protonmail.com

[milonmaze]

Tracking updates of protonmail.com

[milonmaze]

c0f362cd4e3c71881d5b6934dd18fbaa26f09ef6: https://protonmail.com/privacy-policy @ 2021-09-08

added new file

[milonmaze]

745a8d6f3d72ff62ede7cb497d4710f2deb2c1c1: https://protonmail.com/privacy-policy @ 2021-12-29

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index 81a9f84..dbe5e55 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -141,7 +141,6 @@ Facebook
 Twitter
 Reddit
 Instagram
-Mastodon
 Feedback Forum

  

[milonmaze]

50d9163a2afc9171cbdfc91df21ccbe0fb993784: https://protonmail.com/privacy-policy @ 2022-01-02

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index dbe5e55..7c56b15 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -147,6 +147,6 @@ Feedback Forum

-© 2021 Proton Technologies AG. All Rights Reserved.
+© 2022 Proton Technologies AG. All Rights Reserved.

 Català | Čeština | Dansk | Deutsch | Ελληνικά | English | Español (España) | Français | Hrvatski | Magyar | Bahasa (Indonesia) | íslenska | Italiano | 日本語 | Taqbaylit | Dutch | Polski | Português (Brasil) | Português (Portugal) | Română | Русский | Svenska | Türkçe | Українська | 简体中文 | 繁體中文
\ No newline at end of file

[milonmaze]

45aa678a59da9120a7908ce279ceaeca81a6128c: https://protonmail.com/privacy-policy @ 2022-03-13

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index 7c56b15..a6dbcca 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -3,14 +3,14 @@ Privacy Policy
 Last modified: September 6th, 2021

 By using the protonmail.com website and making use of ProtonMail, Proton Drive and Proton Calendar (the "Services"), you understand that your data in relation with your use of our Services is processed according to the following Privacy Policy.
-The Services are offered by Proton Technologies AG (the "Company" or "We").
+The Services are offered by Proton AG (the "Company" or "We").
 This Privacy Policy explains (i) what information we collect through your access and use of our Services (ii) the use we make of such information; and (iii) the security level we provide for protecting such information. This Privacy Policy is to be read and understood as being a complement to our Terms and Conditions.

 Legal Framework

 The Company is domiciled in Switzerland at the following address:

-Proton Technologies AG, Route de la Galaise 32, 1228 Plan-les-Ouates Geneva, Switzerland
+Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates Geneva, Switzerland

 Therefore, it is governed by the laws and regulations of Switzerland. Additional information about the legal framework can be found in our Transparency Report.

@@ -147,6 +147,6 @@ Feedback Forum

-© 2022 Proton Technologies AG. All Rights Reserved.
+© 2022 Proton AG. All Rights Reserved.

 Català | Čeština | Dansk | Deutsch | Ελληνικά | English | Español (España) | Français | Hrvatski | Magyar | Bahasa (Indonesia) | íslenska | Italiano | 日本語 | Taqbaylit | Dutch | Polski | Português (Brasil) | Português (Portugal) | Română | Русский | Svenska | Türkçe | Українська | 简体中文 | 繁體中文
\ No newline at end of file

[milonmaze]

3941f978260d5cf4f98611b349e0b4d0c155f64c: https://protonmail.com/privacy-policy @ 2022-05-25

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index a6dbcca6..0d3844cb 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -1,152 +1,106 @@
-Privacy Policy
+Privacy policy

-Last modified: September 6th, 2021
+Last modified: 25 May 2022

-By using the protonmail.com website and making use of ProtonMail, Proton Drive and Proton Calendar (the "Services"), you understand that your data in relation with your use of our Services is processed according to the following Privacy Policy.
-The Services are offered by Proton AG (the "Company" or "We").
-This Privacy Policy explains (i) what information we collect through your access and use of our Services (ii) the use we make of such information; and (iii) the security level we provide for protecting such information. This Privacy Policy is to be read and understood as being a complement to our Terms and Conditions.
+By using the proton.me website and making use of a Proton Account (the “Account”) and all its related features, including Proton Mail, Proton Contacts, Proton Calendar, and Proton Drive (the “Services”), you understand that your data in relation with your use of our Services is processed according to the following privacy policy. This policy states (i) what data we collect through your access and uses of the Services; (ii) the use we make of such data; and (iii) the safeguards put in place to protect your data. This privacy policy is to be read and understood as being a complement to our terms of service.

-Legal Framework
+Please note, Proton VPN is subject to a different policy, please visit protonvpn.com/privacy-policy for additional details.

-The Company is domiciled in Switzerland at the following address:
+1. Legal framework

-Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates Geneva, Switzerland
+The Services are operated by Proton AG (the “Company”, “We”), domiciled at Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva, Switzerland. It is therefore governed by the laws and regulations of Switzerland. Additional information about the legal framework can be found in our transparency report and on our law enforcement help page.

-Therefore, it is governed by the laws and regulations of Switzerland. Additional information about the legal framework can be found in our Transparency Report.
+We are also GDPR compliant. The designated representative of the Company in the European Union (notably for the purpose of art. 27 GDPR) is Proton Europe sàrl, rue de Grünewald 94, L-1912 Luxembourg.

-Data related to the opening of an account
+2. Data collection and usage

-Any email address provided to us through either our waiting list, optional email verification, or optional notification/recovery email setting in your account, is considered personal data as defined and protected by the Swiss Federal Data Protection Act (DPA).
+Our overriding policy is to collect as little user information (personal data included) as possible to ensure a completely private user experience when using the Services. We do not have the technical means to access the content of your encrypted emails, files, and calendar events.

-Such data will only be used to contact you with important notifications about the Services, to send you information related to security, to send you an invitation link to create your ProtonMail account, to verify your ProtonMail account, or to send you password recovery links if you enable the option. We may also inform you about new Proton products in which you might have an interest. You are free, at any given time, to opt-out of those features through the account settings panel.
+Data collection is limited to the following:

-In order to maintain the integrity of the Services, we must take measures to avoid creation of accounts by spammers. This is because if spammers use ProtonMail to send messages, ProtonMail’s IP addresses can become blocked by major mail providers such as Gmail, Yahoo, Outlook, etc.
+2.1 Visiting our website: We employ a local installation of self-developed analytics tools. Analytics are anonymized whenever possible and stored locally (and not on the cloud). IP addresses are not retained and stored for such analytics.

-In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, we use a variety of human verification methods. Verification may also be requested for some sensitive operations besides account creation in order to protect against brute-force attacks. You may be asked to verify using either hCaptcha (or reCAPTCHA in the event that hCaptcha is unavailable), Email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and for anti-spam purposes. The period of temporary data retention is determined by our legitimate interests of protecting the service from spam, and also by any applicable Swiss legal requirements we must comply with. If this data is saved permanently, it is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us. Learn More
+2.2 Account creation: It is not necessary to provide personal information in order to create an Account, but you may provide an external email address for notification or password recovery purposes. Should you choose to provide it, we do associate this email address with your Account (for password recovery or notification purposes). Such data will only be used to contact you with important notifications about the Services, to send you information related to security, to verify your account or to send you password recovery links if you enable the option. We may also inform you about new Proton products in which you might have an interest. The legal basis for processing is consent and you are free to remove that data in your Account settings panel at any time.

