Bitwarden serves customers globally, helping them protect, store and share their sensitive data. Protecting customer data remains paramount to our company mission and Bitwarden complies with industry standards, conducting regular audits shared transparently with users. Through an open source approach, Bitwarden software is viewed and scrutinized by an engaged community around the world.


GDPR

Bitwarden complies with GDPR and current applicable EU data protection rules. In addition, Bitwarden uses and complies with EU Standard Contractual Clauses (SCCs).

See the Bitwarden Privacy Policy

Privacy Shield

Bitwarden complies with the EU-U.S., Swiss-U.S. Privacy Shield Frameworks.

Privacy Shield Framework

HIPAA

Bitwarden is officially HIPAA-compliant after receiving a HIPAA Security Rule Assessment Report from AuditOne in December 2020.

Bitwarden HIPAA Compliance

CCPA

Bitwarden is compliant with the California Consumer Privacy Act (CCPA).

Third Party Security Audits

SOC 2 Type 2 and SOC 3

Bitwarden has completed SOC 2 Type 2 and SOC 3 compliance.

Bitwarden achieves SOC 2 certification

2020 Security Assessment

Bitwarden completed a thorough security assessment and penetration test.

Bitwarden 2020 Security Audit

2018 Security Assessment

Bitwarden completed a thorough security audit and cryptographic analysis.

Bitwarden Completes 2018 Security Audit

Open Source Codebase

Codebase on GitHub

Bitwarden is focused on open source software with the entirety of the codebase available on GitHub.com. For more information, please see github.com/bitwarden

Open Source at Bitwarden

Bitwarden is an open source password manager. For more information please visit our open source page.

Industry Standards

Bitwarden is a member of the FIDO Alliance.

Independent Security Researcher Public Bug Bounty Program

Bitwarden partners with leading security researchers through HackerOne to improve our software. Read more about the bug bounty program

Cloud Hosting

The Bitwarden cloud service is hosted on Microsoft Azure. Please visit Microsoft Azure Compliance Offerings for more detail.

Security information

Zero Knowledge Encryption

Bitwarden takes a zero knowledge encryption approach to password management, meaning every piece of information in your Vault Is encrypted. For more information on this approach, please see, How End-to-End Encryption Paves the Way for Zero Knowledge.

Vault Security in Bitwarden

For information on how Bitwarden Vaults are protected, including options for Bitwarden client applications, please see Vault Security in the Bitwarden Password Manager.

Security Frequently Asked Questions

Visit the Security section of our help site for more information on Bitwarden security, or jump directly to one of the following: