Aller au contenu
Vérifié indépendamment · Ré-audit trimestriel
EU VETTED

Threema

VéRIFIé
Visioconférence · Switzerland
Fondé en 2012 · threema.com ↗

Swiss E2EE messenger (Pfäffikon SZ, founded 2012), ISO 27001, all-Swiss hosting, no phone number required; consumer + enterprise (Threema Work) + on-prem.

En bref

Threema, dans la catégorie Visioconférence, est un service sous contrôle européen avec Switzerland comme lieu d’hébergement et aucune exposition identifiée au CLOUD Act.

Notes d’évaluation

Threema GmbH (Pfäffikon SZ, Switzerland, CHE-221.440.104) processes personal data exclusively on servers in Swiss data centres for all essential functions, holds ISO 27001 certification, publishes a public DPA, and is Swiss-incorporated with EU adequacy: no CLOUD Act exposure, EU-adequate jurisdiction (CH), ISO 27001 certified, public DPA, all-Swiss hosting confirmed in the DPA, open-source clients with reproducible builds.

CLOUD ACT
OWNERSHIP
SUB-PROCS
0 aucun divulgué
Signaux vérifiés
Juridiction
  • Hébergement UE / adéquation
  • Opérateur UE / adéquation
  • Aucune exposition au CLOUD Act
Transparence
  • DPA public
  • Sous-traitants divulgués
  • Clients open source
  • Certification tierce
JUMP TO
OVERVIEW

À propos de Threema

Threema is a Swiss end-to-end encrypted messaging application developed and operated by Threema GmbH (Pfäffikon SZ, Switzerland, Commercial Register: CHE-221.440.104), founded in December 2012 by three Swiss developers as a privacy-first alternative to WhatsApp, launching on Apple's App Store the same month the app was conceived. The legal entity was formally registered as Threema GmbH in spring 2014 to support professional expansion. Key milestones: post-Snowden traction in 2013, Threema Work (business edition) launched 2016, surpassed 10 million users in early 2021 following WhatsApp's controversial terms-of-service update, and a new CEO appointed in 2024.

The product portfolio is three-tier. Threema Private (consumer): one-off purchase app for iOS + Android + desktop, no phone number or email required for sign-up; fully anonymous use possible. Threema Work (business): managed admin console, MDM integration, enforced encryption policies, SSO via SAML/OIDC, priced at €3/user/month (Core) or €5/user/month (Professional); 30-day free trial for up to 30 users. Threema OnPrem (self-hosted): the full Threema Work stack deployable on customer infrastructure, for buyers who require complete data sovereignty inside their own security perimeter. All three tiers share the same cryptographic core: end-to-end encrypted messages, voice calls, video calls, group chats, file transfers, and polls using the NaCl/libsodium cryptography library; encryption by default with no plaintext fallback.

Compliance posture is among the strongest in the messenger category. ISO/IEC 27001 certified. Data processing for all essential functions runs exclusively on Threema's own servers in Switzerland (confirmed in the publicly available DPA). Switzerland holds an EU adequacy decision (Art. 45 GDPR), SCC-free for EU↔CH transfers. The DPA (threema.com/en/dpa) is publicly accessible without login and references standard contractual safeguards for any third-party functions. The company explicitly positions Threema as compliant with NIS 2, DORA, and CER EU directives. Ownership: Threema was acquired by Comitis Capital GmbH (a German investment firm focused on purpose-driven companies) from Afinum Management GmbH in early 2026, still EU-controlled, no US capital. Open-source: a Google-free Android version (Threema Libre) ships via F-Droid with reproducible builds for independent verification; the app source code is publicly auditable. Best fit: privacy-conscious individuals replacing WhatsApp or Signal with a Swiss-hosted option; German and EU enterprises needing an auditable E2EE messaging platform under their own IT control; regulated sectors subject to NIS 2 / DORA that need a compliant internal comms layer.

SUB-PROCESSORS

Carte des sous-traitants · aucun divulgué

Source ↗
L'éditeur déclare zéro sous-traitant. Tout le traitement des données se fait en interne.
CERTIFICATIONS

Référentiels & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Matrice de fonctionnalités

Auto-hébergeable Oui
Participants max 16 participants
Partage d’écran Oui
Chiffrement de bout en bout Oui
INTéGRATION & ACCèS
REST API Yes
SSO (SAML / OIDC) Yes
CONFORMITé & GOUVERNANCE
Audit log No
Self-host / on-prem option Yes
PRICING

Tarifs & paliers

FREEMIUM
à partir de €3/mois
Voir la page tarifs ↗
PUBLIC DOCUMENTS

Documents publics

  • Contrat de sous-traitance (DPA)
    threema.com/en…
    Ouvrir ↗
  • Liste des sous-traitants
    threema.com/en…
    Ouvrir ↗
  • Conditions d'utilisation
    threema.com/en…
    Ouvrir ↗
ALTERNATIVES

Alternatives dans cette catégorie

Element (Matrix)
United Kingdom · Fondé en 2017
HéBERGé UE

UK-headquartered open-source Matrix protocol commercialisation; powers Bundeswehr BwMessenger + French Tchap + NATO + UN.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
MATERIAL
kMeet (Infomaniak)
Switzerland · Fondé en 1994
SOUVERAIN UE

Free Swiss browser-based video meetings (Infomaniak, Geneva, since 1994); no guest account, own Swiss DCs, ISO 27001, no CLOUD Act.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
NONE
Olvid
France · Fondé en 2019
BASé UE

French E2EE messenger (Olvid SAS, Paris, founded 2019), ANSSI CSPN certified, mandated for French government ministers; no phone number/identifier, content + metadata encrypted.

DPA public Sous-traitants Open source
FROM
€10/mois
CLOUD ACT
MINOR