Still using Franz 5? Read the Franz 5 version.
Privacy Statement
Effective 2026-04-19. Applies to Franz 6 and newer. If you are on Franz 5, please see the Franz 5 privacy statement.
Good to see you around here!
Franz is a desktop messaging aggregator for Slack, WhatsApp, Telegram, Signal, Gmail, and many other services. Since your communication is a very personal matter, the safety of your data is very important to us.
This statement explains what we collect, why we collect it, where it lives, and what you can do about it. We have deliberately kept the Franz 6 data surface small: most of what Franz does happens locally on your device.
1. Definitions
Franz is owned by Stefan Malzner (referred to as "I", "Me", "We" or "Our") and based in Vienna, Austria. As a customer of this service you are a "User" or "You" according to this agreement. The app or any services offered by us will be referred to as "Franz", "Franz App", the "Website" or just "Service". External services like Slack, WhatsApp, Gmail, Signal, etc. will be referred to as "External Providers" or "External Services".
2. Your Data
External Services
Franz is structurally similar to a web browser: for most services it renders the provider's own web app inside an isolated view. That means Franz does not store your external-service login credentials on our servers, and we cannot read the messages you exchange through those services. Cookies and browser cache set by external services are stored locally on your device so you stay logged in.
Some services (for example Gmail via the Gmail API, Exchange via the Microsoft Graph API, or Signal) connect through native APIs instead of a web view. In those cases your access tokens and a local cache of your messages are stored encrypted on your device only. They are never transmitted to us. For Gmail and Google Contacts in particular, see the dedicated section below.
By adding External Services to your Franz installation, you accept their respective privacy policies. We have no control over how these services handle your data and it is entirely up to you to decide which ones you trust.
Franz does not store your external-service passwords on our servers and does not read your messages.
Franz Account
In order to save your configuration and provide features like settings synchronization or Franz Pro, we store a small amount of data about you.
This data contains the following personal information:
- Your name
- Email address
- Encrypted password (hashed)
- Organization / company (optional)
- Your Franz subscription status and plan
- Your saved app-level settings (such as enabled services, UI preferences, and synced recipe configuration, without any message content)
We may occasionally contact you by email, for example when you reset your password, when there is an important change to your subscription, or when we announce major product news you asked to hear about.
AI Features
Franz 6 includes optional AI features such as email classification and summarization, and uses AI assistance to triage and respond to support requests. When you use these features, the relevant text is sent through our AI proxy to Mistral AI on api.mistral.ai (Paris, France, within the EU) for inference. Prompts and responses are not retained by us beyond what is necessary to deliver the response, and Mistral does not use them to train or improve generalized AI/ML models. Mistral AI processes data under its standard data processing addendum (https://legal.mistral.ai/terms/data-processing-addendum). You can disable AI features at any time in the app's settings; when disabled, no in-app content is sent to Mistral AI.
Routing inference through a European frontier lab is a deliberate choice. Mistral is a French AI company, your prompts stay inside the EU under EU contractual terms, and your privacy benefits from data residency. European AI development benefits from being chosen.
Local Storage
Franz stores the following on your own device, never on our servers:
- Your message caches for native-protocol services (for example IMAP mail, Signal)
- Service cookies and local storage set by web-based External Services
- App preferences, drafts, and workspace configuration
You can clear this local data at any time from the app's settings.
