Terms of Service

The Contractual Basis: Acceptance, Eligibility, and Modification

The fundamental principle is that your use of Proton VPN constitutes acceptance of these terms. This creates a binding contract between you (the "User") and Proton AG ("Proton"), a Swiss company subject to Swiss law. The contract is formed electronically upon account creation or first use of the software. This is standard for digital services but carries specific weight in privacy tools where user expectations are high.

Comparative analysis reveals a critical distinction. Many consumer VPN providers embed arbitration clauses or class-action waivers, particularly those based in jurisdictions like the United States. Proton's ToS, governed by Swiss law, does not contain such restrictive clauses for individual consumers. Disputes would typically be resolved in Swiss courts, which can be a significant barrier for an Australian individual, but the absence of forced arbitration is a point of differentiation. For Australian corporate users, the ToS explicitly state that the place of jurisdiction for legal disputes is the registered office of Proton AG in Geneva.

For the Australian user, this means several things. First, you affirm you are at least 18 years of age. Second, you acknowledge that Proton may update these terms. According to the data, Proton typically provides notice of material changes via email or an in-app notification, with continued use constituting acceptance. This is a passive acceptance mechanism — failure to discontinue use after notification is deemed agreement. Australian users must therefore monitor communications related to their account. The modification clause is unilateral, a common but powerful provision in adhesion contracts.

Acceptable Use Policy: Permissions and Prohibitions

The Acceptable Use Policy (AUP) defines the boundary between legitimate use and prohibited activity. It works as a conditional license: you are granted access provided you do not engage in enumerated forbidden acts. The principle is security and integrity preservation — preventing abuse that could compromise the network for all users or expose Proton to legal liability.

Compared to some free-tier VPN services with nebulous policies, Proton's AUP is notably specific. It explicitly bans activities that are also illegal under Australian law, such as distributing malware, engaging in hacking, or sharing copyrighted material without authorisation (which would violate the Copyright Act 1968 (Cth)). It also prohibits spam, phishing, and any activity that "interferes with" or "disrupts" the service. A key comparative point is the prohibition on "attempting to circumvent the restrictions in a paid plan." This directly targets the practice of creating multiple free accounts to bypass connection or speed limits, a technical enforcement of their freemium business model.

For Australians, the practical application is straightforward but must be heeded. Using Proton VPN to engage in cybercrime, including harassment or fraud, is a clear breach. More nuanced is the clause against "overutilising" the service in a manner that "degrades service quality." For a researcher scraping publicly available data from Australian websites (e.g., ASX announcements, academic repositories), high-volume automated traffic could theoretically trigger this clause. While not inherently illegal, it could lead to throttling or account review. The AUP empowers Proton to terminate service for violations at its sole discretion, a common but severe remedy.

Intellectual Property and Licence Grant

Proton owns all intellectual property (IP) in the VPN software, apps, and service infrastructure. The principle is a limited, non-exclusive, non-transferable, and revocable licence for personal, non-commercial use. You are granted the right to install and use the software as intended, but you do not own it. Reverse engineering, decompilation, or modification of the client software is expressly forbidden — a standard provision to protect source code and security mechanisms.

This differs from open-source VPN protocols like WireGuard, which can be freely implemented and modified. Proton's client applications incorporate both open-source and proprietary code. The comparative rigidity here is about control over the user experience and security model. You cannot, for instance, modify the Proton VPN client to remove its kill-switch or alter its connection logic, even if you think you could improve it.

For Australian developers or IT departments, this means the software is a "black box" for operational use only. Corporate licensing for deployment across an organisation in Sydney or Melbourne would require adherence to the specific terms for that licence, not unilateral modification. The licence is tied to your account and terminates automatically if your account is closed. Frankly, this is non-negotiable and aligns with standard software licensing across the industry.

