Privacy Policy

In the following policy, ProtonMail refers to the service offered by Proton Technologies AG (the "Company" or "We") through the website (the "Service"). This Privacy Policy explains (i) what information we collect through your access and use of our Service (ii) the use we make of such informatoin; and (iii) the security level we provide for protecting such information.

By visiting and using the Services provided here, you consent to the terms outlined in this privacy policy.

Legal Framework

The Company is domiciled solely in Switzerland and all hosting infrastructure is also located solely within Switzerland, and thus governed by the laws and regulations of Switzerland.

Under Swiss law, the technical means for lawful interceptions of customer communications is governed by the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT) last amended in 2012. In the SPTT, the obligation to provide the technical means for lawful interception is imposed only on Internet access providers so the Company, as an Internet application provider, is not subject to this obligation and cannot be compelled to build in the technical means to intercept customer communications.

Data related to the opening of an account

Any emails provided to ProtonMail through either our waiting list, optional email verification, or optional notification/recovery email setting in your account, are considered personal data as defined and protection by the Swiss Federal Data Protection Act (DPA).

Such data will only be used to contact you with important notifications about ProtonMail, to send you an invitation link to create your ProtonMail account, to verify your ProtonMail account, or to send you password recovery links if you enable the option.

Data Collection

Our company’s overriding policy is to collect as little user information as possible to ensure a completely private and anonymous user experience when using the Service. We also have no technical means to access your encrypted message contents.

Service's user data collection is limited to the following:

Data Use

We do not have any advertising on our site. Any data that we do have will never be shared except under the circumstances described below in Data Disclosure. We do NOT do any analysis on the limited data we do possess with two exceptions:

Data Storage

All servers used in connection with the provisioning of the Service are located in Switzerland and wholly owned and operated by the Company. Only employees of the Company have physical or other access to the servers. Data is ALWAYS stored in encrypted format on our servers. Offline backups may be stored periodically, but these are also encrypted. We do not possess the ability to access any user encrypted message content on either the live servers or in the backups.

Data Retention

When a ProtonMail account is closed, data is immediately deleted from production servers. Active accounts will have data retained indefinitely. Deleted emails are also instantly deleted from production servers. Deleted data may be retained in our backups for up to 14 days.

Data Disclosure

We will only disclose the limited user data we possess if we receive an enforceable court order from either the Cantonal Courts of Geneva or the Swiss Federal Supreme Court. If a request is made for encrypted message content that ProtonMail does not possess the ability to decrypt, the fully encrypted message content may be turned over. If permitted by law, ProtonMail will always contact a user first before any data disclosure. Under Swiss law, it is obligatory to notify the target of a data request, although such notification may come from the authorities and not from the Company.

Modifications to Privacy Policy

ProtonMail reserves the right to periodically review and change this policy from time to time and we will notify users who have enabled the notification preference about changes to our Privacy Policy. Continued use of the Service will be deemed as acceptance of such changes.

Applicable Law

This Agreement shall be governed in all respects by the substantive laws of Switzerland. Any controversy, claim, or dispute arising out of or relating to the Agreement shall be subject to the jurisdiction of the competent courts of the Canton of Geneva, the jurisdiction of the Swiss Federal Court being expressly reserved.