Legal compliance
Threema Work is fully compliant with the European General Data Protection Regulation (GDPR). As a Swiss company, Threema is also subject to Switzerland’s strict Federal Act on Data Protection (FADP) and the accompanying Data Protection Ordinance (DPO).
Transmitting data from the EU to Switzerland is permitted by law without any additional evaluation. Based on the adequacy decision of the European Commission 2000/518/EG, Swiss law guarantees a level of data protection equivalent to European legislation. The adequacy was last confirmed in the EU Commission’s report dated January 15, 2024.
Threema Work can be used without providing personally identifiable information (such as a phone number or email address) and without granting access to the address book.
Related articles
Threema is trusted by millions and known for its unparalleled security and privacy protection. No other messenger offers a comparable level of security, metadata restraint, and confidentiality.
- Top-grade end-to-end encryption of the entire communication.
- Strong encryption on users’ devices: Chats and messages are stored with strong encryption on the device.
- Decentralized handling: No central storage of personal data.
- Company-owned hardware in Switzerland: Threema GmbH runs its own servers in data centers of an ISO 27001-certified collocation partner.
Details about the encryption, key-pair management, physical data security, data protection laws, and other security advantages of our decentralized architecture are summarized in the Security and Privacy Reference Sheet.
The Threema Work apps are open source, and the Cryptography Whitepaper contains comprehensive information about Threema’s technical architecture. Furthermore, external experts audit Threema on a regular basis.
We don’t require a data-processing agreement. The standard agreement is currently being revised. Please contact our Sales or Customer Success team via the support form in the management cockpit to request a data-processing agreement.
Individual agreements are not possible.
If your company requires that chats are stored externally for auditing or reporting purposes, you can ask users to export chats.
Due to the end-to-end encryption, it’s not possible to create transcripts using the management cockpit or the API.
App users can retrieve the information listed below at any time (by following the instructions listed in this FAQ article).
Details about the Threema ID
- Public key
- Timestamp of creation
- Hash of the linked phone number
- Hash of the linked email address
- Presence of a revocation password (yes/no)
- Nickname
App details
- Timestamp of the last licence check
- Version number and language
- Bitmask of features supported by the version in use
- Push token of the service in use (GCM/FCM, APNS)
- Name of the chosen sound file for push messages
Values of the following configuration settings
-
th_firstname
-
th_lastname
-
th_category
-
th_csi
-
th_nickname