Standard email, including services like Gmail and Outlook, stores your messages on company servers where they can be read, scanned, and in some cases shared with third parties or handed to law enforcement. The content of those emails is accessible to the service provider.

Proton Mail is designed so that only you and your intended recipients can read your messages. Messages between Proton users are end-to-end encrypted on your device before they reach Proton's servers. Even Proton cannot read them.

Email has structural limitations that prevent full end-to-end encryption with all recipients, but Proton's design minimises how much the company can ever see.

• End-to-end encrypted email between Proton Mail accounts, content is encrypted on your device and can only be decrypted by the recipient
• Zero-access encryption for incoming messages from non-Proton senders, as soon as a message arrives, it's encrypted with your public key so Proton can't read it
• Sending password-protected emails to non-Proton recipients, the recipient uses a shared password to decrypt the message in their browser
• Protection from being read under Swiss law, Proton is based in Switzerland and subject to Swiss privacy legislation rather than US or EU surveillance frameworks
• Open-source apps and independently audited code
• Encrypted calendar, contacts, and drive storage included with the account

It does not end-to-end encrypt email to non-Proton recipients by default. Email to Gmail, Outlook, or other providers is protected in transit (TLS) but arrives at their servers readable by them. The password-protected option allows encryption to external recipients, but it requires both parties to coordinate and is less convenient.

It does not hide your email metadata. Proton can see who you're emailing, when, and subject lines in some configurations. End-to-end encryption protects content, not the envelope information that email requires to function.

It does not protect messages already in your inbox if your account is compromised. The encryption protects against Proton seeing your messages, but if someone gains access to your account with your credentials, they can read everything your account can read.

It is not anonymous by default. Creating an account doesn't require a phone number, but Proton may still log IP addresses at account creation depending on your setup. Creating your account over Tor addresses this.

Most email communication happens with people who don't use Proton. The end-to-end encryption advantage only applies fully to Proton-to-Proton email. If your contacts use Gmail, Proton protects your side of the storage but not theirs.

The free tier has storage and sending limits. Paid plans start at a few euros per month and include a custom domain, more storage, and access to other Proton services.

Proton offers to import your existing email history, but the imported messages are stored encrypted under your key, not readable by Proton. This is good for security but means some features that rely on server-side search or processing may be limited.

Create a Proton account at proton.me. No phone number required, though you may need to verify by email or wait list on the free tier.

Enable two-factor authentication immediately after creating your account.

If metadata privacy matters, create your account through Tor Browser to avoid Proton logging your IP at registration.

Use the password-protected email feature when you need to send sensitive content to non-Proton users. The recipient receives a link and decrypts the message with a password you share with them separately.

For maximum benefit, encourage frequent contacts to use Proton Mail. Proton-to-Proton email is where the full end-to-end encryption applies automatically.

Why email can't be fully end-to-end encrypted without both parties using compatible tools. Email was designed in an era when encryption wasn't a consideration. The protocol requires servers to handle routing, and metadata (sender, recipient, timestamp, subject) is readable at each hop. Proton works within these constraints, it can encrypt storage and protect content once delivered, but email-level encryption with arbitrary recipients requires PGP or the password-protected workaround.

PGP integration. Proton supports PGP (Pretty Good Privacy) for email with non-Proton users who also use PGP. If your contact has a PGP public key, Proton can use it to send end-to-end encrypted email. This covers a niche but important use case, journalists, security researchers, and technically sophisticated correspondents.

Zero-access encryption. When email arrives from an external sender, Proton encrypts it with your public key as soon as it hits their servers. From that point, only your private key, which Proton doesn't hold, can decrypt it. Proton cannot read it, hand it over, or be compelled to produce it in a readable form.

Swiss legal jurisdiction. Switzerland has privacy laws that require a higher threshold for law enforcement to compel data disclosure than many other countries, and Switzerland is outside the EU's and US's intelligence-sharing frameworks. This doesn't make Proton immune to legal orders, but the legal environment is more protective than operating in the US or UK.

• SimpleLogin, email aliasing that pairs well with Proton Mail
• Encryption, end-to-end, in-transit, and at-rest explained
• Metadata, what email encryption doesn't protect
• Signal, for conversations where full end-to-end encryption matters more than email format
• Threat modeling, helps clarify whether encrypted email fits your situation