Skip to content
Independently verified · Quarterly re-audit
EU VETTED
Category 01 of 22

Password managers

In short

Password managers store and encrypt your credentials so you use one strong master password instead of many weak ones. For EU buyers, what decides it is where the encrypted vault is hosted and whether the operator is subject to CLOUD Act jurisdiction. Leading EU options on EU Vetted include Passbolt (Luxembourg, EU-owned, EU-hosted), Psono (Germany, EU-owned, EU-hosted), and Proton Pass (Switzerland, Swiss-owned, CLOUD Act exposure: None).

See password managers with zero US sub-processors →
About this category
About Password managers

Feature comparison

Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.

Feature heylogin KeePassXC Passbolt Proton Pass Vaultwarden LC-Pass Uniqkey NordPass Padloc pCloud Pass Psono
Passkeys No Yes No Yes Yes Yes Yes Yes Yes
Autofill Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Breach monitoring Yes Yes Yes Yes No Yes Yes Yes No Yes
Family sharing No No Yes Yes Yes No No Yes Yes Yes Yes
Data export Yes Yes Yes Yes Yes Yes Yes Yes Yes
Devices Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited
Platforms iOS Android Windows macOS Web macOS Windows Linux iOS Android Windows Linux iOS macOS Windows Android Linux Web iOS macOS Windows Android Linux Web Web iOS macOS Windows Android iOS macOS Windows Android Linux Web iOS macOS Windows Android Linux Web iOS macOS Windows Android Linux Web iOS Android Web
SWITCHING GUIDES

Switching from US password managers?

Side-by-side European alternatives (same hosting, ownership and CLOUD Act checks) for the US tools most often replaced in this category.

FAQ

Frequently asked questions

What is the best EU-hosted password manager?
Passbolt (Luxembourg), Psono (Germany), Vaultwarden (Spain), and KeePassXC (Germany) are all EU-owned and EU-hosted (CLOUD Act exposure: Passbolt None, Psono Material, Vaultwarden None, KeePassXC None). The right pick depends on your use case: Passbolt is built for teams and self-hosted or cloud deployment; Psono is geared toward enterprise with LDAP/SAML; KeePassXC is local-only with no cloud sync at all, which is the strongest posture for high-risk environments.
Is there a GDPR-compliant password manager?
Any password manager operated by an EU-incorporated company with EU-only infrastructure and a published DPA qualifies as GDPR-compliant in its processing role. Passbolt (Luxembourg) publishes a detailed DPA, and Psono (Germany) maintains a public sub-processor register. What counts as GDPR-compliant here is a documented practice, not a certificate; check each vendor's DPA and sub-processor list against your own requirements before relying on the label.
Does password-manager data fall under the US CLOUD Act?
If the password manager is operated or ultimately owned by a US-incorporated company, the CLOUD Act can in principle compel it to produce data it controls, regardless of where the vault is physically stored. EU-owned operators such as Passbolt (Luxembourg, CLOUD Act exposure: None), Psono (Germany, CLOUD Act exposure: Material), and Uniqkey (Denmark, CLOUD Act exposure: None) have no US parent company that can be compelled this way. That distinction tracks corporate ownership, not any specific legal demand that has or hasn't landed.
Are cloud-synced EU password managers safe to use?
The standard security architecture uses zero-knowledge end-to-end encryption: the vault is encrypted client-side before transmission, and the operator cannot read its contents. Passbolt, Psono, Proton Pass, and Filen (for file vaults) all use this model. In practice, safety depends on implementation quality, which is why independent audits matter more than self-reported claims. Check whether the vendor publishes third-party audit reports.
What is the difference between self-hosted and cloud-hosted password managers?
A self-hosted password manager runs on infrastructure you control: your own server or a private cloud account. You bear responsibility for uptime, backups, and updates, but you remove the operator as a third party with any access to your vault. Nextcloud-based setups, Vaultwarden, and Passbolt Community Edition all support self-hosting. Cloud-hosted managers trade that control for convenience and managed updates; the key question is then which jurisdiction and operator you are trusting.
Can a business use an EU password manager for team sharing?
Yes. Passbolt (Luxembourg) and Psono (Germany) are designed specifically for team and enterprise use, with role-based access control, LDAP/SAML integration, and audit logs. Uniqkey (Denmark) targets SMBs with an employee-facing onboarding flow. KeePassXC is a local-first option with no built-in sharing; team use requires a shared vault file over a file-sync service. For most B2B buyers, Passbolt or Psono are the starting points.
Does using a European password manager affect my existing logins?
No. Most password managers support import from common formats (CSV, 1Password, Bitwarden, LastPass). Migration typically takes under an hour for individual users and a few hours for a team. Browser extension coverage for Passbolt, Psono, and Proton Pass includes Chrome, Firefox, and Safari. The credential data stays yours; the migration process transfers it from one encrypted store to another.