Fair enough, I agree. In Proton case, I'm biased because I used to work there ~2019-2022 and the company was basically printing money from subscriptions alone (covid likely helped with that), while fighting (pretty successfully) every request to avoid providing even that limited metadata, because alternative of ruining your core strength - privacy - meant the death of the business. I don't know if anything changed, but I'd bet the goals remain largely the same - providing good-enough privacy any commercial company can realistically give you. Unencrypted user data in this business is poison, and they're well aware fwiw.

But don't they have both the encrypted data and the decryption keys? I don't remember giving them my keys to use, and I can look at my stuff from multiple devices so the keys aren't stored on my device.

So they must have the ability to look at all that encrypted data anyway?