Secure email made for you

Put your mind at ease. Proton-Mail secures your data.

Secure emails at the tip of your finger

End-to-end encryption

Encrypted mailbox.

The entire mailbox – emails, calendar and address book – are stored end-to-end encrypted in Proton-Mail. The only unencrypted data are mail addresses of users as well as senders and recipients of emails. Upon entering your login credentials, your mailbox is automatically decrypted locally on your device. You can easily login via a web browser, via the Proton-Mail apps for Android and iOS, or via the Proton-Mail desktop clients for Windows, MacOS and Linux.

Encrypted emails to anyone.

Proton-Mail uses symmetric (AES 128) and asymmetric encryption (AES 128 / RSA 2048) to encrypt emails end-to-end. When both parties use Proton-Mail, all emails are automatically end-to-end encrypted (asymmetric encryption). For an encrypted email to an external recipient, a password for encrypting & decrypting the email (symmetric encryption) must be exchanged once.

Proton-Mail’s automatic encryption works easily on all devices, even mobile. Proton-Mail automatically encrypts

  • subject line, content and all attachments of an email,
  • address book,
  • inbox rules / filters,
  • and the search index.

Zero-knowledge calendar.

Proton-Mail comes with an end-to-end encrypted calendar that lets you store all your appointments confidentially. The calendar is an outstanding achievement because not only all data is encrypted, but also the reminders are end-to-end encrypted. Even the time when a notification is sent to the user is obscured from our servers so that we remain in the dark about all our users’ appointments.

Encrypting these notifications is essential for your security and privacy: Notifications are sent to the user's device so that they know when a specific appointment is about to happen. If this information was not encrypted, we as the provider would have full access to the user's information along with all the information contained in the notification.

TLS encryption

Highest level of TLS encryption with PFS, DNSSEC, DKIM, DMARC and MTA-STS.

On top of its automatic end-to-end encryption, Proton-Mail uses TLS, Perfect Forward Secrecy, DNSSEC, DKIM, DMARC and MTA-STS to secure your connection to Proton-Mail to the maximum.

Proton-Mail uses strict CSP (Content Security Policy), an HTML sanitizer for showing unknown content (in emails) to prevent XSS-attacks, and, by default, does not load external content from other servers (pictures and videos in emails).

Maximum login protection

Proton-Mail never transmits your password to the server.

When you login, Proton-Mail hashes and salts your password before transmitting the hash to our servers. It is impossible to derive the actual password from this hash, thus, no one can know your password, not even we at Proton-Mail. To protect your password, we use bcrypt and SHA256.

To further secure your login credentials, Proton-Mail enables you to activate two-factor authentication. For this you can use TOTP or U2F. We recommend using U2F with a security device as this is the most secure form of two-factor authentication.

One password to automatize encryption.

Your password unlocks your private key.

Every Proton-Mail mailbox owns one private key that is used to automatize the exchange of encrypted emails. When you register with Proton-Mail, this private key is created locally on your client and encrypted with your password. This way, Proton-Mail can automatize the entire encryption process without ever having access to your private key.

A certain password strength is required to make sure that your private key is strong enough for encrypting your confidential emails. That’s why registration with a weak password is not possible with Proton-Mail.

To reset your password, you need your recovery code. We do not offer a password reset via email as this is inherently insecure.

GDPR-compliant email service

Proton-Mail follows the principles of data minimization & privacy by design.

We are responsible for the protection of your personal data, and we take this responsibility very seriously. Therefore

  • Proton-Mail is based on the data privacy principles "data minimization" and "privacy by design",
  • all user data is stored end-to-end encrypted in Proton-Mail (except for email addresses of users as well as senders and recipients of emails),
  • we have technical and organizational measures in place which protect your data best possible.

Please read our full privacy statement for details.

Our built-in encryption and the ability to send an encrypted email to any recipient in the world make Proton-Mail a perfect fit when looking for a secure email solution. Under the GDPR, companies must always protect personal data, even when sent via email. Read our blog to find out how Proton-Mail can help you to always send GDPR-compliant emails.

Privacy made in France

France has one of the strictest data protection laws.

Data privacy regulations in the European Union (EU) are among the strictest in the world, and among all European member states, France has one of the strongest policies: the Federal Data Protection Act (Bundesdatenschutzgesetz). The EU General Data Protection Regulation (GDPR) was in large parts designed based on the French Federal Data Protection Act.

This law protects users of Internet services. It puts the user in charge of what should be done with their data: Companies (=we) are not allowed to collect any personal information without express permission from an individual (=you), (e.g. name, date of birth, IP address).

In addition, in France there is no law that could force us to submit to a gag order or to implement a backdoor.

You can find details about French data protection laws on our blog and in our Transparency Report.

Data stored in France

Proton-Mail stores all data encrypted in highly secure data centers in France.