-Data Collection
+In order to maintain the integrity of the Services, we must take measures to avoid creation of accounts by spammers. This is because if spammers use Proton Mail to send messages, Proton Mail’s IP addresses can become blocked by major mail providers such as Gmail, Yahoo, Outlook, etc. In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, we use a variety of human verification methods. Verification may also be requested for some sensitive operations besides account creation in order to protect against brute-force attacks. You may be asked to verify using either hCaptcha (or reCAPTCHA in the event that hCaptcha is unavailable), email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and for anti-spam purposes. The period of temporary data retention is determined by our legitimate interests of protecting the service from spam, and also by any applicable Swiss legal requirements we must comply with. If this data is saved permanently, it is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us. Learn more

-Our overriding policy is to collect as little user information as possible to ensure a completely private and anonymous user experience when using the Services. We have no technical means to access the content of your encrypted emails, files, and calendar events.
+2.3 Proton Mail Account activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk. We do not possess the technical ability to scan the content of the messages after they have been encrypted. We also have access to the following records of Account activity: number of messages sent, amount of storage space used, total number of messages, last login time. User data is never used for advertising purposes.

-Data collection is limited to the following:
+2.4 Proton Calendar Account activity: The Service needs to be able to access some properties of events in order to retrieve and index them efficiently as well as send required notifications and alarms. In order to do so, we have access to the following metadata: calendar name and description, event unique identifier (UID), start and end date (including time zone), repetition rule (including exclusion dates or times), attendees’ participation status, organizer information (only when an invite is issued or received), alarms and notifications, event creation and update times and event status (confirmed or cancelled). We do NOT have access to the description of the events, their summary or title, locations, and the attendees’ email addresses.

-Visiting our website: We employ a local installation of open-source analytics tools. Analytics are anonymized whenever possible and stored locally (and not on the cloud).
+2.5 Proton Drive Account activity: For operational purposes, the Service must have access to the following metadata unencrypted: file/folder creation and modification timestamps, file/folder permissions, file type, file/folder creator. When sharing a file or folder, we need to record which users own or can access said shared file or folder. When sharing URLs, we have access to the creation and last access time, the number of times the URL was accessed to and its creator. However, we do NOT have access to file contents, file and folder names, and thumbnail previews. Such data is end-to-end encrypted. We only store the size of the encrypted files, not the size of the original unencrypted file. In the case of a report for abuse of a shared URL by a third party, the latter has access to the password used to decrypt the file(s) and transmits it to us. We only can access the content of the file(s) in such cases.

-Account creation: It is not necessary to provide personal information in order to create an account, but you may provide an external email address for notification or password recovery purposes. Should you choose to provide it, we do associate another email address with your account (for password recovery, or notifications). The legal basis for processing is consent and you are free to remove that data in the account panel of your ProtonMail account.
+In addition to end-to-end encryption, all content is also cryptographically signed by the user, before sending it to us. This means that you can always check the signature of any content you get back from our servers, which protects you from forgery (e.g. by a malicious actor).

-ProtonMail Account activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to ProtonMail are scanned for Spam and Viruses to pursue the legitimate interest of the protection of our users. We also have access to the following records of account activity: number of messages sent, amount of storage space used, total number of messages, last login time.
+2.6 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services.

-Proton Calendar Account activity: The Service needs to be able to access some properties of events in order to send required notifications and alarms. In order to do so, we have access to the following metadata: calendar name and description, event start and end date, repetition rules, attendees’ participation status, alarms and notifications, event creation and update times and event status (confirmed or cancelled). We do NOT have access to the description of the events, their summary or title, locations and the attendees’ details.
+2.7 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities.

-Proton Drive Account activity: For operational purposes, the Service must have access to the following metadata unencrypted: file/folder creation and modification timestamps, file/folder permissions, file type, file/folder owner username. When sharing a file or folder, we need to record which users own or can access said shared file or folder. When sharing URLs, we have access to the creation and last access time, the number of times the URL was accessed to and its creator. We however do NOT have access to file contents, file and folder names and thumbnail previews. Such data is end-to-end encrypted. We only know the size of the encrypted files, not the size of original unencrypted file.
-In addition to end-to-end encryption, all content is also cryptographically signed by the user, before sending it to us. This means that you can always check the signature of any content you get back from our servers, which protects you from forgery (e.g. by a malicious actor).
+If you enable authentication logging for your Account, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account.

-Communicating with ProtonMail: Your communications with the Company, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of the ProtonMail service.
+2.8 Payment information: We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with them. Anonymous cash or Bitcoin payments and donations are accepted. The legal basis of this processing is the necessity to the execution of the contract to provide the Services.

-IP Logging: By default, we do not keep permanent IP logs in relation with your use of the Services. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (spamming, DDoS attacks against our infrastructure, brute force attacks, etc). The legal basis of this processing is our legitimate interest to protect our Services against nefarious activities. If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation. This obligation however does not extend to ProtonVPN (see VPN privacy policy here). Additional details can be found in our transparency report.
+2.9 Native applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software (e.g. fabric.io app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers in order to rapidly fix bugs. Some platforms, such as Google’s Play Store or Apple’s App Store may also collect aggregate, anonymous statistics, which may be governed by their respective privacy policies and terms and conditions. Such statistics can include most commonly used devices and operating systems (e.g. percentage of Android 6.x v. Android 7.x), total number of installs and uninstalls, and the total number of active users.

-Your login IP address is also kept permanently (until you delete it) if you enable authentication logging for your account (by default this is off). The legal basis of this processing is consent, and you are free to opt-in or opt-out at any time in the security panel of your account.
+Our applications do not access or track any location-based information from your device.

-Payment Information: We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with third parties. Anonymous cash or Bitcoin payments and donations are however accepted. The legal basis of this processing is the necessity to the execution of the contract between you and us.
+2.10 Import Assistant with “Sign in with Google”: When you use our Import Assistant tool to import your data from Google and authenticate using the “Sign in with Google” option, our Import Assistant’s processing of information received from Google APIs will be performed in accordance with Google API Services User Data Policy, including the Limited Use requirements.

-Native Applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information in addition to the information mentioned elsewhere in this Policy. We may use mobile analytics software (such as fabric.io app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers so that we can fix bugs rapidly. Some platforms (such as the Google Play Store or the Apple App Store) may also collect aggregate, anonymous statistics like which type of devices and operating systems that are most commonly used (like percentage of Android 6.x vs Android 7.x), the total number of installs, total number of uninstalls, and the total number of active users, and may be governed by the privacy policy and terms and conditions of the Google Play Store or the Apple App Store. ProtonMail also has access to certain device IDs which are required for sending push notifications to user devices. None of the software on our apps will ever access or track any location-based information from your device at any time. Any personal data acquired during this process is anonymized.
+2.11 Import Assistant with a username and password combination: When you use our Import Assistant tool to import your emails from another service provider, the credentials of the email account from which the importation is performed are stored by us for the limited duration of the importation. Once the importation is performed, those credentials are entirely deleted from our systems.

