Franz Franz
Get Started

Still using Franz 5? Read the Franz 5 version.

Privacy Statement

Effective 2026-04-19. Applies to Franz 6 and newer. If you are on Franz 5, please see the Franz 5 privacy statement.

Good to see you around here!

Franz is a desktop messaging aggregator for Slack, WhatsApp, Telegram, Signal, Gmail, and many other services. Since your communication is a very personal matter, the safety of your data is very important to us.

This statement explains what we collect, why we collect it, where it lives, and what you can do about it. We have deliberately kept the Franz 6 data surface small: most of what Franz does happens locally on your device.

1. Definitions

Franz is owned by Stefan Malzner (referred to as "I", "Me", "We" or "Our") and based in Vienna, Austria. As a customer of this service you are a "User" or "You" according to this agreement. The app or any services offered by us will be referred to as "Franz", "Franz App", the "Website" or just "Service". External services like Slack, WhatsApp, Gmail, Signal, etc. will be referred to as "External Providers" or "External Services".

2. Your Data

External Services

Franz is structurally similar to a web browser: for most services it renders the provider's own web app inside an isolated view. That means Franz does not store your external-service login credentials on our servers, and we cannot read the messages you exchange through those services. Cookies and browser cache set by external services are stored locally on your device so you stay logged in.

Some services (for example Gmail via IMAP, Exchange, or Signal) use native protocols instead of a web view. In those cases your account credentials and a local cache of your messages are stored encrypted on your device only. They are never transmitted to us.

By adding External Services to your Franz installation, you accept their respective privacy policies. We have no control over how these services handle your data and it is entirely up to you to decide which ones you trust.

Franz does not store your external-service passwords on our servers and does not read your messages.

Franz Account

In order to save your configuration and provide features like settings synchronization or Franz Pro, we store a small amount of data about you.

This data contains the following personal information:

  • Your name
  • Email address
  • Encrypted password (hashed)
  • Organization / company (optional)
  • Your Franz subscription status and plan
  • Your saved app-level settings (such as enabled services, UI preferences, and synced recipe configuration, without any message content)

We may occasionally contact you by email, for example when you reset your password, when there is an important change to your subscription, or when we announce major product news you asked to hear about.

AI Features

Franz 6 includes optional AI features such as email classification and summarization. When you use these features, the relevant text is sent to our AI proxy, which forwards it to Google Cloud Vertex AI in the europe-west4 region (Netherlands, within the EU) for inference. Prompts and responses are not retained by us beyond what is necessary to deliver the response, and Google Cloud processes them under its standard Vertex AI data processing terms. You can disable AI features at any time in the app's settings; when disabled, no content is sent to Vertex AI.

Local Storage

Franz stores the following on your own device, never on our servers:

  • Your message caches for native-protocol services (for example IMAP mail, Signal)
  • Service cookies and local storage set by web-based External Services
  • App preferences, drafts, and workspace configuration

You can clear this local data at any time from the app's settings.

3. Data portability

You can request an archive of the data we have stored about you. To file for such a request please sign in to your account here and submit a data export request.

4. Account Termination

You have the option to delete your personal data. To do so, please sign in here and submit an account termination request.

Please understand that we can not delete your account for you — you'll have to do it yourself. Why? We have no way of verifying that the person asking us to delete your account is actually you.

Data Retention

If you haven't signed in to your Franz account within 550 days, we will automatically delete your account and all associated data.

5. Cookies

The Franz website uses the minimum number of cookies necessary to keep you signed in and to honor your tracking preferences. We do not use third-party advertising, retargeting, or social-media tracking cookies.

