Strong privacy protections and user controls are offset by several standard but significant contract restrictions, including arbitration, auto-renewal, limitation of liability, and account/data deletion rules.
Proton presents a privacy-forward legal posture: it says it collects minimal data, cannot access encrypted content, offers in-account export/delete controls, and limits disclosure to lawful Swiss requests. However, the terms also include automatic renewal, broad liability limits, binding arbitration with a class waiver, unilateral policy changes, and inactivity-based deletion for free accounts.
Points of interest
The terms require individual binding arbitration for most disputes and waive class actions, which limits the ability to sue in court or band together with other users. There is an opt-out window, but only if you act within 30 days.
"“requires you to arbitrate any claims ... on an individual basis”"
Proton says it collects as little personal data as possible and does not have the technical means to access encrypted emails, files, calendar events, passwords, or notes. That is a strong privacy benefit for users handling sensitive information.
"“We do not have the technical means to access the content of your encrypted emails, files, calendar events, passwords, or notes.”"
Subscriptions renew automatically unless you cancel before the renewal date. If you miss the deadline, you can be charged for another term even if you no longer want the service.
"“After the initial term, the subscription is renewed automatically”"
Free accounts inactive for 12 months can lose emails, files, calendar entries, and passwords, with deletion notices sent in advance. That is a meaningful risk for anyone using the free tier as long-term storage.
"“access to your Account and all or part of the data associated with your Account ... may be deleted”"
Proton disclaims most warranties, including reliability and data security guarantees, and caps liability at $100 or what you paid, whichever is greater. This makes recovery for service problems or data loss much harder.
"“The Service is provided ‘as is’ and ‘as available,’ without warranty of any kind”"
Proton says it does not retain full credit card details and keeps only your name and the last four digits of the card number. This reduces the amount of payment data it stores if you pay by card.
"“We do not retain full credit card details, we only save your name and the last 4 digits of the credit card number.”"
You can access, edit, delete, or export personal data through your account interface. That gives users a direct path to data portability and account cleanup without needing to rely only on support.
"“you can directly access, edit, delete, or export personal data”"
The company reserves the right to review and change the Terms at any time, and continued use counts as consent. Users need to keep checking for updates to avoid being bound by changes they may not notice.
"“the Company reserves the right to review and change these Terms at any time”"
While Proton does not keep permanent IP logs by default, it may retain IP addresses permanently for serious Terms violations. That means some abuse-related activity can leave lasting account records.
"“your IP address may be retained permanently if you are engaged in activities that breach our Terms of Service”"
Proton says it does not keep permanent IP logs by default, though it may retain them temporarily for abuse prevention. Users concerned about logging get a relatively privacy-friendly default setting.
"“By default, we do not keep permanent IP logs in relation with your Account.”"
Other Security services on AIgree
Compare Proton with…
The 7 clauses that actually matter, the red flags to watch for, in 5 minutes.
Report a problem with this summary
Spot something wrong, missing, or misleading? Tell us — we review every report.
Spot something wrong, missing, or misleading? Tell us — we review every report.
Thanks — your report was submitted and will be reviewed.
Documents
Terms of Service
source ↗- •You must be at least 13, and minors need parental or guardian consent; accounts created by bots/automation are not allowed and will be terminated.
- •You are responsible for all activity through your account and must not use the services for illegal, abusive, or security-circumventing conduct.
- •The company may suspend, restrict, or delete accounts for unauthorized activity, excessive resource use, inactivity, or inactivity-linked data deletion after 12 months.
- •Free accounts inactive for 12 months may have emails, files, calendar entries, and passwords deleted; paid subscriptions are always treated as active.
- •The services are provided “as is” and “as available” with limited warranties; the company disclaims reliability and data security guarantees, including encrypted data recovery.
- •Company liability is generally limited, excluding many types of damages, and capped at $100 or the amount you paid, whichever is greater, depending on applicable law.
- •You may receive service credits if monthly uptime drops below set thresholds, but credits exclude downtime from user actions, external factors, maintenance, and some VPN features.
- •Subscriptions auto-renew; you can cancel and request a full refund within 30 days of initial purchase (once per user), but late refunds are discretionary and violations forfeit payments.
- •Termination and feature changes depend on plan type; downgrades may require removing paid features first, and credits may expire within 24 months.
- •Disputes are handled first by notice and then individual binding arbitration with a class action waiver, with an opt-out window within 30 days.
Privacy Policy
source ↗- •Proton says it collects as little personal data as possible and cannot access encrypted email, files, calendar events, passwords, or notes.
- •Swiss law governs the services, and Proton says it also follows GDPR and EU DSA requirements for relevant users.
- •You can create an account without giving personal information, though Proton may collect an external email for recovery, notifications, or verification.
- •Proton may collect IP addresses temporarily to prevent abuse, and may keep them permanently for serious Terms of Service violations.
- •Support chats, bug reports, sales inquiries, and payment data may be shared with processors such as Zendesk, HubSpot, Chargebee, Stripe, and PayPal.
- •Proton says it does not retain full credit card details and keeps only your name and the last four digits of the card number.
- •Proton may send account, security, recovery, and promotional emails, and you can unsubscribe or change email preferences in account settings.
- •Proton may disclose limited data only when legally required by Swiss authorities, and says it cannot decrypt end-to-end encrypted content.
- •You can access, edit, delete, or export your personal data through your account, and you may complain to the relevant supervisory authority.