3. Google user data (Gmail and Google Contacts)
If you connect a Gmail or Google Workspace account to Franz, we use the Gmail API and the Google People API to read, organize, draft, and send your mail, to surface your configured "Send as" aliases, and to show contact photos for senders you have already exchanged mail with. This section describes exactly what we access, why, and how we protect it. Franz's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
OAuth scopes Franz requests
| Scope | What we use it for |
|---|---|
https://www.googleapis.com/auth/gmail.modify | Read your messages, threads, labels, and history; create, update, and delete drafts you write in Franz; send mail you compose in Franz from your account; mark messages read or unread; move them between labels; move them to trash. Powers your inbox view, folder list, search, unread counts, and compose. Franz never permanently deletes mail and never bypasses Trash on your behalf. |
https://www.googleapis.com/auth/gmail.settings.basic | Read your configured "Send as" aliases (for example custom-domain addresses on Google Workspace) so the From-selector can offer them when you compose mail. We do not modify your Gmail settings. |
https://www.googleapis.com/auth/contacts.other.readonly | Look up the contact photo for senders you have already exchanged mail with, so Franz can show a real avatar instead of a generic placeholder. We do not store the underlying contact records on our servers. |
https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile | Identify the connected Google account in Franz's account list and show your name and avatar in the From-selector. |
Where Google data lives and how it is protected
- OAuth tokens are stored only on your device, in your operating system's secure credential store (macOS Keychain, Windows Credential Manager, libsecret on Linux) via Electron
safeStorage. The initial token exchange and subsequent refresh requests transit our API server because Google requires the OAuth client secret to be kept server-side; our API forwards the request to Google over TLS, returns the resulting tokens to your device, and does not log, store, or otherwise persist them. - Mail headers, bodies, attachments, labels, and the contact photos we fetch for senders are cached in a local SQLite database inside your Franz user-data directory so the app stays responsive offline. The cache lives only on your device and is not transmitted to us.
- All network traffic to Google APIs and to our own services uses TLS 1.2 or higher.
Google data and AI features
If you opt in to Franz's optional AI features (such as email classification or summarization), the relevant message text is sent through our AI proxy to Mistral AI on api.mistral.ai (Paris, France, EU) for inference, and only for that purpose.
- Mistral AI processes the request under its standard data processing addendum. Prompts and responses are not retained by us, and Mistral AI does not use them to train or improve generalized AI/ML models.
- We do not use Gmail data to train, fine-tune, or improve any model, our own or anyone else's.
- No human at Franz reads your Gmail content. The only exception is content you explicitly choose to send us yourself, for example in a bug report.
- You can disable AI features at any time in the app's settings. When disabled, no Gmail content is sent to Mistral AI.
Sharing and sale of Google user data
We do not sell your Google user data, do not share it with advertisers, and do not use it for advertising or retargeting. The only third party that ever processes Gmail-derived content is Mistral AI, and only when you have enabled AI features as described above. Mistral AI acts as a sub-processor under our standard data processing terms; the full list of sub-processors is on our Sub-processors page.
Retention, revocation, and deletion
- You can revoke Franz's access to your Google account at any time at myaccount.google.com/permissions. Once revoked, Franz can no longer read or modify your mail.
- You can disconnect a Gmail account inside Franz at any time. Doing so removes the locally cached mail for that account from your device.
- If you delete your Franz account, any server-side records associated with that account are removed. The local Gmail cache on your device is removed by uninstalling Franz or by clearing local data in the app's settings.
4. Data portability
You can request an archive of the data we have stored about you. To file for such a request please sign in to your account here and submit a data export request.
5. Account Termination
You have the option to delete your personal data. To do so, please sign in here and submit an account termination request.
Please understand that we can not delete your account for you — you'll have to do it yourself. Why? We have no way of verifying that the person asking us to delete your account is actually you.
Data Retention
If you haven't signed in to your Franz account within 550 days, we will automatically delete your account and all associated data.
6. Cookies
The Franz website uses the minimum number of cookies necessary to keep you signed in and to honor your tracking preferences. We do not use third-party advertising, retargeting, or social-media tracking cookies.
| Cookie | Purpose | Lifetime | Type |
|---|---|---|---|
franz_website_access_token |
Keeps you signed in to your Franz account on the website. | 24 hours | Strictly necessary, HttpOnly |
franz_website_refresh_token |
Lets the website renew your session without asking you to sign in again. | 30 days | Strictly necessary, HttpOnly |
franz_lang |
Remembers the language you selected on the website so we can keep serving it to you across visits. | 400 days | Functional |
franz-tracking-opt-out |
Remembers that you asked us not to load analytics or error-reporting scripts. | 400 days | Functional |
External Services rendered inside the Franz desktop app may set their own cookies locally on your device, in the same way they would inside a regular browser. Those cookies are governed by the relevant provider's privacy policy.
