German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.
- FROM
- €3.99/mo
- CLOUD ACT
- NONE
US-incorporated password manager, owned by GoTo (US PE: Francisco Partners + Elliott Management).
DISCLOSURE Some links on this site are affiliate links. We may earn a commission at no extra cost to you. Editorial signals and rankings are never influenced by affiliate relationships.
Ordered by feature parity and migration friction, which is weighted higher than feature breadth.
German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.
Swiss zero-knowledge password manager (Proton AG / Proton Foundation), open-source apps + extensions, Cure53-audited, free unlimited tier.
German Apache-2.0 open-source team password manager (esaqa GmbH), self-hostable on EU infrastructure, Cure53-audited 2026, free up to 10 users.
All 11 alternatives, benchmarked against LastPass.
German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.
Swiss zero-knowledge password manager (Proton AG / Proton Foundation), open-source apps + extensions, Cure53-audited, free unlimited tier.
German Apache-2.0 open-source team password manager (esaqa GmbH), self-hostable on EU infrastructure, Cure53-audited 2026, free up to 10 users.
Swiss zero-knowledge password manager (pCloud AG, Baar), client-side AES-256, free single-device tier, Luxembourg or US data residency.
Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.
Danish business password & access manager (Uniqkey A/S, Copenhagen), Danish-hosted, zero-knowledge E2E, ISO 27001, EIFO-backed, NIS2-focused.
German AGPLv3 open-source password manager (MaKleSoft, Bavaria), audited 3×, self-hostable, but hosted cloud uses Stripe + defunct Privacy Shield ref.
AGPLv3 Rust Bitwarden-compatible server by Daniel García (Spain), self-host-only, no company, no telemetry; EU-maintained, no CLOUD Act exposure when run on EU infrastructure.
GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.
Luxembourg-incorporated AGPLv3 open-source team password manager (Passbolt SA), SOC 2 Type II, self-hostable, used by LU/FR government.
German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.
| Product | Hosting | Sovereignty | Cert. | Pricing | Signals | Open |
|---|---|---|---|---|---|---|
|
LastPass
benchmark · US
|
— |
US-LINKED | SOC 2 no EU framework |
Freemium |
E2E
Public DPA
Sub-processors
Open source
|
|
|
German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.
|
FRANKFURT · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid
€3.99 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
|
Swiss zero-knowledge password manager (Proton AG / Proton Foundation), open-source apps + extensions, Cure53-audited, free unlimited tier.
|
GENEVA · CH
Switzerland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€2 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
|
German Apache-2.0 open-source team password manager (esaqa GmbH), self-hostable on EU infrastructure, Cure53-audited 2026, free up to 10 users.
|
DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€0 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
|
Swiss zero-knowledge password manager (pCloud AG, Baar), client-side AES-256, free single-device tier, Luxembourg or US data residency.
|
LU
Luxembourg
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€30 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
|
Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.
|
—
Lithuania
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
SOC 2
|
Freemium
€2 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
|
Danish business password & access manager (Uniqkey A/S, Copenhagen), Danish-hosted, zero-knowledge E2E, ISO 27001, EIFO-backed, NIS2-focused.
|
DK
Denmark
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid |
Public DPA
Sub-processors
Open source
|
→ |
|
German AGPLv3 open-source password manager (MaKleSoft, Bavaria), audited 3×, self-hostable, but hosted cloud uses Stripe + defunct Privacy Shield ref.
|
—
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€3 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
|
AGPLv3 Rust Bitwarden-compatible server by Daniel García (Spain), self-host-only, no company, no telemetry; EU-maintained, no CLOUD Act exposure when run on EU infrastructure.
|
—
Spain
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Free |
Public DPA
Sub-processors
Open source
|
→ |
|
GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.
|
—
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Free |
Public DPA
Sub-processors
Open source
|
→ |
|
Luxembourg-incorporated AGPLv3 open-source team password manager (Passbolt SA), SOC 2 Type II, self-hostable, used by LU/FR government.
|
BELVAUX · LU
Luxembourg
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
SOC 2
|
Freemium
€5 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
|
German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.
|
NUREMBERG · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€4 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.
| Feature | LC-Pass | Proton Pass | Psono | pCloud Pass | NordPass | Uniqkey | Padloc | Vaultwarden | KeePassXC | Passbolt | heylogin |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Passkeys | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | ||
| Autofill | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
| Breach monitoring | Yes | Yes | No | Yes | Yes | Yes | No | Yes | Yes | Yes | |
| Family sharing | No | Yes | Yes | Yes | Yes | No | Yes | Yes | No | Yes | No |
| Data export | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | ||
| Devices | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
| Platforms | Web | iOS macOS Windows Android Linux Web | iOS Android Web | iOS macOS Windows Android Linux Web | iOS macOS Windows Android Linux Web | iOS macOS Windows Android | iOS macOS Windows Android Linux Web | iOS macOS Windows Android Linux Web | macOS Windows Linux | iOS Android Windows Linux | iOS Android Windows macOS Web |
Listed for transparency. Every product on this page is benchmarked against this baseline.
Listed for transparency. Every product on this page is benchmarked against this baseline.
US-incorporated password manager, owned by GoTo (US PE: Francisco Partners + Elliott Management).
For every product we read the public DPA, sub-processors document, hosting region declaration, and corporate ownership records. Each is timestamped. Signals are editorial, re-verified quarterly. We never accept self-attestation.
Reviewed by the EU Vetted editorial team · Editorial guidelines