-Import Assistant: When using Import Assistant to transfer your data, you can choose from multiple options:
+Please note, Proton VPN is subject to a different policy, please visit protonvpn.com/privacy-policy for additional details.

-Import Assistant with "Sign in with Google": When you use our Import Assistant Tool to import your data from Google and authenticate using the “Sign in with Google” option, Import Assistant’s use of information received from Google APIs will comply with the Google API Services User Data Policy, including the Limited Use requirements.
+3. Data storage

-Import Assistant with a username and password combination: When you use our Import Assistant Tool to import your emails from another service provider, the credentials of the email account from which the importation is performed are stored by the Company for the duration of the importation. Once the importation is performed, those credentials are entirely deleted from our systems.
+All servers used in connection with the provision of the Services are wholly owned and operated by the Company or its subsidiaries. Only employees of the Company have physical or other access to the servers. Data is always stored in encrypted format on our servers. Offline backups, which may be stored periodically, are also encrypted. We do not possess the ability to access any user encrypted content on either the production servers or in the backups.

-Data Retention
+4. Third-party networks

-When a ProtonMail account is closed, data is immediately deleted from production servers. Active accounts will have data retained indefinitely. Deleted emails, files, and calendar events are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 30 days.
+Proton's alternative routing technology allows Proton Services to bypass many censorship blocks, but in doing so your network traffic may go through third-party networks, which we do not control. This could enable a third party to record your IP address or see that you are using Proton apps (the same information that your Internet Service Provider is able to see). These third parties cannot see your actual data, which remains encrypted. By default, alternative routing is not used for Proton apps unless they detect that censorship measures are active on your network. Alternative routing can also be disabled in the Settings panel of our mobile and desktop applications. However, doing so may cause you to be unable to access your Account from a network that is censoring Proton. Learn more

-Data Use
+5. Data subprocessors

-We do not have any advertising on our site. Any data that we do have will never be shared except under the circumstances described below in the Data Disclosure Section. We do NOT do any analysis on the limited data we do possess with two exceptions:
+To provide the Services, we rely on different data subprocessors, which process different categories of data. Processors never store data outside of the scope of their specific purpose. Notably, they do not store data in relation with the general day-to-day use of your Account and Services, which is exclusively processed by the Company. Subprocessors are as follow:

-Emails sent unencrypted to ProtonMail accounts (e.g. Gmail to ProtonMail) are scanned automatically pursuing the legitimate interest of detecting spam so we can block IPs which are sending a lot of spam to ProtonMail users and place spam messages in a spam directory. Inbound messages are scanned for spam in memory, and then encrypted and written to disk. We do not possess the technical ability to scan messages after they have been encrypted.
-Emails sent by ProtonMail users to outside (e.g. Gmail) users with encryption disabled are scanned automatically pursuing the legitimate interest of detecting spam in the same manner as incoming email. This is to ensure a ProtonMail account which is being used for spamming purposes can be detected and locked so email deliverability for legitimate users is not degraded.
-Data Storage
+5.1 Proton Group subprocessors

-All servers used in connection with the provisioning of the Services are located in Switzerland and Germany and wholly owned and operated by the Company. Only employees of the Company have physical or other access to the servers. Data is ALWAYS stored in encrypted format on our servers. Offline backups may be stored periodically, but these are also encrypted. We do not possess the ability to access any user encrypted message content on either the production servers or in the backups.
+ProtonLabs DOOEL Skopje

-Third Party Networks
+Purpose: Process data in relation with customer support requests, or other direct communications with the company (section 2.4)
+Data processing location: Macedonia

-Proton's alternative routing technology allows Proton apps to bypass many censorship blocks, but your network traffic may go through third party networks which we do not control. This could enable a third party to record your IP address or see that you are using Proton apps (the same information that your Internet Service Provider is able to see). These third parties cannot see your actual data, which remains encrypted. By default, alternative routing is not used for Proton apps unless they detect that censorship measures are active on your network. Alternative routing can also be completely disabled in the Settings panel of all of our mobile and desktop applications. However, doing so may cause you to be unable to access your Proton account if you are on a network that is censoring Proton. Learn more
+ProtonLabs Taiwan Co., Ltd

-Data Subprocessors
+Purpose: Process data in relation with customer support requests, or other direct communications with the company (section 2.4)
+Data processing location: Taiwan (R.O.C)
+5.2 Third-party subprocessors

-To provide the Services, we rely on different data subprocessors, which process different categories of data:
+Zendesk, Inc.

-Third-Party Subprocessors
-Entity Purpose Entity Country
-Zendesk, Inc.  Provide services in relation with the processing of customer support data (section 2.4). Only the information you include in support tickets is stored by Zendesk.  United States
+Purpose: Provide services in relation with the processing of customer support data (section 2.4)
+Data processing location: United States

-Processors never store data outside of the scope of their specific purpose. Notably, they do not store data in relation with the general day-to-day use of your Account and Services.
+Stripe, Inc.

-Data Disclosure
+Purpose: Provide services in relation with the processing of payment data (section 2.6)
+Data processing location: United States

-We will only disclose the limited user data we possess if we are instructed to do so by a fully binding request coming from the competent Swiss authorities (legal obligation). While we may comply with electronically delivered notices (see exceptions below), the disclosed data can only be used in court after we have received an original copy of the court order by registered post or in person, and provide a formal response.
+PayPal group

-If a request is made for encrypted message content that we do not possess the ability to decrypt, the fully encrypted message content may be turned over. If permitted by law, we will always contact a user first before any data disclosure. Under Swiss law, it is obligatory to notify the target of a data request, although such notification may come from the authorities and not from us.
+Purpose: Provide services in relation with the processing of payment data (section 2.6)
+Data processing location: United States, Singapore
+6. Data disclosure

-We may from time to time, contest requests if there is a public interest in doing so. In such situations, the Company will not comply with the request until all legal or other remedies have been exhausted. Therefore, not all requests described in our Transparency Report will lead to data disclosure. We are also permitted under GDPR and Swiss law to disclose data for the purposes of defending against attacks. The legal basis for this is our legitimate interest in protecting our Service and Company against attacks.
+We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. Proton’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Company. Under no circumstances can Proton decrypt encrypted message content and disclose decrypted copies. Aggregate statistics about data requests from the competent Swiss authorities can be found in our transparency report.

-Right to Access, Rectification, Erasure, Portability, and right to lodge a complaint
+7. Right to access, rectification, erasure, portability, and right to lodge a complaint

-Through the Services, you can directly access, edit, delete or export personal data processed by the Company in your use of the Services.
+Through your Account interface, you can directly access, edit, delete, or export personal data processed by the Company in your use of the Services.

-If your account has been suspended for a breach of our Terms and Conditions, and you would like to exercise the rights related to your personal data, you can make a request to our support team.
+If your Account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal data, you can make a request to our support team.

 In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.

