- Edited
final Sorry, but this is misinformation. Proton uses only PGP to encrypt your messages at rest, there is no additional "standard encryption" other than the same volume encryption used by other mail services. When you create your account you generate a public/private key pair client-side, your password is used to encrypt the private key, and both are stored on a Proton server. Incoming messages are encrypted with the public key and stored on a Proton server in a similar structure to PGP email in a local client. When you log in, your password is used to decrypt the private key so you can access your mail, and the confidentiality of the key depends on the trustworthiness of the decryption code they serve to your browser or app. This means that they can't steal your password and decrypt the contents of your mailbox only if they don't want to or haven't been compelled to.
End-to-end encryption within ProtonMail also depends on the same trust in their JS code which can be surreptitiously changed by them. In all cases, Proton or an attacker can at any time access various unencrypted data and metadata such as subject lines, sender, receiver and date headers, and attachment names. Only the message body and any attached files are encrypted.
The fact that so many people hold these misconceptions is evidence that their marketing is working well and giving users a false sense of security, and they should be condemned for that IMO.