Aller au contenu
Vérifié indépendamment · Ré-audit trimestriel
EU VETTED

KeePassXC

VéRIFIé
Gestionnaires de mots de passe · Germany
Fondé en 2016 · keepassxc.org ↗

GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.

En bref

KeePassXC, dans la catégorie Gestionnaires de mots de passe, est un service sous contrôle européen avec Germany comme lieu d’hébergement et aucune exposition identifiée au CLOUD Act.

Notes d’évaluation

KeePassXC is a GPLv3 open-source, fully offline desktop password manager maintained by an unfunded international volunteer team (the KeePassXC Team, with core members based in Weimar, Germany; the project began in 2016 as a community fork of KeePassX). There is no cloud, no servers, no account, no telemetry, no data processing of any kind: the encrypted .kdbx database file lives entirely on the user's own devices, which makes CLOUD Act exposure structurally impossible; EU-maintained, open-source, with the strongest data-minimisation posture in the directory alongside Mullvad.

CLOUD ACT
OWNERSHIP
SUB-PROCS
non divulgué
Signaux vérifiés
Juridiction
  • Hébergement UE / adéquation
  • Opérateur UE / adéquation
  • Aucune exposition au CLOUD Act
Transparence
  • DPA public
  • Sous-traitants divulgués
  • Clients open source
  • Certification tierce
JUMP TO
OVERVIEW

À propos de KeePassXC

KeePassXC is a modern, secure, open-source password manager for Windows, macOS and Linux, maintained by the KeePassXC Team, an unfunded, international volunteer group with core members based in Weimar, Germany. The project began in 2016 as a community-driven fork of KeePassX (itself a cross-platform port of the original Windows-only KeePass), and is licensed under GPLv3 with the full source openly available on GitHub.

KeePassXC is the structurally cleanest listing in the password-manager category, for one simple reason: it is entirely offline. There is no cloud service, no servers, no online account, no subscription, no ads, and no telemetry. Passwords are stored in a locally encrypted .kdbx database file that the user controls completely. KeePassXC explicitly states "no data is stored on remote servers." Because there is no service-side data processing at all, there is no DPA, no sub-processors list, and no hosting country to audit, and CLOUD Act exposure is not merely "none" but structurally impossible. Sync, if the user wants it, is the user's own choice: they can place the .kdbx file on any storage they trust (a EU cloud-storage provider from this directory, a USB key, a self-hosted server), but that is a decision the user makes and controls, not something KeePassXC does.

The trade-off is that KeePassXC is a desktop application, not a service: there is no built-in cross-device sync, no team-sharing infrastructure, and no web client, features that hosted competitors (Proton Pass, NordPass, Uniqkey) provide out of the box. KeePassXC itself ships only desktop builds (Windows, macOS, Linux) and has no official mobile client, but its encrypted .kdbx database uses the open KeePass file format, which compatible third-party mobile apps can open (KeePassDX on Android, Strongbox and KeePassium on iOS), so the offline approach is not confined to the desktop. It does offer a robust feature set within its offline scope: strong AES/ChaCha20 encryption, a password generator, browser integration via the official browser extension, TOTP storage, SSH-agent integration, and Secret Service API support on Linux. The project is funded entirely by donations. Best fit: privacy-maximalist individuals and technically confident users who want absolute local control of their credentials with zero service dependency, and any procurement-grade buyer for whom "there is no vendor and no server" is the strongest possible answer to a sovereignty question.

SUB-PROCESSORS

Carte des sous-traitants · non divulgué

Auto-hébergé : pas de chaîne de sous-traitants éditeur. Ce logiciel n'a pas de service exploité par un éditeur ; en auto-hébergement, les données restent sur l'infrastructure contrôlée par l'opérateur et il n'y a pas de chaîne de sous-traitance éditeur à divulguer.
CERTIFICATIONS

Référentiels & certifications · aucune répertoriée

Nous avons vérifié le site de l'éditeur et les registres des organismes de certification. Aucune certification active trouvée à la date du dernier audit (2026-05-18).
FEATURES

Matrice de fonctionnalités

Passkeys Oui
Remplissage auto Oui
Surveillance des fuites Oui
Partage familial Non
Export des données Oui
Appareils Illimité
Plateformes macOS Windows Linux
INTéGRATION & ACCèS
REST API No
SSO (SAML / OIDC) No
CONFORMITé & GOUVERNANCE
Audit log No
Self-host / on-prem option Yes
PUBLIC DOCUMENTS

Documents publics

L'accessibilité du DPA n'est pas notée pour cette fiche. Les logiciels auto-hébergés ou locaux, les éditeurs qui ne sont pas sous-traitants, et les produits certifiés SecNumCloud, EUCS ou BSI C5 ne sont pas évalués sur l'accessibilité du DPA : voir Notre méthode.
  • Contrat de sous-traitance (DPA)
    — non évalué
    n/a
  • Liste des sous-traitants
    — sans objet
    n/a
ALTERNATIVES

Alternatives dans cette catégorie

heylogin
Germany · Fondé en 2021
SOUVERAIN UE

German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.

DPA public Sous-traitants Open source
FROM
€4/mois
CLOUD ACT
NONE
LC-Pass
Germany
SOUVERAIN UE

German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.

DPA public Sous-traitants Open source
FROM
€3.99/mois
CLOUD ACT
NONE
NordPass
Lithuania · Fondé en 2019
HéBERGé UE

Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.

DPA public Sous-traitants Open source
FROM
€2/mois
CLOUD ACT
MATERIAL