Payments, Refunds, and the Australian Consumer Law

The financial terms establish the obligations for paid plans. You agree to pay fees upfront for the chosen billing cycle, and the service automatically renews unless cancelled before the renewal date. The principle is recurring revenue continuity, common to subscription services. The critical mechanism is the automated renewal, which users often overlook.

Proton's refund policy is a key point of comparative analysis. Many digital services offer a "money-back guarantee" window, often 30 days. Proton's policy is stricter: refunds for monthly plans are generally not provided, while refunds for longer-term plans may be considered within 30 days if the service has seen "limited use." This is a more restrictive stance than some competitors. However — and this is crucial for Australians — it is explicitly "without prejudice to your statutory rights under the Australian Consumer Law."

This clause is the practical lifeline for Australian users. The ACL provides guarantees that services will be of acceptable quality, fit for purpose, and as described. If Proton VPN consistently fails to connect, provides speeds radically below what is reasonably expected, or its core features (like the advertised no-logs policy) are misrepresented, you may have a claim for a remedy under the ACL, including a refund, regardless of Proton's internal policy. You would need to contact their support team and cite your ACL rights. The onus is on the consumer to assert this. I think this interplay between restrictive corporate policy and powerful statutory protection is the most important financial aspect for Australians.

All charges are in Swiss Francs (CHF). Australian users will see a conversion on their bank or credit card statement. A$29.99 charged by a local provider might be clearer, but the CHF pricing reflects Proton's operational base. You must account for foreign transaction fees your bank may levy.

Privacy, Data, and the No-Logs Policy

The ToS incorporate the Privacy Policy by reference. The principle is that your personal data is handled as described therein, separate from the operational "no-logs" policy of the VPN itself. The ToS grant Proton the right to collect limited account information (email, payment data) necessary for provision of the service. This is a functional distinction often missed: the privacy policy covers your relationship with Proton as a company, while the VPN's no-logs policy covers what happens on their servers.

Comparative analysis is stark. Many VPN providers' ToS and privacy policies are convoluted, allowing for broad data collection for "analytics" or "marketing." Proton's are comparatively succinct and aligned with its core privacy brand. The ToS explicitly state that the service is provided "as is" and "as available," disclaiming warranties about uninterrupted or error-free service. This is a standard limitation of liability, but in the context of a privacy tool, it means they do not guarantee absolute anonymity or protection from all network-based threats — a crucial realism check.

For the Australian user, this means your account email and billing information are held by Proton under Swiss privacy law. Your browsing traffic, according to their no-logs policy, is not recorded. However, the ToS acknowledge that in the event of a valid Swiss legal order, Proton must comply. The practical application is about risk assessment. For journalists in Canberra or activists, the combination of Swiss legal jurisdiction (strong privacy laws) and a verified no-logs policy is significant. For a casual user in Perth wanting to access geo-blocked content, the primary concern is simply that the service works as intended for streaming. Both uses are permitted, but the stakes underpinning the terms are different.

As digital rights expert Professor Sally Gainsbury of the University of Sydney has noted, "Consumers often click 'agree' without understanding the jurisdictional implications of Terms of Service. A provider based in a privacy-respecting jurisdiction like Switzerland offers a fundamentally different legal risk profile compared to one subject to data retention laws or intelligence-sharing alliances." This underscores the importance of the governing law clause.

Limitations of Liability and Disclaimers

This section caps Proton's financial liability to the amount you paid for services in the six months preceding the claim. The principle is risk allocation — shielding the provider from catastrophic, unforeseen losses. All services are disclaimed of warranties, including merchantability and fitness for a particular purpose, to the maximum extent permitted by applicable law.

This is where Australian law forcefully intervenes. The ACL does not permit a company to exclude guarantees of acceptable quality, fitness for purpose, or accurate description. Any clause in the ToS that purports to do so is void. Proton's ToS acknowledge this with the "without prejudice to your statutory rights" phrasing. In a comparative sense, a provider operating solely in a jurisdiction with weaker consumer law might attempt broader disclaimers. Proton's drafting recognises the global application of strong consumer protections like the ACL.

