Proofpoint Inc. is a US-based cybersecurity company headquartered in Sunnyvale, California, providing email security, anti-phishing, and mail routing services. When an organisation uses Proofpoint, all inbound and outbound email is routed through Proofpoint's infrastructure before reaching the recipient. Proofpoint has full access to email content and metadata for every message processed. Proofpoint was acquired by Thoma Bravo (a US private equity firm) in 2021 and operates as a private company incorporated under US law.

The US Clarifying Lawful Overseas Use of Data (CLOUD) Act of 2018 requires US companies to disclose data stored or processed on their infrastructure to US government agencies upon valid legal demand — regardless of where the data physically resides. Because Proofpoint is a US company, all email routed through its systems is subject to this authority. EU institutions using Proofpoint have no contractual mechanism to prevent access under the CLOUD Act. This is an infrastructure observation, not a legal determination.