Zum Inhalt springen
Unabhängig verifiziert · Quartalsweises Re-Audit
EU VETTED

Psono

VERIFIZIERT
Passwort-Manager · Germany
Gegründet 2017 · psono.com ↗

German Apache-2.0 open-source team password manager (esaqa GmbH), self-hostable on EU infrastructure, Cure53-audited 2026, free up to 10 users.

Kurzfassung

Psono aus der Kategorie Passwort-Manager bietet EU-Hosting mit Germany als Hosting-Standort, doch ein US-Mutterkonzern oder Unterauftragsverarbeiter hinterlässt ein materielles CLOUD-Act-Risiko.

Bewertungsnotizen

Psono is an Apache-2.0 open-source team password manager developed by esaqa GmbH (Tiergartenstr. 13, 91247 Vorra, Germany; CEO Sascha Pfeiffer): fully self-hostable on the customer's own infrastructure, multi-level encryption (client-side + SSL + storage), SAML / LDAP / audit-log / compliance-policy features, free for up to 10 users on the business feature set, ISO 27001 certified (trust centre at trust.esaqa.com) with a public sub-processor register, and audited by Cure53 in 2026; for self-hosting buyers on EU infrastructure (Hetzner / OVHcloud / Scaleway) EU-owned, self-hosted, with no CLOUD Act exposure and structurally minimal vendor-counterparty risk. The hosted SaaS, however, runs on Google Cloud (Ireland) fronted by Cloudflare with US payment/support sub-processors (Stripe, Paddle, Sentry, Freshworks), so the directory rates default CLOUD Act exposure as material and reserves the clean posture for the self-hosted route.

CLOUD ACT
OWNERSHIP
SUB-PROCS
9 · 7 US
CLOUD Act je nach Betrieb

Die Exposition hängt davon ab, wie Sie dieses Produkt betreiben.

Gehostetes SaaS (Standard)

Anbieterbetrieben: die unten genannten Unterauftragsverarbeiter gelten.

Selbst gehostet (Open Source)

Auf eigener EU-Infrastruktur betreiben: Sie kontrollieren Hosting und jeden Unterauftragsverarbeiter.

Geprüfte Signale
Jurisdiktion
  • EU-/Angemessenheits-Hosting
  • EU-/Angemessenheits-Betreiber
  • Keine US-CLOUD-Act-Exposition
Transparenz
  • Öffentlicher AVV
  • Unterauftragsverarbeiter offengelegt
  • Open-Source-Clients
  • Zertifizierung durch Dritte
JUMP TO
OVERVIEW

Über Psono

Psono is a German open-source team password manager built and operated by esaqa GmbH (Tiergartenstr. 13, 91247 Vorra, Germany; CEO Sascha Pfeiffer). The entire product, spanning server, web client, browser extensions, and mobile apps (Flutter), is published under the permissive Apache 2.0 licence and lives on GitHub. The product reports more than 2 million downloads and is engineered for the enterprise team-credentials use-case: SAML and LDAP single-sign-on, granular role-based access controls, audit logging, compliance policies (mandatory password complexity / rotation / 2FA), shared groups, recovery codes, and a YubiKey / FIDO2 / TOTP second-factor stack. Encryption is multi-layered: client-side encryption-at-rest, TLS in transit, and additional server-side storage encryption, so server operators (including Psono's own SaaS team) cannot read customer vaults.

For procurement-grade EU buyers Psono is one of the cleanest listings in this directory. The legal entity is a German GmbH with full HRB transparency, founder-controlled, no PE / VC / parent on record. Apache 2.0 licensing means there is no vendor lock-in (a customer can fork the codebase if Psono ever changes posture), and the 2026 Cure53 audit plus ISO 27001 certification (trust centre at trust.esaqa.com, with a publicly maintained sub-processor register) provide independent third-party validation of the security and compliance architecture, matching the standard set by Proton / Mullvad / IVPN in the VPN category. Self-hosting on EU infrastructure (Hetzner, OVHcloud, Scaleway, IONOS, STACKIT) gives an EU-owned, self-hosted posture with no CLOUD Act exposure and zero vendor-counterparty risk.

