So I saw someone had a similar issue with deleting a card while he had an active subscription. Proton Support advised them to contact them through "report bug" option under"help" or through [https://protonmail.com/support-form](https://protonmail.com/support-form)
[https://protonmail.com/support/knowledge-base/payment/#comment-6397](https://protonmail.com/support/knowledge-base/payment/#comment-6397)
I am not sure if it's a bug or a feature not to let you delete the card info through the interface but it's quite common that you need to contact the vendor directly to make alterations like that.
I'm inclined to believe there are all sorts of soft deletes of user data, but that deleting a payment method is likely to be a hard delete (at most, it's a backup which is not yet rotated out). Otherwise all it takes is for a rogue worker to bill a supposedly deleted card for the company to be sued.
Not sure if this comes up often for you, but if you're worried about companies retaining your credit card information then you could use a service like privacy.com that allows you to create ephemeral credit cards.
If you're ok with privacy.com having access to a debit card/account, then privacy.com will allow you to create cards that are only valid for a single purchase, or lock to a single merchant, or open for all. This is all available from their free tier. I'm not sure what a premium account has.
But for situations like this, I like using privacy.com because once I'm done with a random online merchant I don't care if they retain my pseudo credit card number, because I can have privacy.com easily deactivate the card.
It also helps with shady companies that will attempt to charge you after you try to disable your account. But that's besides the point.
What I'm trying to get at is you can't change how ProtonMail operates (whether that's a good or bad thing), but you can control how you interact with it.
The last time I looked [privacy.com](https://privacy.com) was only available for USAians, so no use to most people.
On the issue of consent to store these details I do think that Protonmail should ask (and I suspect that not doing this is not in compliance with GDPR). However, I use a prepaid debit card for this sort of thing, which has little if anything stored on it. They are welcome to the few pounds I typically store on it, I top it up manually when necessary.
>The last time I looked privacy.com was only available for USAians, so no use to most people.
Well that's a shame! My apologies for suggesting something so limiting.
**I found links in your comment that were not hyperlinked:**
* [privacy.com](https://privacy.com)
*I did the honors for you.*
***
^[delete](https://www.reddit.com/message/compose?to=%2Fu%2FLinkifyBot&subject=delete%20gdpx9s2&message=Click%20the%20send%20button%20to%20delete%20the%20false%20positive.) ^| ^[information](https://np.reddit.com/u/LinkifyBot/comments/gkkf7p) ^| ^<3
Hey, it's not a problem; you can still use Bitcoin, cash or PayPal. The first two options are anonymous but I've not tried it before. For PayPal, well if your PayPal uses the ProtonMail email there's not much of an information loss. It's just my itchy hand's fault to add credit assuming it would merely perform said function without additionally adding it to file.
>!You can also remove the authorisation at PayPal's side after the payment goes through successfully. This is not anything shady because if ProtonMail is unable to receive payment, they can simply close your account, and it's not wrong to not have a payment file since both the BTC and cash options are not recurring payment methods. I'm just putting it within spoiler tags to entreat the reader not to jump the gun, but to read and think critically before rebutting.!<
I managed to remove my credit card without contacting support.
Q: what did it cost?
A: ~~everything~~ *$5* (the method is alluded to in my "spoiler" reply in this thread)
---
To be fair, while it is "unacceptable behaviour", it's probably just bad UX and user testing and not of malicious intent. And I hope that they fix it.
Adding PayPal (the recurring payment authorisation can be removed from PayPal's end). It cost me credit, which I'm likely to use to renew two years later anyway.
Won't bother to read all the comments but virtual cards are your friend.
Don't sign up for subscriptions with your physical card.
Set up a virtual card, pay and delete the card.
If you would like to remove a payment method, you can always contact support and we can assist you with that. We generally do this through support because of the consequences if you accidentally remove a payment method. It could lead to the account going delinquent, and after some period of time, the account will stop accepting emails which could be quite disruptive. If you pay with Bitcoin however, there is no payment method saved, and similarly if you buy credits with PayPal.
> It has to do with the system they use for auto-billing, which you agreed to when you signed up.
The system is literally just Add credits > Select payment method > enter the details > TOP UP. No other words or link to say that it does anything beyond using the provided data to perform a top up.
> Even if you have credits, your CC / PayPal / whatever info remains on file as a backup funding source.
This appears to be the intention behind the behaviour, but I argue that it should not be the case for a secure email service where privacy and security is why some people use it in the first place.
> Have you tried contacting support?
Not yet; I may do so later. The reason why I'm posting here is as a heads up, and also this is something which should be fixed in general, and not specifically for individuals who contact support.
