If you mean content privacy, like your email being read by someone else (or bots), final storage (protonmail) might be secure but it already could have been copied and analyzed as it went through gmail servers as you have guessed. This is how email was designed, copied around everywhere in plaintext, and there’s no avoiding it.
The paranoid advice (if you actually have something to protect especially from government agencies) is to use gpg in all emails to prevent snooping in transit as well.
If you mean content privacy, like your email being read by someone else (or bots), final storage (protonmail) might be secure but it already could have been copied and analyzed as it went through gmail servers as you have guessed. This is how email was designed, copied around everywhere in plaintext, and there’s no avoiding it.
The paranoid advice (if you actually have something to protect especially from government agencies) is to use gpg in all emails to prevent snooping in transit as well.