Protonmail has your private keys😃 And... Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk.
Not perfect. In the case of the disclosure of information about the French activist, Proton stated that if he had used the Proton VPN in conjunction with the email service there would have been no viable information to disclose. Improper use of the technology isn’t the fault of the provider necessarily, but having the necessary technology to attain the privacy claims of the system integrated together would be a logical, but rarely utilized approach to product development.