proton.me privacy policy — score 88/100 (low risk)
Τελευταία ανάλυση
Το περιεχόμενο της αναφοράς (περίληψη, ευρήματα, αποσπάσματα) δημιουργήθηκε στα αγγλικά και δεν έχει μεταφραστεί.
Proton AG · proton.me
Λεπτομέρειες αναφοράς
low κίνδυνοςProton offers strong privacy protections with end-to-end encryption and minimal data collection, though some data is shared with US-based processors for payments and support, and network traffic may route through third parties to bypass censorship.
Proton's privacy policy demonstrates a strong commitment to data minimization and zero-access encryption, explicitly stating they cannot access user content. The policy is highly transparent about its Swiss legal jurisdiction and strict data disclosure limits. However, there are notable international data transfers to US-based third-party processors (Zendesk, Stripe, PayPal, Chargebee) for support and payments, and a unique alternative routing feature that may expose IP addresses to uncontrolled third-party networks. AI features are handled locally by default with a strict no-training guarantee.
Αξιολόγηση ανά κατηγορία
Ανάλυση της πολιτικής σε βασικούς τομείς συμμόρφωσης. Καλό = ισχυρό, μέτριο = μικτό, κακό = ανησυχητικό.
The policy explicitly states they collect as little data as possible and do not require personal information to create an account.
The policy clearly outlines what data is collected, how it is used, and lists specific processors with their locations and transfer mechanisms.
Data is shared with several US processors (Zendesk, Stripe, PayPal, Chargebee) for essential functions, though protected by SCCs.
Significant processing occurs in the US and non-EU countries (Macedonia, Taiwan, Singapore), mitigated by SCCs and BCRs but still subject to foreign surveillance risks.
Proton Scribe runs locally by default and the policy explicitly states it does not use user data to train its models.
Users can directly access, edit, delete, or export personal data via the Account interface, and are informed of the right to lodge a complaint.
Βασικά ευρήματα
Σημαντικές ρήτρες, ζητήματα ή θετικές πρακτικές (κρίσιμα πρώτα)
International Transfers to US Processors
Customer support and payment data are processed by US-based entities (Zendesk, Stripe, PayPal, Chargebee). While Standard Contractual Clauses are mentioned, US surveillance risks remain a factor.
Alternative Routing Privacy Risk
To bypass censorship, network traffic may be routed through third-party networks that can see the user's IP address. This is off by default but poses a risk when active.
Missing Transfer Safeguards for Internal Processors
Data is processed in Taiwan and North Macedonia by ProtonLabs entities, but the policy does not specify the legal mechanisms (like SCCs) ensuring these transfers comply with GDPR standards.
Strong Data Minimization and Zero-Access Encryption
The policy explicitly states that Proton collects minimal user information and lacks the technical means to access encrypted content, providing a high baseline of privacy.
AI Features Do Not Train on User Data
Proton Scribe operates locally by default, and the policy explicitly guarantees that content data is not used for model training, addressing a major AI privacy concern.
Περίληψη για τον χρήστη
Your encrypted data is very safe and Proton cannot read it, but if you use customer support or pay with a credit card, some of your data goes to standard US tech companies.
Στάση συμμόρφωσης
Proton is fully GDPR compliant and proactively designates an EU representative, applying Swiss privacy laws which are generally equivalent or superior to GDPR. Their data minimization and encryption approaches exceed standard compliance requirements.
Μεταφορές ΕΕ
Data transfers to the US for payment and support processing are mitigated using Standard Contractual Clauses and Binding Corporate Rules. However, transfers to Taiwan and North Macedonia for internal support processing lack explicit adequacy decisions or transfer mechanism descriptions in the policy. Alternative routing may expose traffic to networks in non-EU countries without specified safeguards.
Εντοπισμένα σήματα
Συγκεκριμένα δεδομένα και πρακτικές που εντοπίστηκαν στο κείμενο
Αποσπάσματα αποδείξεων
Απευθείας αποσπάσματα από την πολιτική που υποστηρίζουν αυτά τα ευρήματα
We do not have the technical means to access the content of your encrypted emails, files, calendar events, passwords, or notes.
By default, we do not keep permanent IP logs in relation with your Account.
Proton Scribe does not use content data or any of your data to train its models.
We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities.
This could enable a third party to record your IP address or see that you are using Proton apps (the same information that your internet service provider is able to see).
Λείπει ή ασαφές
- No specific retention periods defined for support or payment data
- No transfer mechanism specified for ProtonLabs in Taiwan and North Macedonia
- No detail on data shared with Hubspot or transfer safeguards
Ερωτήσεις προς υποβολή
- What specific legal safeguards or transfer mechanisms are in place for data processed by ProtonLabs in Taiwan and North Macedonia?
- What are the exact retention periods for data shared with Zendesk and Atlassian for customer support?
- Under what legal basis or agreement is data shared with Hubspot for sales inquiries, and what transfer guarantees apply?
- Can Proton provide a list of third-party networks used for alternative routing to assess their jurisdiction and privacy laws?
Κοινοποίηση αυτής της ανάλυσης
Οποιοσδήποτε με αυτόν τον σύνδεσμο μπορεί να δει το αποτέλεσμα παραπάνω.
Δημιουργήθηκε από το DentroChat
100% ευρωπαϊκό AI chat για όλους
Συνομιλήστε με AI, εργαστείτε με αρχεία, δημιουργήστε εικόνες και αναζητήστε στο διαδίκτυο. Τα δεδομένα παραμένουν στην Ευρώπη.