French-founded, now US-headquartered (NYC). Significant US-VC funding.
DISCLOSURE Some links on this site are affiliate links. We may earn a commission at no extra cost to you. Compliance scores and editorial rankings are never influenced by affiliate relationships.
Listed for transparency. Every product on this page is benchmarked against this baseline.
French-founded, now US-headquartered (NYC). Significant US-VC funding.
All 5 alternatives ranked by compliance score, benchmarked against Dashlane.
| Product | Score | Owner | CLOUD Act | Cert. | Pricing | Action |
|---|---|---|---|---|---|---|
|
Dashlane
benchmark · US
|
1.0/5 | OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
SOC 2 no EU framework |
Freemium | your current |
|
Vaultwarden
Spain
|
VERIFIED SIGNALS
Jurisdiction
Transparency
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | Free | View profile → |
|
KeePassXC
Germany
|
VERIFIED SIGNALS
Jurisdiction
Transparency
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | Free | View profile → |
|
Uniqkey
Denmark
|
VERIFIED SIGNALS
Jurisdiction
Transparency
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
ISO/IEC 27001
|
Paid | View profile → |
|
NordPass
Lithuania
|
VERIFIED SIGNALS
Jurisdiction
Transparency
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
ISO/IEC 27001
SOC 2
|
Freemium
€2 / mo
|
View profile → |
|
Padloc
Germany
|
VERIFIED SIGNALS
Jurisdiction
Transparency
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— |
Freemium
€3 / mo
|
View profile → |
Ranked by feature parity + compliance score. Migration friction is weighted higher than feature breadth.
AGPLv3 Rust Bitwarden-compatible server by Daniel García (Spain), self-host-only, no company, no telemetry — clean 5/5 when run on EU infrastructure.
GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016) — no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.
Danish business password & access manager (Uniqkey A/S, Copenhagen), Danish-hosted, zero-knowledge E2E, ISO 27001, EIFO-backed, NIS2-focused.
For every product we read the public DPA, sub-processors document, hosting region declaration, and corporate ownership records. Each is timestamped. Compliance score is editorial, re-verified quarterly. We never accept self-attestation.
Reviewed by the EU Vetted editorial team · Editorial guidelines