[brevitea]

The requirement that the recovery email address be a non-ProtonMail email is a bit fishy as well. The recovery email can be modified/deleted after initial account setup. However, it is unclear to me if Proton is caching that sensitive user information, to potentially turn over to authorities. Unsettling.

[protonmail]

There is no such requirement. You seem to be conflating a verification email address with the recovery one. The verification email address is sometimes required upon signup, but is not tied to the particular account, and also hashed so we don't have access to it: https://proton.me/support/human-verification. Therefore, we cannot share it with any third-parties (authorities included).

Recovery address (which is what this case is about), on the other hand, is completely optional, and it's not the only option we offer for account recovery: https://proton.me/support/set-account-recovery-methods. Also, it is removed from our systems as soon as you remove it from your account.

[brevitea]

Got it, my mistake. Thank you for the clarification. Is this to say, Protonmail does not cache previous verification and/or recovery passwords?

[protonmail]

Verification emails are, as previously explained, hashed only, so we have no access to them. Additionally, they are not tied to a particular account.

Recovery emails are, on the other hand, only stored as long as the users themselves need them - as soon as you delete your recovery email from your account, it's deleted from our systems too.