https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/

https://cldc.org/does-protonmail-snitch/

In addition protonmail do not protect your metadata (from memory), it’s not encrypted in transit.

Protonmail also keep your public and private keys on their servers, it’s PGP however they don’t want the end users to have to manage their own keys. That to me isn’t ideal.

Receiving from another provider you’ll get TLS encryption until it hits protonmail servers but protonmail will then decrypt your email and again encrypt your email using your PGP stored on their servers.

Sending an email from proton to another provider will be encrypted on protonmail servers but that’s where it ends. TLS will take care of the in-transit and again may not be stored securely on the receiving end.