Many privacy‑focused users including myself run several Proton services alongside automation platforms such as Make and Home Assistant. Because Proton does not yet expose a secure, granular API, we have to resort to work‑arounds:

Forward selected Proton Mail messages to a Gmail account.
Let Make read that Gmail inbox, filter the messages, and then push the extracted data into Google Calendar or other third‑party services.

As a result, Google (or any other intermediary) ends up with full visibility of the forwarded emails, and Make gains access to the entire mailbox, not just the specific messages we intended to share.
These steps defeat the purpose of using Proton in the first place, because they expose private communications to external providers and increase the overall attack surface.
Manually copy‑paste invoices or payment confirmations from Mail into Drive.
Keep an old Google Mail/Calendar account just to feed third‑party tools.
Build fragile work‑arounds (CSV exports, external webhooks, temporary storage) that increase the attack surface.
What we need is a native, consent‑driven integration API inside Proton that provides:

Conditional access rules, filter on sender/subject/body and grant explicit permission (e.g., “Allow Make to pull invoices from billing@myshop.com”).
Secure webhooks – signed URLs that third‑party platforms can call to create or modify Proton objects (mail, file, calendar event).
Scoped, fine‑grained tokens – read‑only, write‑only, or read‑write access limited to a single mailbox or a single Drive sub‑folder, with a dedicated folder ID.

Explicit activation/deactivation – the integration does nothing until the user flips it on in the Proton dashboard; it can be turned off at any time, even if Proton flags the inter‑dependency as “risky”.
Audit log – full history of API calls shown in the dashboard, with one‑click revocation of any token.
Native Lumo integration – allow Lumo to query Mail and Drive using the same scoped tokens, so it can answer contextual questions like “What’s the coverage limit of my insurance?” by pulling the relevant contract from Drive and summarising the paragraph.
Why this matters

User‑controlled consent – every connection requires explicit opt‑in and targets only the data that is truly needed.
Reduced attack surface – eliminates the need for external CSV files, public webhooks, or ad‑hoc scripts that break end‑to‑end encryption.
Boosts Proton’s appeal – privacy‑first home‑automation fans (Home Assistant, Make, n8n) would adopt Proton far more readily if a secure bridge existed.
Prevents unsafe work‑arounds – even if Proton does not officially recommend such cross‑service links, people will still build fragile hacks; an official, audited solution dramatically lowers real‑world risk.
Potential impact

Makes Proton a complete, privacy‑preserving platform for everyday automation.
Attracts niche communities (home‑automation, low‑code workflow builders) that currently stay on less‑private stacks.
Gives Lumo a powerful data‑source for contextual Q&A, increasing its usefulness.