Threema is designed from the ground up to generate as little data as technically possible. The less data is generated in the first place, the lower is the potential for misuse and theft.
With Threema, the user applies the encryption, not the service provider. The decryption of a message is only possible with the recipient’s private key. This private key was generated by the recipient, and we don’t have access to it. It is therefore technically impossible for us to decrypt users’ messages.
We are occasionally approached by authorities who demand information about our users. Here’s how we handle such requests:
- We only deal with inquiries from Swiss authorities that fully meet the formal requirements laid down in article 265 of the Swiss Criminal Procedure Code according to legal examination.
- Foreign authorities have to make an official request for legal assistance in accordance with the Federal Act on International Mutual Assistance in Criminal Matters; we don’t deal with direct inquiries by foreign authorities.
- If the legal requirements are fully met, we can provide the following information associated with a given Threema ID:
- Phone number, if provided by the user
- Email address (hashed), if provided by the user
- Push token, if a push service is used
- Public key
- Date (without time) of Threema ID creation
- Date (without time) of last login
Here’s a list of all requests by authorities we have received since 2014:
|Year||Requests by Swiss authorities||Requests by foreign authorities with Swiss legal assistance||Requests that have met the formal requirements||Requests that didn’t meet the formal requirements||Handing over of data (# IDs)|
Last update: 12.04.2017