>while all organization accounts are end-to-end encrypted, it is still possible for organization admins to access the emails of other organization users. Thus, organizational oversight and management is still possible, even with end-to-end encryption. Furthermore, administrative read permissions are also granted or revoked automatically when admin users are created or demoted.

I wonder how can they provide this without either storing encryption keys on their servers or reencrypting (client-side!) all email during such events.

Very intersting, I might give the solution another go in the future. Still, at this pace it will take them a long time until they are on par with a "normal" e-mail solution (it might be worth the trouble though).