Transparency report

Threema is designed from the ground up to generate as little data as technically possible. The less data is generated in the first place, the lower is the potential for misuse and theft.

We only store data that’s absolutely necessary for the operation of the service, and we store it for the shortest amount of time possible. In particular, we only store messages on the server until successful delivery – once a message is delivered to the recipient, it is immediately and irreversibly deleted on the server. It’s not required to provide personal information in order to use Threema. We don’t store IP addresses, and we don’t keep message logs. For further details, please refer to our privacy policy.

With Threema, the user applies the encryption, not the service provider. The decryption of a message is only possible with the recipient’s private key. This private key was generated by the recipient, and we don’t have access to it. It is therefore technically impossible for us to decrypt users’ messages.

We are occasionally approached by authorities who demand information about our users. Here’s how we handle such requests:

  • We only deal with inquiries from Swiss authorities that fully meet the formal requirements laid down in article 265 of the Swiss Criminal Procedure Code according to legal examination.
  • Foreign authorities have to make an official request for legal assistance in accordance with the Federal Act on International Mutual Assistance in Criminal Matters; we don’t deal with direct inquiries by foreign authorities.
  • If the legal requirements are fully met, we can provide the following information associated with a given Threema ID:
    • Phone number, if provided by the user
    • Email address (hashed), if provided by the user
    • Push token, if a push service is used
    • Public key
    • Date (without time) of Threema ID creation
    • Date (without time) of last login

Here’s a list of all requests by authorities we have received since 2014:

Year Requests by Swiss authorities Requests by foreign authorities with Swiss legal assistance Requests that have met the formal requirements Requests that didn’t meet the formal requirements Handing over of data (# cases) Handing over of data (# IDs)
2017 2 2 4 - 3 12
2016 - 1 1 - 1 1
2015 1 - - 1 - -
2014 - - - - - -

Last update: 02.11.2017