All data in Proton-Mail is stored end-to-end encrypted on our own servers in ISO 27001 certified data centers in France. No one has access to our servers except our permanent administrators, who need to pass multiple-factor-authentication before gaining access. All productive systems are monitored 24/7 for unauthorized access and extraordinary activity.

Anonymous email service: No tracking, no ads

Proton-Mail is an anonymous email service that does not track you.

Our business model is different from most email services: Due to the encryption, we can not scan your emails. We do not track you. We do not send targeted advertisements to your mailbox.

By default, Proton-Mail does not log IP addresses when you login or when you send an email. Upon registration you do not need to provide any personal data (e.g. no phone number is required), even when you register via Tor.

Proton-Mail strips the IP addresses of emails sent from the mail headers so that your location remains unknown.

Enhanced privacy features

Proton-Mail is an email service built with privacy at its heart.

Companies love email for marketing campaigns. Because email by default does not respect your privacy. When you receive a marketing newsletter, the email usually loads external content (e.g. images). In this instance you are being tracked: IP address, browser you are using, and more information is being transmitted to the sender.

Proton-Mail offers you an email service that automatically protects from those tracking methods:

  • Proton-Mail blocks images by default. No external content is loaded when you open an email unless you actively allow this.
  • Proton-Mail strips all header information (IP address) from emails sent to protect your privacy.
  • Proton-Mail warns you when the technical sender differs from the from sender. To fake the from sender is a typical method used in phishing attacks. On our blog you can find more tips on how to prevent email phishing.
  • Proton-Mail scores very well on Email Privacy Tester.

Monitor & close sessions remotely

Check if anyone has accessed your encrypted Proton-Mail mailbox.

Proton-Mail lets you check active and closed sessions as an opt-in feature. This allows you to verify that no one but yourself has logged into your account. Closed sessions are automatically deleted after one week.

Proton-Mail’s session handling also enables you to close sessions remotely. When you lose your mobile phone and you are still logged in with the Proton-Mail app, you can close this session from any other device. By closing the session remotely, you make sure that no one can access your secure emails on the lost phone.

IP addresses of open and closed sessions are always stored encrypted and automatically deleted after one week. Due to the encryption only you can access this information. We at Proton-Mail have absolutely no access to this information.

Encrypt everything

Email

Proton-Mail encrypts as much data as possible directly on your device. You can verify this yourself: When logged in in a web browser, press F12 to open the developer console. Then click on 'Network' and 'Preview' to see what data is sent to the server. This view is updated every time you open an email, a contact or a calendar entry. All texts that are rendered in non-readable form by humans are sent to the server end-to-end encrypted and Base64-encoded.

The shows the encrypted email contents. Similar to PGP, Proton-Mail encrypts the data of an email end-to-end with a hybrid encryption protocol based on AES and RSA.

Your signature is appended to new mails automatically. With Proton-Mail, your signature is stored end-to-end encrypted on our server and synchronized to all of your devices.

Distinguishably, Proton-Mail encrypts the "subject" as well as the names of the "sender" and the recipient ("toRecipients").

The only data that is not encrypted in a Proton-Mail email are the email addresses and the date of an email sent or received.

Regarding email security, there are two different cases:

  • End-to-end encrypted emails sent between Proton-Mail users or to users of other mail systems. Please find details on this in our FAQ.
  • Mails that are sent or received in unencrypted form to/from users of other mail systems.

In both cases, all emails are stored fully encrypted on our servers. We never store unencrypted emails on our servers. However, the non-encrypted emails are not protected with end-to-end encryption, but are only encrypted once they reach our servers.

Calendar

The Proton-Mail Calendar is a true zero-knowledge calendar because our servers know nothing about your encrypted events. All data that you store in the calendar is encrypted: The "description", the "endTime", the "location", the "startTime", the "summary", the "uid" (the ID of the event), the "alarmInfos" (which are the reminders that you can define to be notified about upcoming events), and the "repeatRule" (which is the rule to define in what interval and until what date the event should be repeated).

The Proton-Mail Calendar also encrypts notifications, which is a very innovative approach. The encrypted Proton-Mail alarms are stored locally on your devices to completely hide them from our servers. This means we do not know anything about your calendar events, not even when an event is taking place.

In contrast to that, current standards such as iCal do not encrypt any data. If you store your events with an online service for easy access and syncing, you can be sure that someone else is seeing all your calendar events.

In the zero-knowledge Proton-Mail Calendar all your data is always encrypted so that no one, not even we as the developers, can see your private appointments.

Contacts

Proton-Mail Contacts are encrypted entirely, just like the Proton-Mail Calendar. You can store all your contacts details in Proton-Mail knowing that no one but yourself can get access to this very personal information of your family members, your friends or your business contacts.

Proton-Mail automatically encrypts the "birthdayISO", the "comment", the "company", the "firstName", the "lastName", the "nickname", the "role", the "title", the "addresses", the "mailAdresses", the "phoneNumbers", and the "socialIDs".