In a previous case some years ago, a French activist’s IP address was provided by Proton on court order. Proton does store IP address and does provide it when legally demanded to.
They were legally compelled to add IP logging for that specific user. After this incidence, they went on to obtain a court ruling in Switzerland, where they operate, so that this specific attack cannot happen again. In their blog post about it [1], they instruct concerned users to access their account over Tor.
Of course when Proton say they don't log, we just have to take their word for it. People who don't want that element of trust can use Tor. Personally I believe their story in this case.
It works sometimes. Usually, it requires phone number or email verification. This is important for protonmail to maintain a revenue stream as they don't allow multiple free accounts for the same person.
> 2.5 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities. If you enable authentication logging for your Account or voluntarily participate in Proton's advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.