KeePassXC

KeePassXC is a modern, secure, open-source password manager for Windows, macOS and Linux, maintained by the KeePassXC Team — an unfunded, international volunteer group with core members based in Weimar, Germany. The project began in 2016 as a community-driven fork of KeePassX (itself a cross-platform port of the original Windows-only KeePass), and is licensed under **GPLv3** with the full source openly available on GitHub. KeePassXC is the structurally cleanest listing in the password-manager category, for one simple reason: it is **entirely offline**. There is no cloud service, no servers, no online account, no subscription, no ads, and no telemetry. Passwords are stored in a locally encrypted .kdbx database file that the user controls completely — KeePassXC explicitly states "no data is stored on remote servers." Because there is no service-side data processing at all, there is no DPA, no sub-processors list, and no hosting country to audit — and CLOUD Act exposure is not merely "none" but structurally impossible. Sync, if the user wants it, is the user's own choice: they can place the .kdbx file on any storage they trust (a EU cloud-storage provider from this directory, a USB key, a self-hosted server) — but that is a decision the user makes and controls, not something KeePassXC does. The trade-off is that KeePassXC is a desktop application, not a service: there is no built-in cross-device sync, no team-sharing infrastructure, and no web client — features that hosted competitors (Proton Pass, NordPass, Uniqkey) provide out of the box. It does offer a robust feature set within its offline scope: strong AES/ChaCha20 encryption, a password generator, browser integration via the official browser extension, TOTP storage, SSH-agent integration, and Secret Service API support on Linux. The project is funded entirely by donations. Best fit: privacy-maximalist individuals and technically confident users who want absolute local control of their credentials with zero service dependency — and any procurement-grade buyer for whom "there is no vendor and no server" is the strongest possible answer to a sovereignty question.