Proton launched Meet positioning it as a privacy-focused video conferencing alternative to US services subject to the CLOUD Act. The Swiss company claimed their service was "as private as meeting in person," but investigation revealed LiveKit Cloud, a California-incorporated company, handles all video routing. This creates a contradiction since LiveKit's terms specify California law governs disputes and they will comply with law enforcement requests under the CLOUD Act.

Technical analysis confirmed every Proton Meet session connects to American infrastructure. Network traces showed connections to Oracle Cloud in Arizona and Amazon EC2 in Oregon, while Content Security Policy headers explicitly whitelisted LiveKit domains. Although Proton handles encryption through servers in Geneva, the actual Session Function Unit (SFU) processing occurs on US infrastructure. This means participant IP addresses, connection timestamps, and call metadata flow through American companies subject to US jurisdiction.

Proton's privacy policy claims they don't store metadata "such as who met with whom" but doesn't address connection logs during calls. Their security model criticizes peer-to-peer services for exposing participant IPs while centralizing all participant data at LiveKit, which actually collects every participant's IP address. The architecture creates a single point of collection for all call data in the US, potentially making it more accessible to government requests than distributed peer-to-peer systems. Proton failed to disclose LiveKit as a data processor despite their critical role in the service.