Zum Inhalt springen
Unabhängig verifiziert · Quartalsweises Re-Audit
EU VETTED

Threema

VERIFIZIERT
Videokonferenzen · Switzerland
Gegründet 2012 · threema.com ↗

Swiss E2EE messenger (Pfäffikon SZ, founded 2012), ISO 27001, all-Swiss hosting, no phone number required; consumer + enterprise (Threema Work) + on-prem.

Kurzfassung

Threema aus der Kategorie Videokonferenzen ist ein EU-eigener Dienst mit Switzerland als Hosting-Standort und ohne erkennbares CLOUD-Act-Risiko.

Bewertungsnotizen

Threema GmbH (Pfäffikon SZ, Switzerland, CHE-221.440.104) processes personal data exclusively on servers in Swiss data centres for all essential functions, holds ISO 27001 certification, publishes a public DPA, and is Swiss-incorporated with EU adequacy: no CLOUD Act exposure, EU-adequate jurisdiction (CH), ISO 27001 certified, public DPA, all-Swiss hosting confirmed in the DPA, open-source clients with reproducible builds.

CLOUD ACT
OWNERSHIP
SUB-PROCS
0 keine offengelegt
Geprüfte Signale
Jurisdiktion
  • EU-/Angemessenheits-Hosting
  • EU-/Angemessenheits-Betreiber
  • Keine US-CLOUD-Act-Exposition
Transparenz
  • Öffentlicher AVV
  • Unterauftragsverarbeiter offengelegt
  • Open-Source-Clients
  • Zertifizierung durch Dritte
JUMP TO
OVERVIEW

Über Threema

Threema is a Swiss end-to-end encrypted messaging application developed and operated by Threema GmbH (Pfäffikon SZ, Switzerland, Commercial Register: CHE-221.440.104), founded in December 2012 by three Swiss developers as a privacy-first alternative to WhatsApp, launching on Apple's App Store the same month the app was conceived. The legal entity was formally registered as Threema GmbH in spring 2014 to support professional expansion. Key milestones: post-Snowden traction in 2013, Threema Work (business edition) launched 2016, surpassed 10 million users in early 2021 following WhatsApp's controversial terms-of-service update, and a new CEO appointed in 2024.

The product portfolio is three-tier. Threema Private (consumer): one-off purchase app for iOS + Android + desktop, no phone number or email required for sign-up; fully anonymous use possible. Threema Work (business): managed admin console, MDM integration, enforced encryption policies, SSO via SAML/OIDC, priced at €3/user/month (Core) or €5/user/month (Professional); 30-day free trial for up to 30 users. Threema OnPrem (self-hosted): the full Threema Work stack deployable on customer infrastructure, for buyers who require complete data sovereignty inside their own security perimeter. All three tiers share the same cryptographic core: end-to-end encrypted messages, voice calls, video calls, group chats, file transfers, and polls using the NaCl/libsodium cryptography library; encryption by default with no plaintext fallback.

Compliance posture is among the strongest in the messenger category. ISO/IEC 27001 certified. Data processing for all essential functions runs exclusively on Threema's own servers in Switzerland (confirmed in the publicly available DPA). Switzerland holds an EU adequacy decision (Art. 45 GDPR), SCC-free for EU↔CH transfers. The DPA (threema.com/en/dpa) is publicly accessible without login and references standard contractual safeguards for any third-party functions. The company explicitly positions Threema as compliant with NIS 2, DORA, and CER EU directives. Ownership: Threema was acquired by Comitis Capital GmbH (a German investment firm focused on purpose-driven companies) from Afinum Management GmbH in early 2026, still EU-controlled, no US capital. Open-source: a Google-free Android version (Threema Libre) ships via F-Droid with reproducible builds for independent verification; the app source code is publicly auditable. Best fit: privacy-conscious individuals replacing WhatsApp or Signal with a Swiss-hosted option; German and EU enterprises needing an auditable E2EE messaging platform under their own IT control; regulated sectors subject to NIS 2 / DORA that need a compliant internal comms layer.

SUB-PROCESSORS

Unterauftragsverarbeiter-Karte · keine offengelegt

Quelle ↗
Anbieter gibt null Unterauftragsverarbeiter an. Die gesamte Datenverarbeitung erfolgt im eigenen Haus.
CERTIFICATIONS

Rahmenwerke & Zertifizierungen

ISO/IEC 27001
AKTIV
FEATURES

Funktionsmatrix

Self-Hosting Ja
Max. Teilnehmer 16 Teilnehmer
Bildschirmfreigabe Ja
Ende-zu-Ende-Verschlüsselung Ja
INTEGRATION & ZUGRIFF
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option Yes
PRICING

Preise & Tarife

FREEMIUM
ab €3/Monat
Preisseite ansehen ↗
PUBLIC DOCUMENTS

Öffentliche Dokumente

  • Auftragsverarbeitungsvertrag (AVV)
    threema.com/en…
    Öffnen ↗
  • Liste der Unterauftragsverarbeiter
    threema.com/en…
    Öffnen ↗
  • Nutzungsbedingungen
    threema.com/en…
    Öffnen ↗
ALTERNATIVES

Alternativen in dieser Kategorie

Element (Matrix)
United Kingdom · Gegründet 2017
EU-GEHOSTET

UK-headquartered open-source Matrix protocol commercialisation; powers Bundeswehr BwMessenger + French Tchap + NATO + UN.

Öffentl. AVV Subprozessoren Open Source
FROM
CLOUD ACT
MATERIAL
kMeet (Infomaniak)
Switzerland · Gegründet 1994
EU-SOUVERäN

Free Swiss browser-based video meetings (Infomaniak, Geneva, since 1994); no guest account, own Swiss DCs, ISO 27001, no CLOUD Act.

Öffentl. AVV Subprozessoren Open Source
FROM
CLOUD ACT
NONE
Olvid
France · Gegründet 2019
EU-ANSäSSIG

French E2EE messenger (Olvid SAS, Paris, founded 2019), ANSSI CSPN certified, mandated for French government ministers; no phone number/identifier, content + metadata encrypted.

Öffentl. AVV Subprozessoren Open Source
FROM
€10/Mt.
CLOUD ACT
MINOR