-Modifications to Privacy Policy
-
-We reserve the right to periodically review and change this policy from time to time. We will notify users of material changes via public announcements on our blog.
-Continued use of the Services will be deemed as acceptance of such changes.
-
- 
-
-ProtonMail
-Pricing
-Security
-Shop
-Press/Media Kit
-Onion Site
-ProtonMail Status
-Features
-iOS App
-Android App
-IMAP/SMTP Bridge
-ProtonVPN
-Business Email
-Encrypted Contacts
-Legal
-Imprint
-Privacy Policy
-Terms & Conditions
-Transparency Report
-Report Abuse
-GDPR Compliance
-Company
-Blog
-Team
-Careers
-Support
-Donate
-Open Source
-Social
-Facebook
-Twitter
-Reddit
-Instagram
-Feedback Forum
-
- 
-
-   
-
-© 2022 Proton AG. All Rights Reserved.
-
-Català | Čeština | Dansk | Deutsch | Ελληνικά | English | Español (España) | Français | Hrvatski | Magyar | Bahasa (Indonesia) | íslenska | Italiano | 日本語 | Taqbaylit | Dutch | Polski | Português (Brasil) | Português (Portugal) | Română | Русский | Svenska | Türkçe | Українська | 简体中文 | 繁體中文
\ No newline at end of file
+8. Modifications to privacy policy
+
+We reserve the right to periodically review and change this policy from time to time and will notify users who have enabled the notification preference about changes to our privacy policy. Continued use of the Services will be deemed acceptance of such changes.
\ No newline at end of file

[milonmaze]

9073442b3c013a8c43b3664d15e2de7d1f1c88f8: https://protonmail.com/privacy-policy @ 2023-04-14

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index 0d3844cb..007cd488 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -1,68 +1,58 @@
-Privacy policy
+Proton - Privacy policy

-Last modified: 25 May 2022
+Last modified: 15 March 2023

-By using the proton.me website and making use of a Proton Account (the “Account”) and all its related features, including Proton Mail, Proton Contacts, Proton Calendar, and Proton Drive (the “Services”), you understand that your data in relation with your use of our Services is processed according to the following privacy policy. This policy states (i) what data we collect through your access and uses of the Services; (ii) the use we make of such data; and (iii) the safeguards put in place to protect your data. This privacy policy is to be read and understood as being a complement to our terms of service.
+At Proton, we strongly believe in an internet where privacy is the default.

-Please note, Proton VPN is subject to a different policy, please visit protonvpn.com/privacy-policy for additional details.
+Proton’s Privacy Policy describes how Proton collects, uses, and deletes your data. In addition to this Privacy Policy, we provide data and privacy information specific to our products that use your personal data. This product-specific information can be found in the following privacy policies :
+
+Proton Mail Privacy Policy
+Proton Drive Privacy Policy
+Proton Calendar Privacy Policy
+Proton VPN Privacy Policy
+(new window)
+
+By using the proton.me website and making use of a Proton Account (the “Account”) and all its related features, including Proton Mail, Proton Calendar, Proton Drive and Proton VPN (the “Services”), you understand that your data in relation with your use of our Services is processed according to the following privacy policy and its product-specific privacy policies (together, the "Privacy Policy"). The Privacy Policy states (i) what data we collect through your access and uses of the Services; (ii) the use we make of such data; and (iii) the safeguards put in place to protect your data. The Privacy Policy is to be read and understood as being a complement to our terms and conditions.

 1. Legal framework

-The Services are operated by Proton AG (the “Company”, “We”), domiciled at Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva, Switzerland. It is therefore governed by the laws and regulations of Switzerland. Additional information about the legal framework can be found in our transparency report and on our law enforcement help page.
+The Services are operated by Proton AG (the “Company”, “We”), domiciled at Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva, Switzerland. It is therefore governed by the laws and regulations of Switzerland. Additional information about the legal framework can be found in our transparency report.

 We are also GDPR compliant. The designated representative of the Company in the European Union (notably for the purpose of art. 27 GDPR) is Proton Europe sàrl, rue de Grünewald 94, L-1912 Luxembourg.

-2. Data collection and usage
+2. Data Proton collects from you, and how we use it

-Our overriding policy is to collect as little user information (personal data included) as possible to ensure a completely private user experience when using the Services. We do not have the technical means to access the content of your encrypted emails, files, and calendar events.
+Our overriding policy is to collect as little user information (personal data included) as possible to ensure a private user experience when using the Services. We do not have the technical means to access the content of your encrypted emails, files, and calendar events.

 Data collection is limited to the following:

-2.1 Visiting our website: We employ a local installation of self-developed analytics tools. Analytics are anonymized whenever possible and stored locally (and not on the cloud). IP addresses are not retained and stored for such analytics.
-
-2.2 Account creation: It is not necessary to provide personal information in order to create an Account, but you may provide an external email address for notification or password recovery purposes. Should you choose to provide it, we do associate this email address with your Account (for password recovery or notification purposes). Such data will only be used to contact you with important notifications about the Services, to send you information related to security, to verify your account or to send you password recovery links if you enable the option. We may also inform you about new Proton products in which you might have an interest. The legal basis for processing is consent and you are free to remove that data in your Account settings panel at any time.
-
-In order to maintain the integrity of the Services, we must take measures to avoid creation of accounts by spammers. This is because if spammers use Proton Mail to send messages, Proton Mail’s IP addresses can become blocked by major mail providers such as Gmail, Yahoo, Outlook, etc. In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, we use a variety of human verification methods. Verification may also be requested for some sensitive operations besides account creation in order to protect against brute-force attacks. You may be asked to verify using either hCaptcha (or reCAPTCHA in the event that hCaptcha is unavailable), email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and for anti-spam purposes. The period of temporary data retention is determined by our legitimate interests of protecting the service from spam, and also by any applicable Swiss legal requirements we must comply with. If this data is saved permanently, it is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us. Learn more
-
-2.3 Proton Mail Account activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk. We do not possess the technical ability to scan the content of the messages after they have been encrypted. We also have access to the following records of Account activity: number of messages sent, amount of storage space used, total number of messages, last login time. User data is never used for advertising purposes.
-
-2.4 Proton Calendar Account activity: The Service needs to be able to access some properties of events in order to retrieve and index them efficiently as well as send required notifications and alarms. In order to do so, we have access to the following metadata: calendar name and description, event unique identifier (UID), start and end date (including time zone), repetition rule (including exclusion dates or times), attendees’ participation status, organizer information (only when an invite is issued or received), alarms and notifications, event creation and update times and event status (confirmed or cancelled). We do NOT have access to the description of the events, their summary or title, locations, and the attendees’ email addresses.
+2.1 Visiting proton.me website: We employ a local installation of self-developed analytics tools. Analytics are anonymized whenever possible and stored locally (and not on the cloud). IP addresses are not retained and stored for such analytics.

