Zum Inhalt springen
Unabhängig verifiziert · Quartalsweises Re-Audit
EU VETTED

KeePassXC

VERIFIZIERT
Passwort-Manager · Germany
Gegründet 2016 · keepassxc.org ↗

GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.

Kurzfassung

KeePassXC aus der Kategorie Passwort-Manager ist ein EU-eigener Dienst mit Germany als Hosting-Standort und ohne erkennbares CLOUD-Act-Risiko.

Bewertungsnotizen

KeePassXC is a GPLv3 open-source, fully offline desktop password manager maintained by an unfunded international volunteer team (the KeePassXC Team, with core members based in Weimar, Germany; the project began in 2016 as a community fork of KeePassX). There is no cloud, no servers, no account, no telemetry, no data processing of any kind: the encrypted .kdbx database file lives entirely on the user's own devices, which makes CLOUD Act exposure structurally impossible; EU-maintained, open-source, with the strongest data-minimisation posture in the directory alongside Mullvad.

CLOUD ACT
OWNERSHIP
SUB-PROCS
nicht offengelegt
Geprüfte Signale
Jurisdiktion
  • EU-/Angemessenheits-Hosting
  • EU-/Angemessenheits-Betreiber
  • Keine US-CLOUD-Act-Exposition
Transparenz
  • Öffentlicher AVV
  • Unterauftragsverarbeiter offengelegt
  • Open-Source-Clients
  • Zertifizierung durch Dritte
JUMP TO
OVERVIEW

Über KeePassXC

KeePassXC is a modern, secure, open-source password manager for Windows, macOS and Linux, maintained by the KeePassXC Team, an unfunded, international volunteer group with core members based in Weimar, Germany. The project began in 2016 as a community-driven fork of KeePassX (itself a cross-platform port of the original Windows-only KeePass), and is licensed under GPLv3 with the full source openly available on GitHub.

KeePassXC is the structurally cleanest listing in the password-manager category, for one simple reason: it is entirely offline. There is no cloud service, no servers, no online account, no subscription, no ads, and no telemetry. Passwords are stored in a locally encrypted .kdbx database file that the user controls completely. KeePassXC explicitly states "no data is stored on remote servers." Because there is no service-side data processing at all, there is no DPA, no sub-processors list, and no hosting country to audit, and CLOUD Act exposure is not merely "none" but structurally impossible. Sync, if the user wants it, is the user's own choice: they can place the .kdbx file on any storage they trust (a EU cloud-storage provider from this directory, a USB key, a self-hosted server), but that is a decision the user makes and controls, not something KeePassXC does.

The trade-off is that KeePassXC is a desktop application, not a service: there is no built-in cross-device sync, no team-sharing infrastructure, and no web client, features that hosted competitors (Proton Pass, NordPass, Uniqkey) provide out of the box. KeePassXC itself ships only desktop builds (Windows, macOS, Linux) and has no official mobile client, but its encrypted .kdbx database uses the open KeePass file format, which compatible third-party mobile apps can open (KeePassDX on Android, Strongbox and KeePassium on iOS), so the offline approach is not confined to the desktop. It does offer a robust feature set within its offline scope: strong AES/ChaCha20 encryption, a password generator, browser integration via the official browser extension, TOTP storage, SSH-agent integration, and Secret Service API support on Linux. The project is funded entirely by donations. Best fit: privacy-maximalist individuals and technically confident users who want absolute local control of their credentials with zero service dependency, and any procurement-grade buyer for whom "there is no vendor and no server" is the strongest possible answer to a sovereignty question.

SUB-PROCESSORS

Unterauftragsverarbeiter-Karte · nicht offengelegt

Selbst gehostet: keine Anbieter-Verarbeitungskette. Diese Software hat keinen anbieterbetriebenen Dienst; bei Selbsthosting bleiben die Daten auf der vom Betreiber kontrollierten Infrastruktur und es gibt keine offenzulegende Anbieter-Verarbeitungskette.
CERTIFICATIONS

Rahmenwerke & Zertifizierungen · keine gelistet

Wir haben die Website des Anbieters und die Register der Zertifizierungsstellen geprüft. Keine aktiven Zertifizierungen gefunden zum Zeitpunkt der letzten Prüfung (2026-05-18).
FEATURES

Funktionsmatrix

Passkeys Ja
Autofill Ja
Leak-Überwachung Ja
Familienfreigabe Nein
Datenexport Ja
Geräte Unbegrenzt
Plattformen macOS Windows Linux
INTEGRATION & ZUGRIFF
REST API No
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option Yes
PUBLIC DOCUMENTS

Öffentliche Dokumente

DSGVO-AVV-Zugänglichkeit wird für diesen Eintrag nicht bewertet. Selbst gehostete oder lokale Software, Anbieter, die keine Auftragsverarbeiter sind, und Produkte mit SecNumCloud-, EUCS- oder BSI-C5-Zertifizierung werden nicht auf DSGVO-AVV-Zugänglichkeit bewertet (siehe So prüfen wir).
  • Auftragsverarbeitungsvertrag (AVV)
    — nicht bewertet
    n/v
  • Liste der Unterauftragsverarbeiter
    — nicht zutreffend
    n/v
ALTERNATIVES

Alternativen in dieser Kategorie

heylogin
Germany · Gegründet 2021
EU-SOUVERäN

German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.

Öffentl. AVV Subprozessoren Open Source
FROM
€4/Mt.
CLOUD ACT
NONE
LC-Pass
Germany
EU-SOUVERäN

German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.

Öffentl. AVV Subprozessoren Open Source
FROM
€3.99/Mt.
CLOUD ACT
NONE
NordPass
Lithuania · Gegründet 2019
EU-GEHOSTET

Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.

Öffentl. AVV Subprozessoren Open Source
FROM
€2/Mt.
CLOUD ACT
MATERIAL