Password managers
Password managers store and encrypt your credentials so you use one strong master password instead of many weak ones. For EU buyers, what decides it is where the encrypted vault is hosted and whether the operator is subject to CLOUD Act jurisdiction. Leading EU options on EU Vetted include Passbolt (Luxembourg, EU-owned, EU-hosted), Psono (Germany, EU-owned, EU-hosted), and Proton Pass (Switzerland, Swiss-owned, CLOUD Act exposure: None).
About this category
About Password managers
Password managers are tools that generate, store, and autofill strong unique credentials for every account you use. Instead of remembering dozens of passwords or reusing weak ones, you secure a single master password that unlocks an encrypted local or cloud-synced vault. The category spans local-only tools (KeePassXC), cloud-synced individual managers (Proton Pass, pCloud Pass), and team or enterprise platforms (Passbolt, Psono, Uniqkey).
For EU buyers, the hosting jurisdiction and ownership structure matter in a specific way: a password manager handles credentials for every system your organisation uses. If the operator is a US-incorporated company, the consolidated group (including any EU subsidiary) falls within the reach of the US CLOUD Act, which can compel a company to produce data it controls regardless of where that data is stored. EU-owned operators such as Passbolt (Luxembourg, EU-owned, EU-hosted, CLOUD Act exposure: None), Psono (Germany, EU-owned, EU-hosted, CLOUD Act exposure: Material), and Uniqkey (Denmark, EU-owned, EU-hosted, CLOUD Act exposure: None) have no US parent company that can be compelled this way. Swiss-based operators like Proton Pass (Swiss-owned, EU-hosted, CLOUD Act exposure: None) operate under Swiss data-protection law, which differs from EU law but offers comparable or stronger privacy guarantees in practice.
Ownership signal and CLOUD Act exposure are the two facts worth checking first for a credential vault, since both are sourced from each vendor's published DPA and sub-processor list rather than from paid placement. A second, practical split separates individual vaults from team platforms: Passbolt, Psono, and Uniqkey build in role-based access and audit logs, while KeePassXC stays local-only with no sharing layer at all.
-
heyloginEU-SOVEREIGN
German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.
DE Public DPA Sub-processors Open source 0 sub-procs €4 /mo -
KeePassXCEU-SOVEREIGN
GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.
Public DPA Sub-processors Open source 0 sub-procs -
PassboltEU-SOVEREIGN
Luxembourg-incorporated AGPLv3 open-source team password manager (Passbolt SA), SOC 2 Type II, self-hostable, used by LU/FR government.
LU Public DPA Sub-processors Open source 0 sub-procs €5 /mo -
Proton PassEU-SOVEREIGN
Swiss zero-knowledge password manager (Proton AG / Proton Foundation), open-source apps + extensions, Cure53-audited, free unlimited tier.
CH Public DPA Sub-processors Open source 7 sub-procs · 4 US €2 /mo -
VaultwardenEU-SOVEREIGN
AGPLv3 Rust Bitwarden-compatible server by Daniel García (Spain), self-host-only, no company, no telemetry; EU-maintained, no CLOUD Act exposure when run on EU infrastructure.
Public DPA Sub-processors Open source 0 sub-procs -
LC-PassEU-SOVEREIGN
German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.
DE Public DPA Sub-processors Open source 0 sub-procs €3.99 /mo -
UniqkeyEU-SOVEREIGN
Danish business password & access manager (Uniqkey A/S, Copenhagen), Danish-hosted, zero-knowledge E2E, ISO 27001, EIFO-backed, NIS2-focused.
DK Public DPA Sub-processors Open source 0 sub-procs -
NordPassEU-HOSTED
Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.
Public DPA Sub-processors Open source 0 sub-procs €2 /mo -
PadlocEU-HOSTEDself-host EU-Sovereign
German AGPLv3 open-source password manager (MaKleSoft, Bavaria), audited 3×, self-hostable, but hosted cloud uses Stripe + defunct Privacy Shield ref.
Public DPA Sub-processors Open source 0 sub-procs €3 /mo -
pCloud PassEU-BASED
Swiss zero-knowledge password manager (pCloud AG, Baar), client-side AES-256, free single-device tier, Luxembourg or US data residency.
LU Public DPA Sub-processors Open source 0 sub-procs €30 /mo -
PsonoEU-HOSTEDself-host EU-Sovereign
German Apache-2.0 open-source team password manager (esaqa GmbH), self-hostable on EU infrastructure, Cure53-audited 2026, free up to 10 users.
DE Public DPA Sub-processors Open source 9 sub-procs · 7 US €0 /mo
| Compare | Sovereignty | Cert. | Pricing | Signals | Open | ||
|---|---|---|---|---|---|---|---|
|
German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.
|
NUREMBERG · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€4 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.
|
—
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Free |
Public DPA
Sub-processors
Open source
|
→ | |
|
Luxembourg-incorporated AGPLv3 open-source team password manager (Passbolt SA), SOC 2 Type II, self-hostable, used by LU/FR government.
|
BELVAUX · LU
Luxembourg
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
SOC 2
|
Freemium
€5 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Swiss zero-knowledge password manager (Proton AG / Proton Foundation), open-source apps + extensions, Cure53-audited, free unlimited tier.
|
GENEVA · CH
Switzerland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€2 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
AGPLv3 Rust Bitwarden-compatible server by Daniel García (Spain), self-host-only, no company, no telemetry; EU-maintained, no CLOUD Act exposure when run on EU infrastructure.
|
—
Spain
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Free |
Public DPA
Sub-processors
Open source
|
→ | |
|
German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.
|
FRANKFURT · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid
€3.99 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Danish business password & access manager (Uniqkey A/S, Copenhagen), Danish-hosted, zero-knowledge E2E, ISO 27001, EIFO-backed, NIS2-focused.
|
DK
Denmark
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid |
Public DPA
Sub-processors
Open source
|
→ | |
|
Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.
|
—
Lithuania
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
SOC 2
|
Freemium
€2 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
German AGPLv3 open-source password manager (MaKleSoft, Bavaria), audited 3×, self-hostable, but hosted cloud uses Stripe + defunct Privacy Shield ref.
|
—
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€3 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Swiss zero-knowledge password manager (pCloud AG, Baar), client-side AES-256, free single-device tier, Luxembourg or US data residency.
|
LU
Luxembourg
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€30 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
German Apache-2.0 open-source team password manager (esaqa GmbH), self-hostable on EU infrastructure, Cure53-audited 2026, free up to 10 users.
|
DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€0 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
Feature comparison
Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.
| Feature | heylogin | KeePassXC | Passbolt | Proton Pass | Vaultwarden | LC-Pass | Uniqkey | NordPass | Padloc | pCloud Pass | Psono |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Passkeys | No | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | ||
| Autofill | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
| Breach monitoring | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | No | Yes | |
| Family sharing | No | No | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
| Data export | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | ||
| Devices | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
| Platforms | iOS Android Windows macOS Web | macOS Windows Linux | iOS Android Windows Linux | iOS macOS Windows Android Linux Web | iOS macOS Windows Android Linux Web | Web | iOS macOS Windows Android | iOS macOS Windows Android Linux Web | iOS macOS Windows Android Linux Web | iOS macOS Windows Android Linux Web | iOS Android Web |
Switching from US password managers?
Side-by-side European alternatives (same hosting, ownership and CLOUD Act checks) for the US tools most often replaced in this category.