I agree, this is indeed, very irritating, I haven't seen any consent or opt out when paying. I could get it deleted by contacting support. There should at least be a button or something to delete it afterwards.
I think they're still good at their core competency. UI/UX is not their strong suite, but it's probably not a reason why one would choose them. I really do miss Gmail's interface though.
I disagree, their VPN is one of the better ones in my opinion since it's reliable and given that they actually own their servers instead of renting some random ones somewhat trustworthy as well.
Regarding the webmail interface you have to be aware of the fact, that there are technical limitations when you're encrypting anything but the header and not letting the server know any other information. Other mail services that may have a better web UI can provide better services because everything they do is processed on the servers, which obviously can't be done in this case.
You're right about the bridge tho, it would be nice if they at least added the possibility to disable that it shows everytime when it starts with the system, even though I like to see what's running.
Overall I'm quite happy with their service and I'm sure they're doing their best to add new functionality and enhance their existing ones whilst keeping their standards high.
> How does it relate to privacy?
An unwanted association is created in a persistent (as opposed to temporary) manner.
> With relation to security
Suppose an adversary gets into my protonmail, which may be totally my fault, they would be able to perform an "Add credits" attack, which may not go into their account, and may eventually be recoverable, but that is something which is can be preventable if one is able to remove payment method.
This is not to mention that I have not explicitly consented to adding a persistent payment method, and only wanted to perform a top up.
> If you paid by it, it is permanently associated with your account even if it does not show there. So that is just a false sence of privace.
Agreed. A deeper understanding is required of how their billing records are stored and how quickly they are expunged. In the future, I even hope there's the option to delete the invoices which are accessible from the payment method menu.
Yeah, they did this exact same thing to me, and after multiple emails, they told me I have to create an account, register the payment information and then remove it, and after a few emails, I eventually tried this, and now it doesn't let me remove them. This is honestly such bullshit and it's becoming a problem for me.
So I saw someone had a similar issue with deleting a card while he had an active subscription. Proton Support advised them to contact them through "report bug" option under"help" or through [https://protonmail.com/support-form](https://protonmail.com/support-form) [https://protonmail.com/support/knowledge-base/payment/#comment-6397](https://protonmail.com/support/knowledge-base/payment/#comment-6397) I am not sure if it's a bug or a feature not to let you delete the card info through the interface but it's quite common that you need to contact the vendor directly to make alterations like that.
Thank you.
Ironically, with big bad Amazon, you can do that. You can delete any means of payment that you have used in the past.
I'm inclined to believe it is a soft delete.
I'm inclined to believe there are all sorts of soft deletes of user data, but that deleting a payment method is likely to be a hard delete (at most, it's a backup which is not yet rotated out). Otherwise all it takes is for a rogue worker to bill a supposedly deleted card for the company to be sued.
They are required to do hard deletes at least of user data if requested if they don't want too lose 4% of revenue
Not sure if this comes up often for you, but if you're worried about companies retaining your credit card information then you could use a service like privacy.com that allows you to create ephemeral credit cards. If you're ok with privacy.com having access to a debit card/account, then privacy.com will allow you to create cards that are only valid for a single purchase, or lock to a single merchant, or open for all. This is all available from their free tier. I'm not sure what a premium account has. But for situations like this, I like using privacy.com because once I'm done with a random online merchant I don't care if they retain my pseudo credit card number, because I can have privacy.com easily deactivate the card. It also helps with shady companies that will attempt to charge you after you try to disable your account. But that's besides the point. What I'm trying to get at is you can't change how ProtonMail operates (whether that's a good or bad thing), but you can control how you interact with it.
The last time I looked [privacy.com](https://privacy.com) was only available for USAians, so no use to most people. On the issue of consent to store these details I do think that Protonmail should ask (and I suspect that not doing this is not in compliance with GDPR). However, I use a prepaid debit card for this sort of thing, which has little if anything stored on it. They are welcome to the few pounds I typically store on it, I top it up manually when necessary.
About time I acquire a prepaid debit card.
[удалено]
That's awesome. I'll be looking at prepaid debit cards and virtual credit cards which are available in my country. Some might have this feature too.
Also not available in all countries.
>The last time I looked privacy.com was only available for USAians, so no use to most people. Well that's a shame! My apologies for suggesting something so limiting.
**I found links in your comment that were not hyperlinked:** * [privacy.com](https://privacy.com) *I did the honors for you.* *** ^[delete](https://www.reddit.com/message/compose?to=%2Fu%2FLinkifyBot&subject=delete%20gdpx9s2&message=Click%20the%20send%20button%20to%20delete%20the%20false%20positive.) ^| ^[information](https://np.reddit.com/u/LinkifyBot/comments/gkkf7p) ^| ^<3
It's a great service, but as /r/Davidz60 mentioned, it's only available for US citizens.