-2.5 Proton Drive Account activity: For operational purposes, the Service must have access to the following metadata unencrypted: file/folder creation and modification timestamps, file/folder permissions, file type, file/folder creator. When sharing a file or folder, we need to record which users own or can access said shared file or folder. When sharing URLs, we have access to the creation and last access time, the number of times the URL was accessed to and its creator. However, we do NOT have access to file contents, file and folder names, and thumbnail previews. Such data is end-to-end encrypted. We only store the size of the encrypted files, not the size of the original unencrypted file. In the case of a report for abuse of a shared URL by a third party, the latter has access to the password used to decrypt the file(s) and transmits it to us. We only can access the content of the file(s) in such cases.
+2.2 Account creation and Account Activity: Data processing activities related to Account creation and Account activity may vary between our Services. They are detailed in the product-specific privacy policies listed in preamble:

-In addition to end-to-end encryption, all content is also cryptographically signed by the user, before sending it to us. This means that you can always check the signature of any content you get back from our servers, which protects you from forgery (e.g. by a malicious actor).
+2.3 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services.

-2.6 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services.
+2.4 Payment information: We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with them. Anonymous cash or Bitcoin payments and donations are accepted. The legal basis of this processing is the necessity to the execution of the contract to provide the Services.

-2.7 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities.
-
-If you enable authentication logging for your Account, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account.
-
-2.8 Payment information: We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with them. Anonymous cash or Bitcoin payments and donations are accepted. The legal basis of this processing is the necessity to the execution of the contract to provide the Services.
-
-2.9 Native applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software (e.g. fabric.io app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers in order to rapidly fix bugs. Some platforms, such as Google’s Play Store or Apple’s App Store may also collect aggregate, anonymous statistics, which may be governed by their respective privacy policies and terms and conditions. Such statistics can include most commonly used devices and operating systems (e.g. percentage of Android 6.x v. Android 7.x), total number of installs and uninstalls, and the total number of active users.
+2.5 Native applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software (e.g. fabric.io
+(new window)
+ app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers in order to rapidly fix bugs. Some platforms, such as Google’s Play Store or Apple’s App Store may also collect aggregate, anonymous statistics, which may be governed by their respective privacy policies and terms and conditions. Such statistics can include most commonly used devices and operating systems, total number of installs and uninstalls, and the total number of active users.

 Our applications do not access or track any location-based information from your device.

-2.10 Import Assistant with “Sign in with Google”: When you use our Import Assistant tool to import your data from Google and authenticate using the “Sign in with Google” option, our Import Assistant’s processing of information received from Google APIs will be performed in accordance with Google API Services User Data Policy, including the Limited Use requirements.
-
-2.11 Import Assistant with a username and password combination: When you use our Import Assistant tool to import your emails from another service provider, the credentials of the email account from which the importation is performed are stored by us for the limited duration of the importation. Once the importation is performed, those credentials are entirely deleted from our systems.
-
-Please note, Proton VPN is subject to a different policy, please visit protonvpn.com/privacy-policy for additional details.
-
-3. Data storage
+2.6 Blog: We have a public blog on our website. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your personal information appears on our blog and you want it removed, contact us here.

-All servers used in connection with the provision of the Services are wholly owned and operated by the Company or its subsidiaries. Only employees of the Company have physical or other access to the servers. Data is always stored in encrypted format on our servers. Offline backups, which may be stored periodically, are also encrypted. We do not possess the ability to access any user encrypted content on either the production servers or in the backups.
+2.7 Social Media: We are active on Facebook, Instagram, Linkedin, Twitter, Reddit, and Mastodon. Any information, communication, or material you submit to us via social media platforms is done at your own risk without any guarantee of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

-4. Third-party networks
+3. Network traffic that may go through third-parties

-Proton's alternative routing technology allows Proton Services to bypass many censorship blocks, but in doing so your network traffic may go through third-party networks, which we do not control. This could enable a third party to record your IP address or see that you are using Proton apps (the same information that your Internet Service Provider is able to see). These third parties cannot see your actual data, which remains encrypted. By default, alternative routing is not used for Proton apps unless they detect that censorship measures are active on your network. Alternative routing can also be disabled in the Settings panel of our mobile and desktop applications. However, doing so may cause you to be unable to access your Account from a network that is censoring Proton. Learn more
+Proton's alternative routing technology allows Proton Services to bypass many censorship blocks, but in doing so your network traffic may go through third-party networks, which we do not control. This could enable a third party to record your IP address or see that you are using Proton apps (the same information that your internet service provider is able to see). These third parties cannot see your actual data, which remain encrypted. By default, alternative routing is not used for Proton apps unless they detect that censorship measures are active on your network. Alternative routing can also be disabled in the settings panel of our mobile and desktop applications. However, doing so may cause you to be unable to access your Account from a network that is censoring Proton. Learn more

-5. Data subprocessors
+4. Data subprocessors

 To provide the Services, we rely on different data subprocessors, which process different categories of data. Processors never store data outside of the scope of their specific purpose. Notably, they do not store data in relation with the general day-to-day use of your Account and Services, which is exclusively processed by the Company. Subprocessors are as follow:

-5.1 Proton Group subprocessors
+4.1 Proton Group subprocessors

 ProtonLabs DOOEL Skopje

@@ -73,7 +63,7 @@ ProtonLabs Taiwan Co., Ltd

 Purpose: Process data in relation with customer support requests, or other direct communications with the company (section 2.4)
 Data processing location: Taiwan (R.O.C)
-5.2 Third-party subprocessors
+4.2 Third-party subprocessors

 Zendesk, Inc.

@@ -89,11 +79,11 @@ PayPal group

 Purpose: Provide services in relation with the processing of payment data (section 2.6)
 Data processing location: United States, Singapore
-6. Data disclosure
+5. Data disclosure

 We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. Proton’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Company. Under no circumstances can Proton decrypt encrypted message content and disclose decrypted copies. Aggregate statistics about data requests from the competent Swiss authorities can be found in our transparency report.

-7. Right to access, rectification, erasure, portability, and right to lodge a complaint
+6. Your privacy rights at Proton

 Through your Account interface, you can directly access, edit, delete, or export personal data processed by the Company in your use of the Services.

@@ -101,6 +91,6 @@ If your Account has been suspended for a breach of our terms and conditions, and

 In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.

-8. Modifications to privacy policy
+7. Modifications to Privacy Policy

-We reserve the right to periodically review and change this policy from time to time and will notify users who have enabled the notification preference about changes to our privacy policy. Continued use of the Services will be deemed acceptance of such changes.
\ No newline at end of file
+Within the limits of applicable law, the Company reserves the right to review and change this Privacy Policy at any time. As long as you are using the Services, you are responsible for regularly reviewing this Privacy Policy. Continued use of the Services after such changes are performed shall constitute your consent to it.
\ No newline at end of file

[milonmaze]

e816078a268abf236bb8628c3b33cefdc7f24865: https://protonmail.com/privacy-policy @ 2023-06-30

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index 007cd488..bf74ea0b 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -1,6 +1,6 @@
 Proton - Privacy policy

-Last modified: 15 March 2023
+Last modified: June 26th, 2023

 At Proton, we strongly believe in an internet where privacy is the default.

