Europe Alternatives
Proton logo

Proton

Swiss end-to-end encrypted Mail, VPN, Drive, Calendar, Pass and Wallet, owned by a Swiss non-profit foundation.

🇨🇭 Switzerland
Email
VPN
Storage
Password Management

Profile last updated: · View sources

Try Proton BusinessVisit website

About Proton

Proton AG is a Swiss privacy company founded at CERN in 2014 and headquartered in Plan-les-Ouates, Geneva. The Proton suite -- Mail, VPN, Drive, Calendar, Pass, Wallet and the Lumo AI assistant -- is engineered so that Proton itself cannot read user content thanks to end-to-end encryption and a zero-access server architecture.

Proton is owned by the Proton Foundation (Fondation Proton), a Swiss non-profit foundation that became the primary shareholder on 17 June 2024. The foundation's binding purpose is to further the advancement of privacy, freedom and democracy, and it can block hostile takeovers of the company. Proton runs on its own bare-metal infrastructure in Switzerland with no Cloudflare, AWS or US hyperscaler in the user-facing request path. Public clients are open source under GPL-3.0 (with MIT/BSD-3-Clause cryptographic libraries) and are independently audited by Cure53 and Securitum.

Integrations

Proton Bridge (IMAP/SMTP)
SimpleLogin
Apple Mail (via Bridge)
Thunderbird (via Bridge)
Outlook (via Bridge)
WireGuard
OpenVPN
1Password Migration

Demo video

Features

  • End-to-end encryption across Mail, Drive, Pass, Calendar, VPN and Wallet
  • Zero-access server architecture -- Proton cannot read user content
  • Swiss jurisdiction with primary data centre in Zurich
  • Owned by the Swiss non-profit Proton Foundation since June 2024
  • Self-hosted on Proton-owned hardware -- no Cloudflare, AWS or US hyperscaler in the request path
  • ISO/IEC 27001:2022 certified (since May 2024) and SOC 2 Type II attested (Schellman, July 2025)
  • Independent annual code audits by Cure53 and Securitum (VPN no-logs review for four consecutive years)
  • Open-source clients on the ProtonMail and protonpass GitHub organisations (GPL-3.0 + MIT/BSD-3-Clause crypto)
  • PGP-compatible Mail with anonymous Send and Hide-My-Email aliases via SimpleLogin
  • Proton Sentinel high-security program and hardware-key support in Proton Pass
  • Native apps on Web, iOS, Android, macOS, Windows, Linux; Tor onion mirror at protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion
  • SAML SSO and SCIM provisioning plus DPA and SCCs on Business plans

Sovereignty Scorecard

Procurement-grade signals on data sovereignty, ownership, and EU residency.

The SHIELD framework

We score every European vendor against six sovereignty dimensions captured in the SHIELD acronym. Each card below maps to one letter — read them as a checklist when comparing providers.

S
Subprocessors

The third parties that touch customer data — payment processors, KYC vendors, support chatbots, analytics.

H
Headquarters & ownership

Where the legal entity sits, who controls it, and which subsidiaries operate under the same group.

I
Infrastructure & residency

Where customer data is physically stored, who runs the hosting stack, which CDN sits in front.

E
Exposure

Whether the vendor or its subprocessors fall under the US CLOUD Act or other extraterritorial reach.

L
Legal documents

Public terms, privacy policy, DPA, subprocessor list, impressum, and security or trust pages.

D
Diligence

Independent audits and certifications (ISO 27001, BSI C5, TISAX, SOC 2) plus open-source transparency.

Ownership

Foundation owned

Full European control

Primary shareholder is the Proton Foundation (Fondation Proton), a Swiss non-profit foundation registered as CHE-418.863.304 at the same Plan-les-Ouates address as Proton AG. Foundation control was established on 17 June 2024; trustees today include Dr. Andy Yen, Sir Tim Berners-Lee, Prof. Carissa Véliz, Antonio Gambardella and Dingchao Lu. Remaining Proton AG shares are held by Proton employees, the Geneva innovation foundation FONGIT, and individual Proton users.

Headquarters

🇨🇭 Plan-les-Ouates, Switzerland

Proton AG

Subsidiaries
  • Proton Europe sàrl 🇱🇺 LuxembourgArticle 27 GDPR EU representative for Proton AG. Address: rue de Grünewald 94, L-1912 Luxembourg.
  • Proton Financial AG 🇨🇭 SwitzerlandOperates the Proton Wallet product line.
  • ProtonLabs DOOEL Skopje North MacedoniaEngineering and data-processing entity (Skopje, North Macedonia).
  • ProtonLabs Taiwan Co., Ltd. TaiwanEngineering and data-processing entity (Taipei, Taiwan).
  • SimpleLogin 🇫🇷 FranceHide-My-Email alias service; acquired April 2022. Founder Son Nguyen Kim joined Proton's leadership team.
Data residency
CH

Fixed region

All user content -- mail, files, calendar entries, password vaults, VPN session data -- is stored on Proton-owned hardware in Switzerland. Primary data centre is in Zurich. Region is not customer-configurable.

