Proton still appears to suffer from Lavabit's pathologies in several ways because it ultimately stores GPG private keys, hasn't had their "zero-access encryption" audited by an independent third-party, it hosts servers in privacy-hostile jurisdictions that can be seized, and they've already handed user data to authorities over 30k times. [0] Proton Mail is a simulacra of privacy as a service that lies to its customers.
At present time, the best way to assure privacy is to lease (using cryptocurrency) VPS instances in a neutral, privacy-respecting country and self-host a web-mail stack oneself. There isn't really a practical way around this because powerful nation states are able to demand access to customer data from almost every cloud/VPS provider in their jurisdiction.
If you're at the point where your hosting your own mail, you may as well GPG encrypt your own messages (with your locally stored private key), which makes the jurisdiction irrelevant
Of course, this still assumes your correspondents will be capable of doing the same.
At present time, the best way to assure privacy is to lease (using cryptocurrency) VPS instances in a neutral, privacy-respecting country and self-host a web-mail stack oneself. There isn't really a practical way around this because powerful nation states are able to demand access to customer data from almost every cloud/VPS provider in their jurisdiction.
0. https://proton.me/legal/transparency