7. Security Checks (Cloudflare Turnstile)
We use Cloudflare Turnstile on selected signup, sign-in, checkout, newsletter, download-link, billing, team, account, and app-origin security checks to help prevent automated abuse and protect paid Franz Cloud resources from token-burning attacks. Turnstile may process technical browser, device, network, and interaction signals needed to determine whether a request is likely to be automated. We verify the result on our servers before completing protected actions. Details about Cloudflare's handling of Turnstile data are available in Cloudflare's Turnstile Privacy Addendum.
8. Analytics (Umami)
We use Umami, a privacy-focused web analytics tool, to understand how people use the Franz website and which parts of the product are actually helpful. Umami:
- Is self-hosted by us on Hetzner in Germany. Your analytics data never leaves servers under our direct control inside the EU.
- Does not set cookies in your browser.
- Does not collect personal data. IP addresses are hashed on the server before any record is written, and the hash rotates daily so visitors cannot be tracked across days.
- Does not share data with any third party.
You can opt out at any time through our tracking opt-out link in the website footer. Opting out sets the franz-tracking-opt-out cookie described above and prevents the Umami script from loading on subsequent visits.
9. Error Monitoring (GlitchTip)
We use GlitchTip, an open-source error-tracking tool, to capture anonymized error reports when something breaks on the website or in the app, so we can fix bugs we would otherwise never see. GlitchTip is self-hosted by us on Hetzner in Germany, alongside our Umami analytics instance — error reports do not leave our own servers. Reports do not include your cookies, message content, or authentication tokens. If you have opted out of tracking, error events are dropped before being sent.
10. Payments (Stripe & legacy Recurly)
If you decide to upgrade your account to Franz Pro or any paid plan, your name, email address, and subscription details are shared with our payment provider Stripe. Stripe handles the card data directly under their own security and compliance program — we never see or store your full card number. Details about how Stripe handles your data are in the Stripe Privacy Policy.
If you subscribed before our migration to Stripe, your subscription continues to be managed by Recurly for its lifetime. Recurly continues to process billing data on our behalf for these grandfathered subscriptions, including ongoing operations such as seat quantity updates, scheduled plan changes, and renewal processing. New subscriptions are processed by Stripe. Details about how Recurly handles data are in the Recurly Privacy Statement.
11. Sub-processors and Hosting
A full, up-to-date list of the sub-processors we rely on and where they process data is available on our Sub-processors page. In summary:
- DigitalOcean — primary application hosting and database, Frankfurt (EU).
- Hetzner — application hosting, self-hosted Umami analytics, and self-hosted GlitchTip error monitoring, Germany (EU).
- Mistral AI — AI inference for optional Franz AI features and AI-assisted triage of support requests,
api.mistral.ai/ Paris, France (EU). - Stripe — subscription billing and payment processing for new subscriptions.
- Recurly — billing processor for grandfathered subscriptions taken out before the Stripe migration; continues to handle ongoing billing operations for those subscriptions for their lifetime.
- Cloudflare — object storage (R2), AI proxy routing, and Turnstile security checks for abuse prevention.
- Brevo — transactional email (e.g. account verification, password reset, billing notifications) and email campaigns.
Error monitoring runs on self-hosted GlitchTip, which we operate on Hetzner in Germany (alongside our Umami analytics instance) and therefore does not introduce an additional third-party sub-processor.
We removed Google Analytics, Customer.io, and Facebook Pixel from this stack in Franz 6. They are no longer used. Recurly remains in place only for legacy subscribers; new subscriptions are handled by Stripe.
12. GDPR
If you wish to access, update, correct, or request deletion of your personal data, you can do so here or by contacting us.
You can always object to the processing of your personal data, ask us to restrict processing, or request a data export. Again, you can do so here or by contacting us.
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
13. Changes
We may update this Privacy Statement from time to time. Material changes will be communicated before they take effect. The effective date at the top of this document reflects the latest revision. Your continued use of the Services after any changes indicates your agreement with the revised Privacy Statement.
14. Questions
If you have any questions, comments, or just want to say hi, feel free to write an email to [email protected].
The last update to this Privacy Statement was posted on: 2026-05-06.