Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.
- FROM
- €2/mo
- CLOUD ACT
- MATERIAL
French-founded, now US-headquartered (NYC). Significant US-VC funding.
DISCLOSURE Some links on this site are affiliate links. We may earn a commission at no extra cost to you. Editorial signals and rankings are never influenced by affiliate relationships.
Ordered by feature parity and migration friction, which is weighted higher than feature breadth.
Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.
Danish business password & access manager (Uniqkey A/S, Copenhagen), Danish-hosted, zero-knowledge E2E, ISO 27001, EIFO-backed, NIS2-focused.
German AGPLv3 open-source password manager (MaKleSoft, Bavaria), audited 3×, self-hostable, but hosted cloud uses Stripe + defunct Privacy Shield ref.
All 6 alternatives, benchmarked against Dashlane.
Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.
Danish business password & access manager (Uniqkey A/S, Copenhagen), Danish-hosted, zero-knowledge E2E, ISO 27001, EIFO-backed, NIS2-focused.
German AGPLv3 open-source password manager (MaKleSoft, Bavaria), audited 3×, self-hostable, but hosted cloud uses Stripe + defunct Privacy Shield ref.
AGPLv3 Rust Bitwarden-compatible server by Daniel García (Spain), self-host-only, no company, no telemetry; EU-maintained, no CLOUD Act exposure when run on EU infrastructure.
GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.
German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.
| Product | Hosting | Sovereignty | Cert. | Pricing | Signals | Open |
|---|---|---|---|---|---|---|
|
Dashlane
benchmark · US
|
— |
US-LINKED | SOC 2 no EU framework |
Freemium |
E2E
Public DPA
Sub-processors
Open source
|
|
|
Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.
|
—
Lithuania
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
SOC 2
|
Freemium
€2 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
|
Danish business password & access manager (Uniqkey A/S, Copenhagen), Danish-hosted, zero-knowledge E2E, ISO 27001, EIFO-backed, NIS2-focused.
|
DK
Denmark
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid |
Public DPA
Sub-processors
Open source
|
→ |
|
German AGPLv3 open-source password manager (MaKleSoft, Bavaria), audited 3×, self-hostable, but hosted cloud uses Stripe + defunct Privacy Shield ref.
|
—
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€3 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
|
AGPLv3 Rust Bitwarden-compatible server by Daniel García (Spain), self-host-only, no company, no telemetry; EU-maintained, no CLOUD Act exposure when run on EU infrastructure.
|
—
Spain
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Free |
Public DPA
Sub-processors
Open source
|
→ |
|
GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.
|
—
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Free |
Public DPA
Sub-processors
Open source
|
→ |
|
German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.
|
NUREMBERG · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€4 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.
| Feature | NordPass | Uniqkey | Padloc | Vaultwarden | KeePassXC | heylogin |
|---|---|---|---|---|---|---|
| Passkeys | Yes | Yes | Yes | Yes | No | |
| Autofill | Yes | Yes | Yes | Yes | Yes | |
| Breach monitoring | Yes | Yes | Yes | No | Yes | Yes |
| Family sharing | Yes | No | Yes | Yes | No | No |
| Data export | Yes | Yes | Yes | Yes | Yes | |
| Devices | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
| Platforms | iOS macOS Windows Android Linux Web | iOS macOS Windows Android | iOS macOS Windows Android Linux Web | iOS macOS Windows Android Linux Web | macOS Windows Linux | iOS Android Windows macOS Web |
Listed for transparency. Every product on this page is benchmarked against this baseline.
Listed for transparency. Every product on this page is benchmarked against this baseline.
French-founded, now US-headquartered (NYC). Significant US-VC funding.
For every product we read the public DPA, sub-processors document, hosting region declaration, and corporate ownership records. Each is timestamped. Signals are editorial, re-verified quarterly. We never accept self-attestation.
Reviewed by the EU Vetted editorial team · Editorial guidelines