For threat models where the adversary controls browser extensions or where the user desires offline access without leaving a browser tab open, the Windows app is a clear upgrade. For users with extreme paranoia (air-gapped machines, Qubes OS), the web client in a disposable VM remains superior.
%APPDATA%\protonmail\offline_cache\
Encryption: AES-256-GCM using a key derived from the user’s mailbox password via (memory-hard KDF). The encrypted key is stored in Windows Data Protection API (DPAPI) – machine-level or user-level depending on installation options. protonmail windows app