Proton Mail encryption explained

Encryption is at the heart of what makes Proton Mail(new window) special. It provides a solution that’s so easy to use, any one can enjoy it.

As discussed in What is encryption?(new window), encryption is critical to keeping your data safe. In Proton Mail, the message body and attachments(new window) are fully encrypted.

Message sending

End-to-end encrypted if the Password-protected Emails(new window) feature is selected.
Otherwise encrypted with TLS if the non-Proton Mail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted but not end-to-end encrypted, Gmail, Yahoo, Hotmail, etc will be able to read these messages and hand them over. This is not possible if you use Password-protected Emails, which enable Proton Mail’s end-to-end encryption.

The email is encrypted in transit using TLS. It is then unencrypted and re-encrypted (by us) for storage on our servers using zero-access encryption. Once zero-access encryption has been applied, no-one except you can access emails stored on our servers (including us). It is not end-to-end encrypted, however, and might be accessible to the sender’s email service.

Alternatively, you can receive end-to-end encrypted emails from non-Proton Mail users using PGP. You should export your Proton Mail public PGP key(new window) and share it with contacts for them to communicate in this way with you.

All messages in your Proton Mail mailbox are stored with zero-access encryption. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-Proton Mail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well.
Password-protected Emails are also stored end-to-end encrypted.
Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.