Hosting infrastructure

Website: Proton-owned hardware in Switzerland (RIPE netblock 185.70.42.0/24, LIR CH-PROTONMAIL-20140915)

Application: Proton-owned data centre in Zurich, Switzerland

Email: Proton-owned mail clusters in Switzerland (MX terminators: mail.protonmail.ch / mailsec.protonmail.ch)

CDN: Self-hosted (no Cloudflare, Akamai, Fastly or other third-party CDN in the user-facing request path); static assets served from pmecdn.protonweb.com under Proton control

Subprocessors
NameCountryPurpose
Stripe, Inc.🇺🇸 United StatesCard payment processing
Chargebee, Inc.🇺🇸 United StatesSubscription billing and revenue automation
PayPal🇺🇸 United StatesAlternative payment processing (PayPal group entities in US and Singapore)
Zendesk, Inc.🇺🇸 United StatesCustomer support ticketing and live chat
Calendly🇺🇸 United StatesSales meeting scheduling for the business team
Certifications
iso-27001
Certified

ISO/IEC 27001:2022 — Information Security Management System covering all Proton services. Initial certification May 2024, three-year cycle with annual surveillance audits, accredited by ANAB.

soc-2-type-2
Certified

SOC 2 Type II Trust Services Criteria attestation completed July 2025 by Schellman. Covers Mail, VPN, Calendar, Drive, Pass and Wallet.

swiss-fadp
Certified

Swiss Federal Act on Data Protection (revised 2023).

hipaa
Certified

HIPAA-compliant offering for Business customers handling US-regulated PHI.

pci-dss
Certified

PCI DSS compliance via Stripe, Chargebee and PayPal payment processors. Proton appears on the processors' attestations rather than holding a direct certificate.

Legal documents
Terms of ServicePrivacy PolicyData Processing AgreementImpressumSecurity
US CLOUD Act exposure
Partial, via US subprocessors
Open source
Has open components
View source

Pricing

Free

€0

forever
  • 1 GB Mail + Drive storage
  • End-to-end encryption across Mail, Drive, Pass, Calendar
  • 1 free Proton VPN connection
  • Free Proton Pass on all devices
Mail Plus

€3.99

per month (annual)
  • 15 GB total storage
  • 10 email addresses
  • Custom domain support (1 domain)
  • Unlimited folders, labels and filters
Proton Unlimited

€9.99

per month (annual)
  • 500 GB storage across all services
  • Proton VPN with Secure Core and 10 high-speed connections
  • Proton Pass with unlimited shared vaults
  • Up to 3 custom domains
  • Sentinel high-security program
Proton Business Suite

€12.99

per user / month (annual)
  • 1 TB per user across Mail, Drive and Pass
  • DPA and SCCs available
  • SAML SSO and SCIM provisioning
  • Admin console with audit logs
  • Priority business support

Videos

Official downloads

Proton Security Whitepaper

Threat model, key management and zero-access architecture overview.

report

Transparency Report

Annual report (with intermittent updates) on government and law-enforcement requests received and how they were handled.

report

Questions & Answers

6 questions

Who owns Proton?

Proton AG is owned by the Proton Foundation (Fondation Proton), a Swiss non-profit foundation registered as CHE-418.863.304. The foundation became Proton AG's primary shareholder on 17 June 2024 and its binding purpose is, in its own words, 'to further the advancement of privacy, freedom, and democracy around the world.' The foundation can block hostile takeovers and Proton pledges 1% of net revenues to the foundation when conditions allow. Remaining shares are held by Proton employees, the Geneva innovation foundation FONGIT, and individual Proton users.

Where is my data stored and who has access?

All user content -- mail, files, calendar entries, password vaults, VPN session data -- is stored on Proton-owned hardware in Switzerland. Proton's primary data centre is in Zurich. End-to-end encryption with zero-access architecture means Proton itself cannot read the content of user data; only metadata such as account creation time and the IP address used at registration is retained, and that metadata can be omitted by paying in cash. Region is not customer-configurable; Switzerland is the only jurisdiction.

Is Proton subject to the US CLOUD Act?

Proton AG is Swiss-domiciled with no US subsidiary or US-headquartered parent -- the CLOUD Act does not reach Proton AG directly. However, several of Proton's commercial subprocessors are US-incorporated and handle limited operational data: Stripe, Chargebee and PayPal for payment processing; Zendesk for customer support; Calendly for sales meeting scheduling. None of these subprocessors have access to encrypted user content -- they only see the metadata necessary for their specific function. Article 271 of the Swiss Criminal Code additionally prohibits Proton from responding directly to foreign-authority requests that are not channelled through Swiss authorities.