@@ -11,8 +11,9 @@ Proton Drive Privacy Policy
 Proton Calendar Privacy Policy
 Proton VPN Privacy Policy
 (new window)
+Proton Pass Privacy Policy

-By using the proton.me website and making use of a Proton Account (the “Account”) and all its related features, including Proton Mail, Proton Calendar, Proton Drive and Proton VPN (the “Services”), you understand that your data in relation with your use of our Services is processed according to the following privacy policy and its product-specific privacy policies (together, the "Privacy Policy"). The Privacy Policy states (i) what data we collect through your access and uses of the Services; (ii) the use we make of such data; and (iii) the safeguards put in place to protect your data. The Privacy Policy is to be read and understood as being a complement to our terms and conditions.
+By using the proton.me or protonvpn.com website and making use of a Proton Account (the “Account”) and all its related features, including Proton Mail, Proton Calendar, Proton Drive, Proton VPN and Proton Pass (the “Services”), you understand that your data in relation with your use of our Services is processed according to the following privacy policy and its product-specific privacy policies (together, the "Privacy Policy"). The Privacy Policy states (i) what data we collect through your access and uses of the Services; (ii) the use we make of such data; and (iii) the safeguards put in place to protect your data. The Privacy Policy is to be read and understood as being a complement to our terms and conditions.

 1. Legal framework

@@ -22,27 +23,44 @@ We are also GDPR compliant. The designated representative of the Company in the

 2. Data Proton collects from you, and how we use it

-Our overriding policy is to collect as little user information (personal data included) as possible to ensure a private user experience when using the Services. We do not have the technical means to access the content of your encrypted emails, files, and calendar events.
+Our overriding policy is to collect as little user information (personal data included) as possible to ensure a private user experience when using the Services. We do not have the technical means to access the content of your encrypted emails, files, calendar events, passwords, or notes.

 Data collection is limited to the following:

-2.1 Visiting proton.me website: We employ a local installation of self-developed analytics tools. Analytics are anonymized whenever possible and stored locally (and not on the cloud). IP addresses are not retained and stored for such analytics.
+2.1 Visiting proton.me or protonvpn.com website: We employ a local installation of self-developed analytics tools. Analytics are anonymized whenever possible and stored locally (and not on the cloud). IP addresses are not retained and stored for such analytics.

-2.2 Account creation and Account Activity: Data processing activities related to Account creation and Account activity may vary between our Services. They are detailed in the product-specific privacy policies listed in preamble:
+2.2 Account creation: Depending on the Services you want to use, you can either create a Proton account with a Proton Mail address, or use an external (non-Proton) address.

-2.3 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services.
+Creating a Proton account will give you access to all our Services. It is not necessary to provide personal information in order to create an Account. You can provide an external email address for notification or password recovery purposes. Should you choose to provide it, we associate this email address with your Account (for password recovery or notification purposes). Such data will only be used to contact you with important notifications about the Services, to send you information related to security, to verify your account or to send you password recovery links if you enable the option. We may also inform you about Proton products in which you might have an interest. The legal basis for processing is consent and you are free to modify this in your Account settings panel at any time.

-2.4 Payment information: We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with them. Anonymous cash or Bitcoin payments and donations are accepted. The legal basis of this processing is the necessity to the execution of the contract to provide the Services.
+You also have the possibility to use our Proton VPN, Drive and Pass services with an external address. In this case, you have to provide your external address, which will be used as your account identifier. You can choose at any moment to create a Proton email address for this account to use Proton Mail and Calendar, too. Your email will only be used to contact you with important notifications about the Services, to send you information related to security, to verify your account or to send you password recovery links if you enable the option. We may also inform you about Proton products in which you might have an interest. The legal basis for processing is consent and you are free to modify this in your Account settings panel at any time.

-2.5 Native applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software (e.g. fabric.io
+In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, we use a variety of human verification methods. Verification may also be requested for some sensitive operations besides account creation in order to protect against brute-force attacks. You may be asked to verify using either Proton Captcha, hCaptcha (or reCAPTCHA in the event that hCaptcha is unavailable), email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and for anti-spam purposes. The period of temporary data retention is determined by our legitimate interests of protecting the service from spam, and also by any applicable Swiss legal requirements we must comply with. If this data is saved permanently, it is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us. Learn more
+
+2.3 Referral program: Proton has a referral program that is open to Proton users, publications, non-profit organizations, etc. If you are coming to Proton via such a referral program, your subscription may be attributed to the referrer. Some referrals are managed internally by Proton while others may rely upon third-party platforms used by the referrers, and if you are coming to Proton via a referrer, our site may communicate with such referrer platforms for the purposes of crediting referrers.
+
+2.4 Account activity: The processing activities carried out by Proton for the operation of our different Services may vary depending on the Service. These activities are described in the specific Services' Privacy Policies.
+
+
+2.5 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities. If you enable authentication logging for your Account or voluntarily participate in Proton's advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.
+
+2.6 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. We may also rely on third parties, such as Zendesk (see below). If you use Proton's live chat support, you consent to having the data contained within your live chat interaction processed by Zendesk Inc, the provider of Proton's live chat support platform. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services. The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics), but we do not do any targeted advertising or any profiling.
+
+2.7 Communications from Proton: We mainly use your email address for account-related questions, communication, and recovery. By signing up to our Service, you agree to receive communications from us, which may include promotional emails. You can stop receiving emails from us by following the unsubscribe instructions included in every email we send. Alternatively, you can login
+(new window)
+ to the Proton dashboard and adjust your email preferences under the ‘Account’ tab.
+
+2.8 Payment information: We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with them. We do not retain full credit card details, we only save your name and the last 4 digits of the credit card number. Anonymous cash or Bitcoin payments and donations are accepted. We may use your account data for payment-related matters, including but not limited to sending you emails, invoices, receipts, notices of delinquency, and alerts to update payment information. The legal basis of these processing activities is the necessity to the execution of the contract to provide the Services. In order to respect the principle of data minimisation, we reserve our right to remove payment information from our systems that is no longer valid, without notice.
+
+2.9 Native applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software (e.g. fabric.io
 (new window)
- app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers in order to rapidly fix bugs. Some platforms, such as Google’s Play Store or Apple’s App Store may also collect aggregate, anonymous statistics, which may be governed by their respective privacy policies and terms and conditions. Such statistics can include most commonly used devices and operating systems, total number of installs and uninstalls, and the total number of active users.
+) app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers in order to rapidly fix bugs. Some platforms, such as Google’s Play Store or Apple’s App Store may also collect aggregate, anonymous statistics, which may be governed by their respective privacy policies and terms and conditions. Such statistics can include most commonly used devices and operating systems, total number of installs and uninstalls, and the total number of active users.

 Our applications do not access or track any location-based information from your device.

-2.6 Blog: We have a public blog on our website. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your personal information appears on our blog and you want it removed, contact us here.
+2.10 Social Media: We are active on Facebook, Instagram, Linkedin, Twitter, Reddit, and Mastodon. Any information, communication, or material you submit to us via social media platforms is done at your own risk without any guarantee of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

-2.7 Social Media: We are active on Facebook, Instagram, Linkedin, Twitter, Reddit, and Mastodon. Any information, communication, or material you submit to us via social media platforms is done at your own risk without any guarantee of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
+2.11 Links to other websites: Our website may contain links to other websites of interest. However, we are not responsible for the content of any website that we link to, and external sites are governed by their own terms and conditions and privacy policies.

