At ProtonMail, we believe everyone should be in control of their personal data. A critical component of controlling your data is having the ability to make informed decisions about who you entrust with your data and how it is secured. Most companies rely on security through obscurity and do not share their code, making it impossible for you to accurately assess how secure their service is.
Rather than relying on secrecy to protect our code, we believe in security through transparency, which means we:
- Make all our apps open source to leverage the expertise of IT security experts and the Proton community
- Commission independent security experts to conduct regular audits of our code
- Share the audit reports with the public
By subjecting our apps to rigorous public examination, we ensure that any potential vulnerabilities are swiftly discovered and resolved.
We have previously shared the results of the audits for our ProtonMail and ProtonVPN apps. Now that we have released the new ProtonMail, including Proton Calendar, we would like to share the results of its audit as well.
The new ProtonMail is secure
Like all Proton applications, the new ProtonMail is open source, and anyone can inspect its code for themselves on GitHub.
Prior to their release, the source code of both the new ProtonMail and Proton Calendar underwent an extensive security audit. We are happy to announce the final report was overwhelmingly positive, and the audit uncovered no major issues or security vulnerabilities.
This security audit was carried out by Securitum, a leading European security auditing company. Securitum currently oversees more than 300 security testing projects every year, including for many top European banks.
Security through transparency
ProtonMail was founded by scientists who met at the European Organization for Nuclear Research (CERN), and the scientific principles of peer review and transparency are core values of our team. Just as we would not trust a result without first seeing the underlying data, we do not expect you to trust us without being able to examine our work for yourselves.
Note that while blog comments also remain open, questions and feedback will not be responded to individually. Where relevant, we will incorporate the most frequently asked questions or comments into a blog update.