Proton
An illustration of Proton Mail's code being examined.

At Proton(new window), we believe everyone should be in control of their personal data. A critical component of controlling your data is having the ability to make informed decisions about who you entrust with your data and how it is secured. Most companies rely on security through obscurity and do not share their code, making it impossible for you to accurately assess how secure their service is.

Rather than relying on secrecy to protect our code, we believe in security through transparency, which means we: 

  • Make all our apps open source to leverage the expertise of IT security experts and the Proton community
  • Commission independent security experts to conduct regular audits of our code
  • Share the audit reports with the public

By subjecting our apps to rigorous public examination, we ensure that any potential vulnerabilities are swiftly discovered and resolved. 

We have previously shared the results of the audits for our Proton Mail(new window) and Proton VPN(new window) apps. Now that we have released the new Proton Mail, including Proton Calendar(new window), we would like to share the results of its audit as well.

The new Proton Mail is secure

Like all Proton applications, the new Proton Mail is open source, and anyone can inspect its code for themselves on GitHub(new window)

Prior to their release, the source code of both the new Proton Mail and Proton Calendar underwent an extensive security audit. We are happy to announce the final report was overwhelmingly positive, and the audit uncovered no major issues or security vulnerabilities

Read the audit report for the new Proton Mail(new window)

This security audit was carried out by Securitum(new window), a leading European security auditing company. Securitum currently oversees more than 300 security testing projects every year, including for many top European banks.

Read the latest audit reports for all Proton services

Security through transparency

Proton Mail was founded by scientists who met at the European Organization for Nuclear Research (CERN), and the scientific principles of peer review and transparency are core values of our team. Just as we would not trust a result without first seeing the underlying data, we do not expect you to trust us without being able to examine our work for yourselves. 

If you have questions or comments about the security audit for the new Proton Mail, please share them with us! Join the conversation on Twitter(new window) and Reddit(new window).

Related articles

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.