Privacy Policy

Threema takes data privacy very seriously. We strive to store only the absolutely necessary information for the shortest possible time. Furthermore, we take all usual technical measures to prevent unauthorized access to your data on our servers.

This privacy policy is intended to explain the most important points on how we ensure data privacy. If you have questions regarding data privacy, please contact

  1. Security of messages

    Threema GmbH as the operator of the Threema servers has no way to decrypt messages of Threema users because it does not have knowledge of their private keys.

    The encrypted messages and media (images, videos etc.) are deleted on the servers as soon as they have been delivered successfully.

    Header information of messages (sender, recipient etc.) is protected by an additional encryption layer for transmission to the server, and from the server to the recipient, to prevent eavesdropping by third parties (e.g. in open wireless LANs).

  2. Address book data

    Email addresses and phone numbers from the user's address book (if the user has enabled synchronization) are only transmitted to the server in one-way encrypted ("hashed") form and additionally protected using SSL. The servers only keep these hashes in volatile memory for a short time to determine the list of matching IDs, and then delete the hashes immediately. At no point are the hashes or the results of the synchronization written to disk.

  3. Linking of email addresses and phone numbers

    It is left at the discretion of the user whether or not they want to link their Threema ID with an email address or phone number. Threema can be used without this link; in that case, the user cannot be found automatically by other users via address book synchronization.

    Email addresses and phone numbers that have been linked will only be stored for the purpose of synchronization and not given to third parties. They will also not be used for advertising purposes. Users can delete their links at any time. Only a hash of linked email addresses is stored.

  4. Crash reports

    iOS / Windows Phone: If the user explicitly chooses to submit a crash report about the app, information about the crash (state of the app at the time of the crash) will be sent to the servers of HockeyApp (a Microsoft company), and stored there for analysis by Threema GmbH. If the user does not choose to submit a crash report, nothing will be sent. The privacy policy of HockeyApp is available at Crash reports normally do not contain personally identifiable information. On iOS, they consist of a stack trace, some information about the device (model, operating system version, but no hardware serial number etc.), the app version, launch and crash timestamp, and the list of software libraries loaded in memory. No CPU register contents or log messages are included.

    Android: If the user explicitly chooses to submit a crash report about the Android app, information about the crash (state of the app at the time of the crash, last log messages) will be sent to Google and stored there for analysis by Threema GmbH.

  5. Send location feature

    The “send location” feature uses data provided by the Google Places API. The use of this service is governed by the Google Privacy Policy.

  6. General provisions

    In general, the regulations of the Swiss Federal Act of on Data Protection (FADP) as well as the Ordinance to the Federal Act on Data Protection (OFADP) apply.