UK-headquartered open-source Matrix protocol commercialisation; powers Bundeswehr BwMessenger + French Tchap + NATO + UN.
- FROM
- —
- CLOUD ACT
- MATERIAL
A single roll-up of ownership and CLOUD Act exposure.
Swiss E2EE messenger (Pfäffikon SZ, founded 2012), ISO 27001, all-Swiss hosting, no phone number required; consumer + enterprise (Threema Work) + on-prem.
Threema, in the Video conferencing category, is an EU-owned service with Switzerland as its hosting location and no identified CLOUD Act exposure.
Threema GmbH (Pfäffikon SZ, Switzerland, CHE-221.440.104) processes personal data exclusively on servers in Swiss data centres for all essential functions, holds ISO 27001 certification, publishes a public DPA, and is Swiss-incorporated with EU adequacy: no CLOUD Act exposure, EU-adequate jurisdiction (CH), ISO 27001 certified, public DPA, all-Swiss hosting confirmed in the DPA, open-source clients with reproducible builds.
How exposed customer data is to US authorities under the CLOUD Act (Clarifying Lawful Overseas Use of Data Act).
Where ultimate control over the operating company sits.
Threema is a Swiss end-to-end encrypted messaging application developed and operated by Threema GmbH (Pfäffikon SZ, Switzerland, Commercial Register: CHE-221.440.104), founded in December 2012 by three Swiss developers as a privacy-first alternative to WhatsApp, launching on Apple's App Store the same month the app was conceived. The legal entity was formally registered as Threema GmbH in spring 2014 to support professional expansion. Key milestones: post-Snowden traction in 2013, Threema Work (business edition) launched 2016, surpassed 10 million users in early 2021 following WhatsApp's controversial terms-of-service update, and a new CEO appointed in 2024.
The product portfolio is three-tier. Threema Private (consumer): one-off purchase app for iOS + Android + desktop, no phone number or email required for sign-up; fully anonymous use possible. Threema Work (business): managed admin console, MDM integration, enforced encryption policies, SSO via SAML/OIDC, priced at €3/user/month (Core) or €5/user/month (Professional); 30-day free trial for up to 30 users. Threema OnPrem (self-hosted): the full Threema Work stack deployable on customer infrastructure, for buyers who require complete data sovereignty inside their own security perimeter. All three tiers share the same cryptographic core: end-to-end encrypted messages, voice calls, video calls, group chats, file transfers, and polls using the NaCl/libsodium cryptography library; encryption by default with no plaintext fallback.
Compliance posture is among the strongest in the messenger category. ISO/IEC 27001 certified. Data processing for all essential functions runs exclusively on Threema's own servers in Switzerland (confirmed in the publicly available DPA). Switzerland holds an EU adequacy decision (Art. 45 GDPR), SCC-free for EU↔CH transfers. The DPA (threema.com/en/dpa) is publicly accessible without login and references standard contractual safeguards for any third-party functions. The company explicitly positions Threema as compliant with NIS 2, DORA, and CER EU directives. Ownership: Threema was acquired by Comitis Capital GmbH (a German investment firm focused on purpose-driven companies) from Afinum Management GmbH in early 2026, still EU-controlled, no US capital. Open-source: a Google-free Android version (Threema Libre) ships via F-Droid with reproducible builds for independent verification; the app source code is publicly auditable. Best fit: privacy-conscious individuals replacing WhatsApp or Signal with a Swiss-hosted option; German and EU enterprises needing an auditable E2EE messaging platform under their own IT control; regulated sectors subject to NIS 2 / DORA that need a compliant internal comms layer.
UK-headquartered open-source Matrix protocol commercialisation; powers Bundeswehr BwMessenger + French Tchap + NATO + UN.
Free Swiss browser-based video meetings (Infomaniak, Geneva, since 1994); no guest account, own Swiss DCs, ISO 27001, no CLOUD Act.
French E2EE messenger (Olvid SAS, Paris, founded 2019), ANSSI CSPN certified, mandated for French government ministers; no phone number/identifier, content + metadata encrypted.