Pricing is freemium with an unusually generous free tier: all business features are free for up to 10 users, including SAML, LDAP, audit logs, and compliance policies, a tier that competitive open-source competitors (Bitwarden, Vaultwarden) gate behind paid plans. Paid tiers scale by user count and offer managed SaaS hosting for buyers who prefer not to self-host, though that hosted path runs on Google Cloud (Ireland) behind Cloudflare with US payment and support sub-processors, which is why the directory rates the default offering at material CLOUD Act exposure and treats self-hosting as the procurement-grade route. Apps for macOS, Windows, Linux, iOS, Android, plus Chrome / Firefox / Safari extensions, plus a Docker Hub-published server image for self-host. Best fit: German and EU SMBs and enterprises that need SAML/LDAP team-credentials management, regulated buyers needing audit-log compliance, and any procurement-grade buyer who wants the structural cleanliness of self-host plus Apache-2.0 open source.

SUB-PROCESSORS

Unterauftragsverarbeiter-Karte · 9

Quelle ↗
  • Apple US
    United States

    Push notifications for iPhones and iPads

  • Cloudflare US
    United States

    DDoS protection, CDN and DNS

  • Freshworks Inc. US
    United States

    Ticketing to handle customer support requests

  • Google Cloud EMEA Limited US
    Ireland

    Hosting (servers, databases, network) for the managed SaaS; US-owned hyperscaler

  • Sentry Inc. US
    United States

    Error reporting

  • Stripe Inc. US
    United States

    Credit cards and payments

  • Brevo (Sendinblue) EU
    France

    Transactional email (registration, share, invoice) and email marketing

  • Paddle.com Inc. US
    United States

    Credit cards and payments (US-resident billing entity)

  • Scaleway, S.A.S EU
    France

    Hosting (servers, databases, network) for the managed SaaS

7 von 9 Unterauftragsverarbeitern sind in den USA registriert. CLOUD-Act-Risiko anwendbar.
CERTIFICATIONS

Rahmenwerke & Zertifizierungen

ISO/IEC 27001
AKTIV
FEATURES

Funktionsmatrix

Passkeys Ja
Autofill Ja
Leak-Überwachung Ja
Familienfreigabe Ja
Datenexport Ja
Geräte Unbegrenzt
Plattformen iOS Android Web
INTEGRATION & ZUGRIFF
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option Yes
PRICING

Preise & Tarife

FREEMIUM
ab €0/Monat
Preisseite ansehen ↗
PUBLIC DOCUMENTS

Öffentliche Dokumente

DSGVO-AVV-Zugänglichkeit wird für diesen Eintrag nicht bewertet. Selbst gehostete oder lokale Software, Anbieter, die keine Auftragsverarbeiter sind, und Produkte mit SecNumCloud-, EUCS- oder BSI-C5-Zertifizierung werden nicht auf DSGVO-AVV-Zugänglichkeit bewertet (siehe So prüfen wir).
  • Auftragsverarbeitungsvertrag (AVV)
    — nicht bewertet
    n/v
  • Liste der Unterauftragsverarbeiter
    console.esaqa.com/subprocessor…
    Öffnen ↗
  • Nutzungsbedingungen
    psono.com/terms…
    Öffnen ↗
ALTERNATIVES

Alternativen in dieser Kategorie

heylogin
Germany · Gegründet 2021
EU-SOUVERäN

German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.

Öffentl. AVV Subprozessoren Open Source
FROM
€4/Mt.
CLOUD ACT
NONE
KeePassXC
Germany · Gegründet 2016
EU-SOUVERäN

GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.

Öffentl. AVV Subprozessoren Open Source
FROM
CLOUD ACT
NONE
LC-Pass
Germany
EU-SOUVERäN

German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.

Öffentl. AVV Subprozessoren Open Source
FROM
€3.99/Mt.
CLOUD ACT
NONE