ProtonMail is considered as one of the most privacy secure email services provider. It has claimed, "Under no circumstances however, can our encryption be bypassed, meaning emails, attachments, calendars, files, etc, cannot be compromised by legal orders.". In early 2021 the company's homepage stated: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first."

However, all this got shattered with the arrest of a French climate activist. The French police after obtaining necessary orders from the courts, through Interpol requested their Swiss counterpart. The Switzerland police served the warrant on ProtonMail. ProtonMail provided necessary header information, which it claimed it does not even store.

ProtonMail chief exec Andy Yen acknowledged it.

ProtonMail has now issued a clarification, " In this case, Proton received a legally binding order from Swiss authorities which we are obligated to comply with. There was no possibility to appeal this particular request." And they have changed their privacy policy now and it additionally say, ""If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation." Also the claim on the website that your IP address is not logged have been removed.

The question is was it a false claim? Next question is what all can be logged? Does that mean it is as good or as bad as other email services providers?

It practically ends the Unique Selling Point of ProtonMail.

References: https://www.theregister.com/2021/09/07/protonmail_hands_user_ip_address_police/

https://protonmail.com/blog/climate-activist-arrest/