Legal compliance

Threema Work is fully compliant with the European General Data Protection Regulation (GDPR). As a Swiss company, Threema is also subject to Switzerland’s strict Federal Act on Data Protection (FADP) and the accompanying Data Protection Ordinance (DPO).

Transmitting data from the EU to Switzerland is permitted by law without any additional evaluation. Based on the adequacy decision of the European Commission 2000/518/EG, Swiss law guarantees a level of data protection equivalent to European legislation. The adequacy was last confirmed in the EU Commission’s report dated January 15, 2024.

Threema Work can be used without providing personally identifiable information (such as a phone number or email address) and without granting access to the address book.

In November 2021, the FZI Research Center for Information Technology in Karlsruhe, Germany, released a comprehensive legal study on the corporate use of messaging services as well as a compact practical guide (both in German), see blog post.

Related articles

Threema is trusted by millions and known for its unparalleled security and privacy protection. No other messenger offers a comparable level of security, metadata restraint, and confidentiality.

  • Top-grade end-to-end encryption of the entire communication.
  • Strong encryption on users’ devices: Chats and messages are stored with strong encryption on the device.
  • Decentralized handling: No central storage of personal data.
  • Company-owned hardware in Switzerland: Threema GmbH runs its own servers in data centers of an ISO 27001-certified collocation partner.

Details about the encryption, key-pair management, physical data security, data protection laws, and other security advantages of our decentralized architecture are summarized in the Security and Privacy Reference Sheet.

The Threema Work apps are open source, and the Cryptography Whitepaper contains comprehensive information about Threema’s technical architecture. Furthermore, external experts audit Threema on a regular basis.

Compare Threema Work with other business communication-tools in our comprehensive business-messenger comparison, and have a look at the in-depth comparison of Threema and WhatsApp.

We don’t require a data-processing agreement, but we provide a standard agreement. Individual agreements are not possible.

If your company requires that chats are stored externally for auditing or reporting purposes, you can ask users to export chats.

Due to the end-to-end encryption, it’s not possible to create transcripts using the management cockpit or the API.

App users can retrieve the information listed below at any time (by following the instructions listed in this FAQ article).

Details about the Threema ID

  • Public key
  • Timestamp of creation
  • Hash of the linked phone number
  • Hash of the linked email address
  • Presence of a revocation password (yes/no)
  • Nickname

App details

  • Timestamp of the last licence check
  • Version number and language
  • Bitmask of features supported by the version in use
  • Push token of the service in use (GCM/FCM, APNS)
  • Name of the chosen sound file for push messages

Values of the following configuration settings

  • th_firstname
  • th_lastname
  • th_category
  • th_csi
  • th_nickname

Show all FAQs

Show all FAQs