Privacy Policy

Last Updated: 8 September 2025

---

1. Introduction

This Privacy Policy explains how Threema + (“we”, “our”, “us”) collects, uses, stores, and protects personal data when you use our web service, mobile apps, or any related products.

2. Data We Collect

• Account Information: Your Sender ID.
• Profile Data: display name and any public information you choose to share.
• Communication Content: messages, attachments, and metadata (timestamps, recipient IDs).
• Device & Usage Data: IP address, device type, operating system, browser version, cookies.
• Payment & Billing (if applicable): transaction IDs, plan type, and billing email.

3. How We Use Your Data

• Provide, maintain, and improve the Threema + service.
• Facilitate message delivery and storage.
• Send administrative communications (e.g., policy updates).
• Analyze usage trends to enhance features and performance.
• Detect, prevent, and respond to fraud, abuse, or security incidents.
• Comply with legal obligations and enforce our Terms of Service.

4. Legal Basis for Processing (GDPR)

We rely on the following lawful grounds:

• Performance of a contract: providing the service as is.
• Legitimate interests: improving security, preventing abuse, and optimizing the platform.

5. Data Sharing & Transfers

• Service Providers: third‑party vendors (hosting, analytics, payment processors) who process data on our behalf under strict contractual safeguards.
• Legal Requirements: authorities, courts, or regulators when we are legally compelled to disclose information.
• Business Transfers: in the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.

6. International Data Transfers

Threema + operates globally but data is saved in Switzerland only.

7. Data Retention

We retain personal data only as long as necessary:

• Account data: until you close your account or request deletion.
• Message content: retained and deleted upon explicit request or you manually delete it.
• Analytics & logs: typically 7 days, unless needed for security investigations.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete information.
• Delete your data (right to be forgotten).
• Restrict or object to processing.
• Port your data to another service.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us at threema@carlostkd.slmail.me.

9. Security Measures

We implement industry‑standard security controls, including:

• End‑to‑end encryption for messages.
• Regular security audits and vulnerability assessments.
• Rate limiting, intrusion detection, and automated abuse monitoring.

10. Children’s Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us for removal.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be announced via email or a prominent notice within the app. The “Last Updated” date at the top reflects the most recent revision.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out to:

Privacy Team
Threema +
Email: threema@carlostkd.slmail.me