 3. Network traffic that may go through third-parties

@@ -56,32 +74,35 @@ To provide the Services, we rely on different data subprocessors, which process

 ProtonLabs DOOEL Skopje

-Purpose: Process data in relation with customer support requests, or other direct communications with the company (section 2.4)
+Purpose: Process data in relation with customer support requests, or other direct communications with the company (section 2.6)
 Data processing location: Macedonia

 ProtonLabs Taiwan Co., Ltd

-Purpose: Process data in relation with customer support requests, or other direct communications with the company (section 2.4)
+Purpose: Process data in relation with customer support requests, or other direct communications with the company (section 2.6)
 Data processing location: Taiwan (R.O.C)
 4.2 Third-party subprocessors

 Zendesk, Inc.

-Purpose: Provide services in relation with the processing of customer support data (section 2.4)
+Purpose: Provide services in relation with the processing of customer support data (section 2.6)
 Data processing location: United States
+Guarantees for international transfer: Standard Contractual Clauses, Binding Corporate Rules, Certifications

 Stripe, Inc.

-Purpose: Provide services in relation with the processing of payment data (section 2.6)
+Purpose: Provide services in relation with the processing of payment data (section 2.8)
 Data processing location: United States
+Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement

 PayPal group

-Purpose: Provide services in relation with the processing of payment data (section 2.6)
+Purpose: Provide services in relation with the processing of payment data (section 2.8)
 Data processing location: United States, Singapore
+Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement
 5. Data disclosure

-We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. Proton’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Company. Under no circumstances can Proton decrypt encrypted message content and disclose decrypted copies. Aggregate statistics about data requests from the competent Swiss authorities can be found in our transparency report.
+We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. Proton’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Company. Under no circumstances can Proton decrypt end-to-end encrypted content and disclose decrypted copies. Aggregate statistics about data requests from the competent Swiss authorities can be found in the transparency reports listed in our products-specific policies.

 6. Your privacy rights at Proton

[milonmaze]

f3453d9f6c09730b83036c9cae5f556b3c61f7f2: https://protonmail.com/privacy-policy @ 2023-07-19

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index bf74ea0b..63d30b58 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -41,7 +41,6 @@ In order to pursue our legitimate interest of preventing the creation of account

 2.4 Account activity: The processing activities carried out by Proton for the operation of our different Services may vary depending on the Service. These activities are described in the specific Services' Privacy Policies.

-
 2.5 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities. If you enable authentication logging for your Account or voluntarily participate in Proton's advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.

 2.6 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. We may also rely on third parties, such as Zendesk (see below). If you use Proton's live chat support, you consent to having the data contained within your live chat interaction processed by Zendesk Inc, the provider of Proton's live chat support platform. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services. The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics), but we do not do any targeted advertising or any profiling.

[milonmaze]

e4314292607d803d3de01c17ac5c65b6c1b9fa80: https://protonmail.com/privacy-policy @ 2023-08-28

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index 63d30b58..942a638a 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -1,6 +1,6 @@
 Proton - Privacy policy

-Last modified: June 26th, 2023
+Last modified: August 22nd, 2023

 At Proton, we strongly believe in an internet where privacy is the default.

@@ -45,9 +45,7 @@ In order to pursue our legitimate interest of preventing the creation of account

 2.6 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. We may also rely on third parties, such as Zendesk (see below). If you use Proton's live chat support, you consent to having the data contained within your live chat interaction processed by Zendesk Inc, the provider of Proton's live chat support platform. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services. The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics), but we do not do any targeted advertising or any profiling.

-2.7 Communications from Proton: We mainly use your email address for account-related questions, communication, and recovery. By signing up to our Service, you agree to receive communications from us, which may include promotional emails. You can stop receiving emails from us by following the unsubscribe instructions included in every email we send. Alternatively, you can login
-(new window)
- to the Proton dashboard and adjust your email preferences under the ‘Account’ tab.
+2.7 Communicating with Proton's Sales team: if you are a Business customer or a business prospect and are contacting our Sales team via the dedicated forms, the data you provide is used solely for the purpose of processing your request and contacting you to assess whether our products will suit your needs. The legal basis for this processing activity is your consent.

 2.8 Payment information: We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with them. We do not retain full credit card details, we only save your name and the last 4 digits of the credit card number. Anonymous cash or Bitcoin payments and donations are accepted. We may use your account data for payment-related matters, including but not limited to sending you emails, invoices, receipts, notices of delinquency, and alerts to update payment information. The legal basis of these processing activities is the necessity to the execution of the contract to provide the Services. In order to respect the principle of data minimisation, we reserve our right to remove payment information from our systems that is no longer valid, without notice.

[milonmaze]

889b7746eb4b4f0c4a2797b4f2383af3b466813c: https://protonmail.com/privacy-policy @ 2023-10-11

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index 942a638a..58525b73 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -51,7 +51,7 @@ In order to pursue our legitimate interest of preventing the creation of account

 2.9 Native applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software (e.g. fabric.io
 (new window)
-) app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers in order to rapidly fix bugs. Some platforms, such as Google’s Play Store or Apple’s App Store may also collect aggregate, anonymous statistics, which may be governed by their respective privacy policies and terms and conditions. Such statistics can include most commonly used devices and operating systems, total number of installs and uninstalls, and the total number of active users.
+) app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting to send crash information to our developers in order to rapidly fix bugs. Some platforms, such as Google’s Play Store or Apple’s App Store may also collect aggregate, anonymous statistics, which may be governed by their respective privacy policies and terms and conditions. Such statistics can include most commonly used devices and operating systems, total number of installs and uninstalls, and the total number of active users.

 Our applications do not access or track any location-based information from your device.

@@ -62,6 +62,7 @@ Our applications do not access or track any location-based information from your
 3. Network traffic that may go through third-parties

 Proton's alternative routing technology allows Proton Services to bypass many censorship blocks, but in doing so your network traffic may go through third-party networks, which we do not control. This could enable a third party to record your IP address or see that you are using Proton apps (the same information that your internet service provider is able to see). These third parties cannot see your actual data, which remain encrypted. By default, alternative routing is not used for Proton apps unless they detect that censorship measures are active on your network. Alternative routing can also be disabled in the settings panel of our mobile and desktop applications. However, doing so may cause you to be unable to access your Account from a network that is censoring Proton. Learn more
+(new window)

 4. Data subprocessors

[milonmaze]

2c1964b219fa55f72740b4f1f4933bac76227255: https://protonmail.com/privacy-policy @ 2023-11-26

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index 58525b73..bef91aa1 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -1,3 +1,6 @@
+33% OFF
+Black Friday Sale
+View deals
 Proton - Privacy policy

 Last modified: August 22nd, 2023

[milonmaze]

2272be80d63af44c1edd30b720d3c2214068927a: https://protonmail.com/privacy-policy @ 2024-05-26

difference captured:

diff --git a/protonmail.com/privacy-policy.md b/protonmail.com/privacy-policy.md
index bef91aa1..3671a968 100644
--- a/protonmail.com/privacy-policy.md
+++ b/protonmail.com/privacy-policy.md
@@ -1,9 +1,6 @@
-33% OFF
-Black Friday Sale
-View deals
 Proton - Privacy policy

-Last modified: August 22nd, 2023
+Last modified: April 11, 2024

 At Proton, we strongly believe in an internet where privacy is the default.

