ProtonMail hasn't said anything so far about their datacenter's or their servers' physical security. I'm not sure its in their interests to do so. ProtonMail users know what metadata could theoretically be stolen or compelled from ProtonMail; whether that could happen legally or illegally is, I would think, not of primary importance. What's important is that ProtonMail's legal and jurisdictional status keeps it from being an easy legal target as Lavabit was.