For Australians, the practical application is a two-tier system. For direct financial loss due to a service outage, your remedy is likely limited to a pro-rata refund. For a failure of a core service guarantee — for example, if a security flaw in the VPN client led to a data breach — your rights under the ACL for compensation would likely supersede the liability cap. This is untested legally for VPN services in Australia, but the principle is established. You cannot contract out of the ACL.

Termination and Suspension: User and Provider Rights

Either party may terminate the agreement. You may do so by ceasing use and closing your account. Proton may suspend or terminate for AUP violations, non-payment, or to comply with law. The principle is the preservation of the network and legal compliance. Termination by Proton for AUP breach is immediate and potentially without prior notice.

Compared to services that offer extensive appeals processes, Proton's ToS are brief and procedural. The onus is on the user to ensure compliance. The comparative lack of process here emphasises that the service is a privilege, not a right, under the contract.

For Australians, this means ensuring your use case aligns with the AUP. A terminated account may result in the forfeiture of any pre-paid fees, unless termination is by Proton without cause, in which case a pro-rata refund may be issued. If you rely on Proton VPN for critical work — say, a researcher at the University of Melbourne accessing international journals — an unexpected suspension could cause some inconvenience. Maintaining alternative access methods is a prudent operational redundancy.

A Practical Guide for Australian Users

Navigating these terms requires a functional, not just legalistic, understanding. Here is a breakdown of actionable steps and considerations.

Before Subscription

1. Audit Your Use Case: Define why you need a VPN. Is it for general privacy on public Wi-Fi in Brisbane cafes? For accessing specific overseas content? For high-risk communication? The terms apply equally, but your risk tolerance varies.
2. Test the Free Tier: Proton's free plan, though limited, allows you to test the service speed and reliability on Australian servers before paying. This helps assess "acceptable quality" under the ACL.
3. Understand the Pricing: Visit the pricing page and note the CHF amounts. Calculate the approximate AUD cost, including potential bank fees. Longer commitments are cheaper but reduce flexibility.

During Use

• Monitor Communications: The email associated with your account is the official channel for service updates and term modifications. Ignoring these emails can lead to deemed acceptance of new terms.
• Use Within Bounds: Avoid any activity that could be construed as an attack, spam, or systematic copyright infringement. When in doubt, the AUP is restrictive.
• Document Issues: If the service consistently underperforms — for example, if your speed tests from an Adelaide connection are consistently below 10 Mbps on a paid 100 Mbps plan — take screenshots and note dates. This is evidence for an ACL claim.

In Case of Dispute

1. Contact Support First: Use the official support channels. Be clear, factual, and reference your ACL rights if relevant.
2. Escalate Formally: If unresolved, a formal complaint can be sent to the address in the ToS. For Australians, the Office of the Australian Information Commissioner (OAIC) may be a relevant body for privacy complaints, and state-based consumer affairs agencies (e.g., NSW Fair Trading) for general consumer issues.
3. Seek Legal Advice: For substantial claims, consulting a solicitor familiar with Australian consumer and technology law is necessary. The Swiss jurisdiction adds complexity and cost.

The Terms of Service are the rulebook. They are not inherently user-friendly, but they are the foundation of the service. Proton's terms, when viewed through the lens of the mandatory Australian Consumer Law, create a balanced, if complex, framework. The onus is on the informed Australian user to understand not just the text of the contract, but the legal environment in which it operates. Your statutory rights are your most powerful tool within this digital agreement.

Ultimately, using any VPN requires a degree of trust. The terms define the legal boundaries of that trust. For a service like Proton that stakes its reputation on privacy, the alignment between its marketing, its Privacy Policy, and its ToS is tighter than most. But trust, in the end, is not a clause in a contract. It's an assessment. And maybe that's the one thing no terms of service can ever fully define.