The entire data storage infrastructure is available within the areas of Switzerland and it is governed by the laws and regulations. The additional information about the legal framework can be traced down to the Transparency Report.
What data is related to access the account?
Any email that is provided by ProtonMail is via a waiting list, optional email verification, or other notification email settings that are present in the account. It is then considered as personal data as defined by the Data protection act. This data is only used to contact you with important notifications using the ProtonMail. To send the information related to the security you have to send the invitation link to create the Proton mail account. Remember, we also inform you about the latest Proton products in which you might have an interest. To maintain the security of the services, the Proton mail must take measures to maintain the barrier for the spammer.
The policy of the company works on the parameter that that data is collected as confined as possible to make sure there is a private and anonymous user experience while you are using this service. It is important to understand that there are no technical means by which you can access the contents of the encrypted message. There are user collection data that is collected by services as follows:
- Visit the website Creation of the account
- Account activity
- Communication with ProtonMail
- Accessing native apps
- Payment information
- IP logging
What is the collected data used for?
It is important to understand that we do not have any advertising on our website. Any data is not shared except whatever comes under the circumstances mentioned in the Data disclosure section. We do not do any analysis on the limited data with only considering two exceptions:
- Emails that are sent unencrypted to Proton mail accounts
- Emails that are sent by the Protonmail users to the outside users.
All the servers that are used in connection with the services are positioned in Switzerland and it is completely owned and operated by the official brand. The only employees the Company have physical or other are to access the servers. The data is always stored in the encrypted format on the servers. The Offline backups may be stored but these are encrypted. We do not possess the ability to access the user encrypted message content on either the production servers.
The proton allows the Proton apps to bypass many censorship blocks however, the network traffic may go through the third party. This will enable the third party to record the IP address or see that the third parties cannot see the actual data. The alternative routing can be completely disabled in the Settings panel for the mobile and desktop apps. However, doing this can cause you to not access the Proton account if you are on a network.
Right to access, rectify, erase and to file or lodge a complaint
Using the service, you can easily access, edit delete, or export the personal data by the company in the use of service. If your account is suspended then the terms and conditions along with the rights to safeguard the personal data and you can request the support team. If there is a case of violation of your rights then you have a right to file a complaint to competent the supervisory authority.
When the Protonmail account is cleared or closed then data is immediately deleted from the production servers. Just active the accounts will the have the data is retained. Just have the deleted emails that are permanently deleted from the production serves. The deleted data may be retained in the backups to 14 days.
We will disclose the limited user data we possess if we are instructed to do so by binding the request that is coming from the designated authorities. While we may comply with delivered notices an original copy of the court by the registered post and provide the formal response. The Protonmail might take some time and the contest request of the public interest in doing so. In some of the situations, the company will not comply with the request till all the legal or other remedies are near to extent. Therefore, not all the requests described in the Transparency Report will lead to the disclosure.