Information for law enforcement
The following information is provided for law enforcement authorities seeking information about users of Proton services.
About Proton
Proton provides various secure services to users around the world. You can learn about our products and services by visiting our website. The Proton services are offered by Swiss-based Proton AG.
Using Proton services for activities that break Swiss law is against Proton’s terms and conditions. Under Swiss law, we're required to cooperate with law enforcement agencies on criminal investigations within the framework of Swiss laws and privacy regulations.
Information available from Proton
Proton collects user information in accordance with our terms and conditions, privacy policy, and any applicable separate agreement, such as a GDPR data processing agreement or a HIPAA business associate agreement.
Proton user notification policy
Swiss law requires that a user be notified if an authority makes a request for their private data and such data is to be used in a criminal proceedings. However, in certain situations, notification can be delayed. The following are examples of such cases:
- Where providing notice is temporarily prohibited by the Swiss legal process itself, by a Swiss court order, or applicable Swiss law
- Where, based on information supplied by law enforcement, we, at our absolute discretion, believe that providing notice could create a risk of injury, death, or irreparable damage to an identifiable individual or group of individuals
As a general rule, though, targeted users will eventually be informed and afforded the opportunity to object to the data request, either to Proton or to the Swiss authorities.
Requesting assistance
Whether you're a Swiss or a foreign law enforcement agency, we recommend that you contact us at [email protected] to inquire whether a formal request would likely lead to results or to the preservation of data anticipated. We'll generally respond to you within one business day. More critical cases will automatically be given higher priority by our team.
We recommend that law enforcement agencies contact us directly beforehand because it allows for efficient communication and action. Our legal team will be able to advise you on whether or not we'll be able to assist you with your particular case, and assist with the preservation of data if we believe that your request will be validated by Swiss authorities. For example, in ransomware cases, we can preserve information about which victims contacted the suspect, so that victims can be notified.
Depending on the nature of your case and which country the request is originating from, Proton AG may redirect you to competent Swiss authorities in order to respect the relevant Mutual Legal Assistance Treaty (MLAT) or your local international police cooperation organization. If you're requesting that an email address being used for phishing, spamming, or abuse be disabled, we can generally assist without requiring a Swiss court order. Please address any request for suspension with relevant evidence to [email protected].
Please note that in no case will Proton AG provide you with data directly following contact. If any data can be requested, it will always be transmitted through the Swiss authorities.
Required information
We'll be unable to inform about or preserve data in relation to overly broad or vague requests. All requests must identify requested data with particularity and include the following:
- The name of the issuing authority, name and badge or ID number of responsible agent, email address from a law enforcement domain, and direct contact phone number
- The specific Proton account suspected of illegal activities (or link in case of Proton Drive)
- A copy of the police report or court order (either foreign or domestic)
- A copy of the MLAT or international assistance request (if available)
Any requests must be submitted by emailing [email protected].
Guidelines may change
Proton AG reserves the right to update this information periodically. Please consult it before making any future requests.