German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.
- FROM
- €4/Mt.
- CLOUD ACT
- NONE
Zusammenfassung aus Eigentümerschaft und CLOUD-Act-Risiko.
Luxembourg-incorporated AGPLv3 open-source team password manager (Passbolt SA), SOC 2 Type II, self-hostable, used by LU/FR government.
Passbolt aus der Kategorie Passwort-Manager ist ein EU-eigener Dienst mit Luxembourg als Hosting-Standort und ohne erkennbares CLOUD-Act-Risiko.
Passbolt SA (9 Avenue du Blues, L-4368 Belvaux, Luxembourg; incorporated 2017, concept since 2011) is a fully AGPLv3 open-source team password manager (even the paid Business tier is open source) built around OpenPGP end-to-end encryption, self-hostable by default with Cloud as a managed alternative, and audited by independent third parties several times a year with all reports public; SOC 2 Type II attested. Customer base includes the Luxembourg government IT body and France's Ministry of the Interior. Founder team active; investors are Luxembourg / EU (Luxinnovation, Scalefund, Yeast); €11M raised across 2020 (€3M) and 2024 (€8M); 30+ remote-first team. EU-owned, EU-hosted (Luxembourg), with no CLOUD Act exposure.
Wie stark Kundendaten US-Behörden nach dem CLOUD Act (Clarifying Lawful Overseas Use of Data Act) ausgesetzt sind.
Wo die letztliche Kontrolle über das Betreiberunternehmen liegt.
Passbolt is one of the cleanest open-source password-manager listings in this directory. The legal entity is Passbolt SA at 9 Avenue du Blues, L-4368 Belvaux, Luxembourg, incorporated as a formal company in 2017 after the concept originated within a Luxembourg digital agency in 2011. The product was conceived as a collaborative successor to KeePass, with a focus on team credentials sharing, RBAC, audit logging, and OpenPGP-based end-to-end encryption (1:1 keys per credential). Customer references include the Luxembourg government IT body and the French Ministry of the Interior. These are strong public-sector procurement signals that, combined with the open-source licensing, make Passbolt a natural fit for EU sovereign-procurement workflows.
Compliance and transparency posture is best-in-class. Both the Community (free) edition AND the paid Business + Enterprise editions are released under the GNU Affero General Public License v3 (AGPLv3). Buyers can fork the codebase, run audits internally, and never face vendor lock-in. The company commissions independent third-party audits multiple times per year with all reports public, including SOC 2 Type II attestation. Encryption is OpenPGP with 1:1 per-credential keys; no server operator (including Passbolt's own Cloud team) can decrypt customer vaults. Self-host deployment supports Docker, Kubernetes (Helm), and native installation on Ubuntu, Rocky Linux, and openSUSE. That gives full flexibility to run on Hetzner, OVHcloud, Scaleway, IONOS, STACKIT, or any other EU GPU / VPS infrastructure.
Pricing is open-source-friendly and procurement-grade. Community Edition is free under AGPLv3 with unlimited users, core feature set, browser extensions, API, role-based access, with community support only. Business is €4.50 per user per month billed annually (10-user minimum) and adds tags, LDAP provisioning, SSO (Microsoft, Google, OpenID), account recovery, audit logs, and a packaged VM appliance with next-business-day email support. Enterprise is custom with 4-hour SLA, white-glove migration, custom development, and disaster-recovery consulting. Non-profits qualify for special pricing. Best fit: EU public-sector buyers, regulated industries (finance, defence, healthcare), teams that need SAML / LDAP SSO with audit-log compliance, and any procurement-grade buyer who wants AGPLv3 source-availability plus SOC 2 Type II attestation on a Luxembourg-incorporated open-source vendor.
German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.
GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.
German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.