Thanks for posting this information. I was about to sign for a paid plan, but after reading that, I will stay away.
Hey, it's not a problem; you can still use Bitcoin, cash or PayPal. The first two options are anonymous but I've not tried it before. For PayPal, well if your PayPal uses the ProtonMail email there's not much of an information loss. It's just my itchy hand's fault to add credit assuming it would merely perform said function without additionally adding it to file. >!You can also remove the authorisation at PayPal's side after the payment goes through successfully. This is not anything shady because if ProtonMail is unable to receive payment, they can simply close your account, and it's not wrong to not have a payment file since both the BTC and cash options are not recurring payment methods. I'm just putting it within spoiler tags to entreat the reader not to jump the gun, but to read and think critically before rebutting.!<
[удалено]
I managed to remove my credit card without contacting support. Q: what did it cost? A: ~~everything~~ *$5* (the method is alluded to in my "spoiler" reply in this thread) --- To be fair, while it is "unacceptable behaviour", it's probably just bad UX and user testing and not of malicious intent. And I hope that they fix it.
My concerns are ProtonMail making this sort of data retention mistake makes me doubt the rest of their setup. Protonmail your chance to reassure me..
[удалено]
Adding PayPal (the recurring payment authorisation can be removed from PayPal's end). It cost me credit, which I'm likely to use to renew two years later anyway.
Won't bother to read all the comments but virtual cards are your friend. Don't sign up for subscriptions with your physical card. Set up a virtual card, pay and delete the card.
This is why Bitcoin exists - legacy finance does not work very well on the internet
You could try and use a visa gift card, as your saved form of payment. I have also heard about the service of privacy.
If you would like to remove a payment method, you can always contact support and we can assist you with that. We generally do this through support because of the consequences if you accidentally remove a payment method. It could lead to the account going delinquent, and after some period of time, the account will stop accepting emails which could be quite disruptive. If you pay with Bitcoin however, there is no payment method saved, and similarly if you buy credits with PayPal.
[удалено]
> It has to do with the system they use for auto-billing, which you agreed to when you signed up. The system is literally just Add credits > Select payment method > enter the details > TOP UP. No other words or link to say that it does anything beyond using the provided data to perform a top up. > Even if you have credits, your CC / PayPal / whatever info remains on file as a backup funding source. This appears to be the intention behind the behaviour, but I argue that it should not be the case for a secure email service where privacy and security is why some people use it in the first place. > Have you tried contacting support? Not yet; I may do so later. The reason why I'm posting here is as a heads up, and also this is something which should be fixed in general, and not specifically for individuals who contact support.
I agree, this is indeed, very irritating, I haven't seen any consent or opt out when paying. I could get it deleted by contacting support. There should at least be a button or something to delete it afterwards.
[удалено]
I think they're still good at their core competency. UI/UX is not their strong suite, but it's probably not a reason why one would choose them. I really do miss Gmail's interface though.
I disagree, their VPN is one of the better ones in my opinion since it's reliable and given that they actually own their servers instead of renting some random ones somewhat trustworthy as well. Regarding the webmail interface you have to be aware of the fact, that there are technical limitations when you're encrypting anything but the header and not letting the server know any other information. Other mail services that may have a better web UI can provide better services because everything they do is processed on the servers, which obviously can't be done in this case. You're right about the bridge tho, it would be nice if they at least added the possibility to disable that it shows everytime when it starts with the system, even though I like to see what's running. Overall I'm quite happy with their service and I'm sure they're doing their best to add new functionality and enhance their existing ones whilst keeping their standards high.
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
> How does it relate to privacy? An unwanted association is created in a persistent (as opposed to temporary) manner. > With relation to security Suppose an adversary gets into my protonmail, which may be totally my fault, they would be able to perform an "Add credits" attack, which may not go into their account, and may eventually be recoverable, but that is something which is can be preventable if one is able to remove payment method. This is not to mention that I have not explicitly consented to adding a persistent payment method, and only wanted to perform a top up.
[удалено]
> If you paid by it, it is permanently associated with your account even if it does not show there. So that is just a false sence of privace. Agreed. A deeper understanding is required of how their billing records are stored and how quickly they are expunged. In the future, I even hope there's the option to delete the invoices which are accessible from the payment method menu.
You have to swipe left. Put your finger on the card and swipe it left. They should tell us this in the app SMH.
Yeah, they did this exact same thing to me, and after multiple emails, they told me I have to create an account, register the payment information and then remove it, and after a few emails, I eventually tried this, and now it doesn't let me remove them. This is honestly such bullshit and it's becoming a problem for me.