Where does Proton publish its subprocessor list?

Proton's canonical subprocessor list lives in section 3.1 of the Privacy Policy at https://proton.me/legal/privacy -- the Data Processing Agreement explicitly references this section as the controlling document. There is no standalone subprocessor page (/legal/subprocessors returns 404). The currently named subprocessors are Stripe, Chargebee, PayPal, Zendesk and Calendly, all handling payment or support data only.

What certifications and audits has Proton completed?

Proton AG holds ISO/IEC 27001:2022 certification (initial certification May 2024, ANAB-accredited, three-year cycle with annual surveillance audits) and completed its first SOC 2 Type II attestation in July 2025, audited by Schellman. The compliance framework additionally covers GDPR, the revised Swiss FADP, HIPAA, CCPA, CJIS and PCI. Independent third-party code audits have been performed by Cure53 (most recent: Proton Pass, July 2023) and Securitum (most recent: Proton VPN no-logs audit, August 2025 -- the fourth consecutive annual review).

Are Proton apps open source?

Yes. All Proton client applications are open source on two GitHub organisations: github.com/ProtonMail (Mail, Drive, Calendar, Bridge, mobile clients, plus the gopenpgp cryptographic library) and github.com/protonpass (Pass and the standalone Authenticator). The main clients are licensed under GPL-3.0; the cryptographic libraries (gluon, go-proton-api, go-crypto, pmcrypto, gopenpgp) are MIT or BSD-3-Clause. All clients have undergone independent third-party audits.

Alternatives

Other European companies in the same category as Proton.

AirVPN

🇮🇹 Italy

EU Based
EU Hosting
BorgBase

🇲🇹 Malta

EU Based
EU Hosting
Bunny

🇸🇮 Slovenia

EU Based
EU Hosting
Calendar.online

🇩🇪 Germany

EU Based
EU Hosting
Clever Cloud

🇫🇷 France

EU Based
EU Hosting
Combell

🇧🇪 Belgium

EU Based
EU Hosting
Contabo

🇩🇪 Germany

EU Based
EU Hosting
Cozy

🇫🇷 France

EU Based
EU Hosting

Quick facts

Languages supported
Čeština
Dansk
Deutsch
English
Español
Suomi
Français
Italiano
日本語
KO
Nederlands
Norsk
Polski
Português
Română
RU
Svenska
TR
中文
Categories
Email
VPN
Storage
Password Management
Calendar
Alternative to
Dropbox
Fastmail
Google Calendar
Google Cloud
LastPass

Sources & verification

Every fact on this page is backed by a primary or independent source. Most recent verification: May 12, 2026.

Found an error? Report it

Citations

Profile content

Tagline
Description
Languages
  • primary · http-headersproton.me/pricing21 hreflang locales emitted by /pricing; de-duplicated to 19 ISO 639-1 codes
Pricing
Features
Q&A
Integrations
Downloads

Sovereignty (SHIELD)

SSubprocessors
  • primary · privacy-policyproton.me/legal/privacySection 3.1 names Stripe, Chargebee, PayPal, Zendesk and Calendly. No standalone /legal/subprocessors page (404).
HHeadquarters
  • primary · termsproton.me/legal/termsAddress: Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva
  • registry · otherwww.uid.admin.ch/Detail.aspxSwiss federal UID register entry for Proton AG (CHE-354.686.492; legal form 0106 Corporation; VAT active since 2016-01-01)
HOwnership
HSubsidiaries
IData residency
IHosting infrastructure
  • primary · dns-recordsproton.medig proton.me -> 185.70.42.45 in netblock 185.70.42.0/24 registered to Proton AG via RIPE LIR CH-PROTONMAIL-20140915. NS records: ns1/ns2/ns3.proton.me. MX records: mail.protonmail.ch, mailsec.protonmail.ch.
  • primary · http-headersproton.mecurl -I confirms no Cloudflare/Akamai/Fastly headers; direct TLS from Proton-owned IPs
EUS CLOUD Act exposure
  • primary · transparency-reportproton.me/legal/transparencyArticle 271 Swiss Criminal Code prohibits direct foreign-authority compliance; Proton AG is Swiss-domiciled with no US subsidiary
  • primary · privacy-policyproton.me/legal/privacyUS-incorporated subprocessors (Stripe, Chargebee, PayPal, Zendesk, Calendly) handle payment and support data only -- basis for partial-via-subprocessors rather than none
LLegal documents
  • primary · about-pageproton.me/aboutFooter enumerates terms, privacy, DPA, transparency and trust URLs
DCertifications
DOpen source
  • primary · othergithub.com/ProtonMail184 repos; major clients under GPL-3.0; crypto libraries under MIT or BSD-3-Clause
  • primary · othergithub.com/protonpassPass and Authenticator repos; verified domain ownership of proton.me