Cookie Purpose Lifetime Type
franz_website_access_token Keeps you signed in to your Franz account on the website. 24 hours Strictly necessary, HttpOnly
franz_website_refresh_token Lets the website renew your session without asking you to sign in again. 30 days Strictly necessary, HttpOnly
franz_lang Remembers the language you selected on the website so we can keep serving it to you across visits. 400 days Functional
franz-tracking-opt-out Remembers that you asked us not to load analytics or error-reporting scripts. 400 days Functional

External Services rendered inside the Franz desktop app may set their own cookies locally on your device, in the same way they would inside a regular browser. Those cookies are governed by the relevant provider's privacy policy.

6. Analytics (Umami)

We use Umami, a privacy-focused web analytics tool, to understand how people use the Franz website and which parts of the product are actually helpful. Umami:

  • Is self-hosted by us on Hetzner in Germany. Your analytics data never leaves servers under our direct control inside the EU.
  • Does not set cookies in your browser.
  • Does not collect personal data. IP addresses are hashed on the server before any record is written, and the hash rotates daily so visitors cannot be tracked across days.
  • Does not share data with any third party.

You can opt out at any time through our tracking opt-out link in the website footer. Opting out sets the franz-tracking-opt-out cookie described above and prevents the Umami script from loading on subsequent visits.

7. Error Monitoring (GlitchTip)

We use GlitchTip, an open-source error-tracking tool, to capture anonymized error reports when something breaks on the website or in the app, so we can fix bugs we would otherwise never see. GlitchTip is self-hosted by us on Hetzner in Germany, alongside our Umami analytics instance — error reports do not leave our own servers. Reports do not include your cookies, message content, or authentication tokens. If you have opted out of tracking, error events are dropped before being sent.

8. Payments (Stripe & legacy Recurly)

If you decide to upgrade your account to Franz Pro or any paid plan, your name, email address, and subscription details are shared with our payment provider Stripe. Stripe handles the card data directly under their own security and compliance program — we never see or store your full card number. Details about how Stripe handles your data are in the Stripe Privacy Policy.

If you subscribed before we moved to Stripe, your subscription is still managed by Recurly for the lifetime of that subscription. We continue to read your subscription status from Recurly so we can keep your plan active, but we no longer share any new personal data with Recurly. Details about how Recurly handles data are in the Recurly Privacy Statement.

9. Sub-processors and Hosting

A full, up-to-date list of the sub-processors we rely on and where they process data is available on our Sub-processors page. In summary:

  • DigitalOcean — primary application hosting and database, Frankfurt (EU).
  • Hetzner — application hosting, self-hosted Umami analytics, and self-hosted GlitchTip error monitoring, Germany (EU).
  • Google Cloud (Vertex AI) — AI inference for optional Franz AI features, europe-west4 / Netherlands (EU).
  • Stripe — subscription billing and payment processing for new subscriptions.
  • Recurly — legacy subscription management for customers who subscribed before the Stripe transition; read-only, no new personal data shared.
  • Cloudflare — object storage (R2) and AI proxy routing, EU regions.
  • Brevo — transactional email (e.g. account verification, password reset, billing notifications) and email campaigns.

Error monitoring runs on self-hosted GlitchTip, which we operate on Hetzner in Germany (alongside our Umami analytics instance) and therefore does not introduce an additional third-party sub-processor.

We removed Google Analytics, Customer.io, and Facebook Pixel from this stack in Franz 6. They are no longer used. Recurly remains in place only for legacy subscribers; new subscriptions are handled by Stripe.

10. GDPR

If you wish to access, update, correct, or request deletion of your personal data, you can do so here or by contacting us.

You can always object to the processing of your personal data, ask us to restrict processing, or request a data export. Again, you can do so here or by contacting us.

You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

11. Changes

We may update this Privacy Statement from time to time. Material changes will be communicated before they take effect. The effective date at the top of this document reflects the latest revision. Your continued use of the Services after any changes indicates your agreement with the revised Privacy Statement.

12. Questions

If you have any questions, comments, or just want to say hi, feel free to write an email to hi@meetfranz.com.

The last update to this Privacy Statement was posted on: 2026-04-19.