Zero-Knowledge Security and Legal Compliance
Threema protects confidential information, avoids metadata, and is GDPR-compliant – “Security by Design” is our philosophy.
Threema protects confidential information, avoids metadata, and is GDPR-compliant – “Security by Design” is our philosophy.
Threema relies on robust end-to-end encryption based on open-source encryption technology to protect all communication. Unlike many other messaging services, Threema not only provides end-to-end encryption for text and voice messages, media, and calls, but also for profile pictures, group names, and the list of group members.
Threema is regularly subjected to comprehensive audits by recognized security experts. For instance, the renowned company Cure53 conducted a thorough security audit of the mobile apps in October 2020, and in January 2024, the new desktop app was examined. Additionally, German researchers confirmed the robustness of Threema’s communication protocol Ibex with a formal security proof in July 2023.
Threema is GDPR-compliant and meets all European data protection requirements. Furthermore, Threema is subject to the strict Swiss Federal Act on Data Protection (FADP). Unlike many US services, Threema is not subject to the CLOUD Act. The business messenger helps EU companies meet the requirements of NIS2, DORA, and CER. With its own servers in an “ISO 27001”-certified data center in Zurich, comprehensive data security is ensured.
To ensure full transparency, the source code of the Threema apps is publicly accessible. However, you don’t have to take our word for it: thanks to Reproducible Builds (on Android), you can verify for yourself that the published code matches the one underlying the apps in the app stores.
Try Threema Work for 30 days with 30 users – no payment details required, no automatic renewal!
