Services, you are responsible for regularly reviewing this Privacy Policy. Continued use of the Services after such changes are performed shall constitute your consent to it.