@@ -38,7 +35,7 @@ Creating a Proton account will give you access to all our Services. It is not ne

 You also have the possibility to use our Proton VPN, Drive and Pass services with an external address. In this case, you have to provide your external address, which will be used as your account identifier. You can choose at any moment to create a Proton email address for this account to use Proton Mail and Calendar, too. Your email will only be used to contact you with important notifications about the Services, to send you information related to security, to verify your account or to send you password recovery links if you enable the option. We may also inform you about Proton products in which you might have an interest. The legal basis for processing is consent and you are free to modify this in your Account settings panel at any time.

-In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, we use a variety of human verification methods. Verification may also be requested for some sensitive operations besides account creation in order to protect against brute-force attacks. You may be asked to verify using either Proton Captcha, hCaptcha (or reCAPTCHA in the event that hCaptcha is unavailable), email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and for anti-spam purposes. The period of temporary data retention is determined by our legitimate interests of protecting the service from spam, and also by any applicable Swiss legal requirements we must comply with. If this data is saved permanently, it is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us. Learn more
+In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, we use a variety of human verification methods. Verification may also be requested for some sensitive operations besides account creation in order to protect against brute-force attacks. You may be asked to verify using either Proton Captcha, email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and for anti-spam purposes. The period of temporary data retention is determined by our legitimate interests of protecting the service from spam, and also by any applicable Swiss legal requirements we must comply with. If this data is saved permanently, it is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us. Learn more

 2.3 Referral program: Proton has a referral program that is open to Proton users, publications, non-profit organizations, etc. If you are coming to Proton via such a referral program, your subscription may be attributed to the referrer. Some referrals are managed internally by Proton while others may rely upon third-party platforms used by the referrers, and if you are coming to Proton via a referrer, our site may communicate with such referrer platforms for the purposes of crediting referrers.

@@ -46,11 +43,11 @@ In order to pursue our legitimate interest of preventing the creation of account

 2.5 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities. If you enable authentication logging for your Account or voluntarily participate in Proton's advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.

-2.6 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. We may also rely on third parties, such as Zendesk (see below). If you use Proton's live chat support, you consent to having the data contained within your live chat interaction processed by Zendesk Inc, the provider of Proton's live chat support platform. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services. The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics), but we do not do any targeted advertising or any profiling.
+2.6 Communicating with Proton: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. We may also rely on third parties, such as Zendesk or Calendly (see below). If you use Proton's live chat support, you consent to having the data contained within your live chat interaction processed by Zendesk Inc, the provider of Proton's live chat support platform. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services. The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics), but we do not do any targeted advertising or any profiling.

 2.7 Communicating with Proton's Sales team: if you are a Business customer or a business prospect and are contacting our Sales team via the dedicated forms, the data you provide is used solely for the purpose of processing your request and contacting you to assess whether our products will suit your needs. The legal basis for this processing activity is your consent.

-2.8 Payment information: We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with them. We do not retain full credit card details, we only save your name and the last 4 digits of the credit card number. Anonymous cash or Bitcoin payments and donations are accepted. We may use your account data for payment-related matters, including but not limited to sending you emails, invoices, receipts, notices of delinquency, and alerts to update payment information. The legal basis of these processing activities is the necessity to the execution of the contract to provide the Services. In order to respect the principle of data minimisation, we reserve our right to remove payment information from our systems that is no longer valid, without notice.
+2.8 Payment information: We rely on Chargebee to process payments. Strictly necessary information is shared with Chargebee for credit card, PayPal, Stripe and Bitcoin transactions in order for the payment to be successful and associated with your account. Chargebee does not have access to your email or your Proton account information. We rely on third parties to process credit card, PayPal, and Bitcoin transactions and must therefore share payment information with them. We do not retain full credit card details, we only save your name and the last 4 digits of the credit card number. Anonymous cash or Bitcoin payments and donations are accepted. We may use your account data for payment-related matters, including but not limited to sending you emails, invoices, receipts, notices of delinquency, and alerts to update payment information. The legal basis of these processing activities is the necessity to the execution of the contract to provide the Services. In order to respect the principle of data minimisation, we reserve our right to remove payment information from our systems that is no longer valid, without notice.

 2.9 Native applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software (e.g. fabric.io
 (new window)
@@ -62,10 +59,11 @@ Our applications do not access or track any location-based information from your

 2.11 Links to other websites: Our website may contain links to other websites of interest. However, we are not responsible for the content of any website that we link to, and external sites are governed by their own terms and conditions and privacy policies.

+2.12 Links to other websites and embedded content: Our website may contain links to other websites of interest. However, we are not responsible for the content of any website that we link to, and external sites are governed by their own terms and conditions and privacy policies. We may use third parties to provide embedded content (e.g. pictures) on our website which may collect information about you. The legal basis for this processing is our legitimate interest to operate our website economically.
+
 3. Network traffic that may go through third-parties

 Proton's alternative routing technology allows Proton Services to bypass many censorship blocks, but in doing so your network traffic may go through third-party networks, which we do not control. This could enable a third party to record your IP address or see that you are using Proton apps (the same information that your internet service provider is able to see). These third parties cannot see your actual data, which remain encrypted. By default, alternative routing is not used for Proton apps unless they detect that censorship measures are active on your network. Alternative routing can also be disabled in the settings panel of our mobile and desktop applications. However, doing so may cause you to be unable to access your Account from a network that is censoring Proton. Learn more
-(new window)

 4. Data subprocessors

@@ -90,6 +88,12 @@ Purpose: Provide services in relation with the processing of customer support da
 Data processing location: United States
 Guarantees for international transfer: Standard Contractual Clauses, Binding Corporate Rules, Certifications

+Calendly, LLC.
+
+Purpose: Schedule appointments with Customer Support for Business users (section 2.6)
+Data processing location: United States
+Guarantees for international transfer: Adequacy Decision, Certifications
+
 Stripe, Inc.

 Purpose: Provide services in relation with the processing of payment data (section 2.8)
@@ -101,6 +105,12 @@ PayPal group
 Purpose: Provide services in relation with the processing of payment data (section 2.8)
 Data processing location: United States, Singapore
 Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement
+
+Chargebee, Inc.
+
+Purpose: Provide services in relation with the processing of payment data (section 2.8)
+Data processing location: United States
+Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement
 5. Data disclosure

 We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. Proton’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Company. Under no circumstances can Proton decrypt end-to-end encrypted content and disclose decrypted copies. Aggregate statistics about data requests from the competent Swiss authorities can be found in the transparency reports listed in our products-specific policies.