Aller au contenu
Vérifié indépendamment · Ré-audit trimestriel
EU VETTED

Psono

VéRIFIé
Gestionnaires de mots de passe · Germany
Fondé en 2017 · psono.com ↗

German Apache-2.0 open-source team password manager (esaqa GmbH), self-hostable on EU infrastructure, Cure53-audited 2026, free up to 10 users.

En bref

Psono, dans la catégorie Gestionnaires de mots de passe, propose un hébergement dans l’UE avec Germany comme lieu d’hébergement, mais une maison mère ou un sous-traitant américain laisse une exposition matérielle au CLOUD Act.

Notes d’évaluation

Psono is an Apache-2.0 open-source team password manager developed by esaqa GmbH (Tiergartenstr. 13, 91247 Vorra, Germany; CEO Sascha Pfeiffer): fully self-hostable on the customer's own infrastructure, multi-level encryption (client-side + SSL + storage), SAML / LDAP / audit-log / compliance-policy features, free for up to 10 users on the business feature set, ISO 27001 certified (trust centre at trust.esaqa.com) with a public sub-processor register, and audited by Cure53 in 2026; for self-hosting buyers on EU infrastructure (Hetzner / OVHcloud / Scaleway) EU-owned, self-hosted, with no CLOUD Act exposure and structurally minimal vendor-counterparty risk. The hosted SaaS, however, runs on Google Cloud (Ireland) fronted by Cloudflare with US payment/support sub-processors (Stripe, Paddle, Sentry, Freshworks), so the directory rates default CLOUD Act exposure as material and reserves the clean posture for the self-hosted route.

CLOUD ACT
OWNERSHIP
SUB-PROCS
9 · 7 US
CLOUD Act selon le déploiement

L'exposition dépend de votre mode d'exploitation.

SaaS hébergé (par défaut)

Exploité par l'éditeur : les sous-traitants ci-dessous s'appliquent.

Auto-hébergé (open source)

Déployez sur votre propre infrastructure UE et vous contrôlez l'hébergement et chaque sous-traitant.

Signaux vérifiés
Juridiction
  • Hébergement UE / adéquation
  • Opérateur UE / adéquation
  • Aucune exposition au CLOUD Act
Transparence
  • DPA public
  • Sous-traitants divulgués
  • Clients open source
  • Certification tierce
JUMP TO
OVERVIEW

À propos de Psono

Psono is a German open-source team password manager built and operated by esaqa GmbH (Tiergartenstr. 13, 91247 Vorra, Germany; CEO Sascha Pfeiffer). The entire product, spanning server, web client, browser extensions, and mobile apps (Flutter), is published under the permissive Apache 2.0 licence and lives on GitHub. The product reports more than 2 million downloads and is engineered for the enterprise team-credentials use-case: SAML and LDAP single-sign-on, granular role-based access controls, audit logging, compliance policies (mandatory password complexity / rotation / 2FA), shared groups, recovery codes, and a YubiKey / FIDO2 / TOTP second-factor stack. Encryption is multi-layered: client-side encryption-at-rest, TLS in transit, and additional server-side storage encryption, so server operators (including Psono's own SaaS team) cannot read customer vaults.

For procurement-grade EU buyers Psono is one of the cleanest listings in this directory. The legal entity is a German GmbH with full HRB transparency, founder-controlled, no PE / VC / parent on record. Apache 2.0 licensing means there is no vendor lock-in (a customer can fork the codebase if Psono ever changes posture), and the 2026 Cure53 audit plus ISO 27001 certification (trust centre at trust.esaqa.com, with a publicly maintained sub-processor register) provide independent third-party validation of the security and compliance architecture, matching the standard set by Proton / Mullvad / IVPN in the VPN category. Self-hosting on EU infrastructure (Hetzner, OVHcloud, Scaleway, IONOS, STACKIT) gives an EU-owned, self-hosted posture with no CLOUD Act exposure and zero vendor-counterparty risk.

Pricing is freemium with an unusually generous free tier: all business features are free for up to 10 users, including SAML, LDAP, audit logs, and compliance policies, a tier that competitive open-source competitors (Bitwarden, Vaultwarden) gate behind paid plans. Paid tiers scale by user count and offer managed SaaS hosting for buyers who prefer not to self-host, though that hosted path runs on Google Cloud (Ireland) behind Cloudflare with US payment and support sub-processors, which is why the directory rates the default offering at material CLOUD Act exposure and treats self-hosting as the procurement-grade route. Apps for macOS, Windows, Linux, iOS, Android, plus Chrome / Firefox / Safari extensions, plus a Docker Hub-published server image for self-host. Best fit: German and EU SMBs and enterprises that need SAML/LDAP team-credentials management, regulated buyers needing audit-log compliance, and any procurement-grade buyer who wants the structural cleanliness of self-host plus Apache-2.0 open source.

SUB-PROCESSORS

Carte des sous-traitants · 9

Source ↗
  • Apple US
    United States

    Push notifications for iPhones and iPads

  • Cloudflare US
    United States

    DDoS protection, CDN and DNS

  • Freshworks Inc. US
    United States

    Ticketing to handle customer support requests

  • Google Cloud EMEA Limited US
    Ireland

    Hosting (servers, databases, network) for the managed SaaS; US-owned hyperscaler

  • Sentry Inc. US
    United States

    Error reporting

  • Stripe Inc. US
    United States

    Credit cards and payments

  • Brevo (Sendinblue) EU
    France

    Transactional email (registration, share, invoice) and email marketing

  • Paddle.com Inc. US
    United States

    Credit cards and payments (US-resident billing entity)

  • Scaleway, S.A.S EU
    France

    Hosting (servers, databases, network) for the managed SaaS

7 sous-traitants sur 9 sont incorporés aux États-Unis. Exposition au CLOUD Act applicable.
CERTIFICATIONS

Référentiels & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Matrice de fonctionnalités

Passkeys Oui
Remplissage auto Oui
Surveillance des fuites Oui
Partage familial Oui
Export des données Oui
Appareils Illimité
Plateformes iOS Android Web
INTéGRATION & ACCèS
REST API Yes
SSO (SAML / OIDC) Yes
CONFORMITé & GOUVERNANCE
Audit log Yes
Self-host / on-prem option Yes
PRICING

Tarifs & paliers

FREEMIUM
à partir de €0/mois
Voir la page tarifs ↗
PUBLIC DOCUMENTS

Documents publics

L'accessibilité du DPA n'est pas notée pour cette fiche. Les logiciels auto-hébergés ou locaux, les éditeurs qui ne sont pas sous-traitants, et les produits certifiés SecNumCloud, EUCS ou BSI C5 ne sont pas évalués sur l'accessibilité du DPA : voir Notre méthode.
  • Contrat de sous-traitance (DPA)
    — non évalué
    n/a
  • Liste des sous-traitants
    console.esaqa.com/subprocessor…
    Ouvrir ↗
  • Conditions d'utilisation
    psono.com/terms…
    Ouvrir ↗
ALTERNATIVES

Alternatives dans cette catégorie

heylogin
Germany · Fondé en 2021
SOUVERAIN UE

German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.

DPA public Sous-traitants Open source
FROM
€4/mois
CLOUD ACT
NONE
KeePassXC
Germany · Fondé en 2016
SOUVERAIN UE

GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
NONE
LC-Pass
Germany
SOUVERAIN UE

German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.

DPA public Sous-traitants Open source
FROM
€3.99/mois
CLOUD ACT
NONE