Last modified: June 26th, 2023
Account Activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk. We do not possess the technical ability to scan the content of the messages after they have been encrypted. We also have access to the following records of Account activity: number of messages sent, amount of storage space used, total number of messages, last login time. User data is never used for advertising purposes.
Easy Switch with "Sign In with Google": When you use our Easy Switch tool to import your data from Google and authenticate using the “Sign in with Google” option, Easy Switch's processing of information received from Google APIs will be performed in accordance with Google API Services User Data Policy, including the Limited Use requirements.
Easy Switch with username and password combination: When you use our Easy Switch tool to import your emails from another service provider, the credentials of the email account from which the importation is performed are stored by us for the limited duration of the importation. Once the importation is performed, those credentials are entirely deleted from our systems.
Data security: Servers used in connection with the Proton Mail service are wholly owned and operated by Proton or our subsidiaries. Access to the infrastructure and servers used by Proton Mail is tightly controlled: only employees of Proton have physical or other access to the servers. Data is always stored in encrypted format on our servers, which are exclusively located in Switzerland or Germany, under the protection of some of the world's strongest privacy laws. Offline backups, which may be stored periodically, are also encrypted. We cannot decrypt any user encrypted content on either the production servers or in the backups. Backups are kept for up to 30 days. If you use hide-my-email aliases provided by SimpleLogin or Proton Pass, some of that functionality is hosted on European cloud servers contracted through Proton subsidiary SimpleLogin SAS, and not on infrastructure that is wholly owned by Proton. Hide-my-email aliases only relay emails and do not store any emails.
Transparency report: Information about law enforcement requests can be found at the Proton Mail Transparency Report.