Zero-Knowledge Security and Full Legal Compliance

Threema Work protects confidential information and the employee’s privacy while being 100% GDPR-compliant.

{content_work_security_box_title

Security and Privacy by Design

Threema Work was designed from scratch with focus on security and data protection. In contrast to many other business messengers, all types of communication are end-to-end encrypted in Threema Work. It’s not required to provide personal information, such as a phone number or email address, to use Threema Work.

Comparison with other messengers Security audits
Full Legal Compliance

Full Legal Compliance

Threema Work is fully GDPR-compliant. As a Swiss company, Threema is also subject to Switzerland’s strict Federal Act on Data Protection (FADP). Switzerland enjoys a high degree of legal security and, contrary to US-based services, Threema is not subject to the CLOUD Act.

Threema operates its own servers in a highly secure data center of an “ISO 27001”-certified colocation partner in Zurich.

Reference sheet: Privacy and security Study: Business messaging
Separate Personal and Professional Communication

Separate Personal and Professional Communication

With Threema Work, personal and professional communication is strictly separated. Since internal contacts are labeled with a distinct verification level, it is recognizable at a glance whether a contact is part of the organization or not. If desired, communication can also be restricted to internal contacts. This way, no communication with contacts outside of the organization is possible.

App Configuration and Policy Enforcement

App Configuration and Policy Enforcement

You can not only decide how the app is set up but also fully control how individual users are allowed to use the app. To enforce your company’s policies, simply disable specific app features. The configuration possibilities are endless.

  • Set up a closed communication system
  • Deactivate contact synchronization
  • Store backups on your own server
  • Prevent creation of screenshots and automatic storage of media
  • Deactivate video calls
  • Define users’ departments, employee numbers, and nicknames
  • And much more…

Use your company’s MDM system or the app configuration in the management cockpit to pre-configure the app.

Possible app configurations

Rock-Solid Encryption,
Optimal Privacy Protection

Integrated End-to-End Encryption

Threema uses tried-and-tested asymmetrical cryptography to encrypt both the communication between users as well as the data transfer between app and server. In contrast to other messaging services, Threema Work not only end-to-end encrypts text and voice messages but also voice and video calls, media files, and status messages.

Regular Audits

External experts are commissioned to conduct comprehensive security audits on a regular basis. The most recent audit was carried out by Cure53 in October 2020. Furthermore, German researchers provided a security proof for Threema’s communication protocol Ibex in July 2023.

Consistent Metadata Restraint

Groups and contact lists are managed on the individual user devices, not on a central server. Messages are deleted immediately after they are delivered, there are no log files, and no personal data is collected.

No Address Book Access Required

Threema Work can be used without access to the address book. If contact synchronization is activated, contact data is only transmitted in hashed form and never stored on the server’s disk.

Cryptography whitepaper