Bitwarden Security and Compliance

Our commitment to security, privacy, and compliance with international standards
Pixel image

Protecting Customer Data

Bitwarden serves customers globally, helping them protect, store and share their sensitive data. Protecting customer data remains paramount to our company mission and Bitwarden complies with industry standards, conducting regular audits shared transparently with users. Through an open source approach, Bitwarden software is viewed and scrutinized by an engaged community around the world.

GDPR

GDPR

Bitwarden complies with GDPR and current applicable EU data protection rules. In addition, Bitwarden uses and complies with EU Standard Contractual Clauses (SCCs).

See the Bitwarden Privacy Policy
Shield

Privacy Shield

Bitwarden complies with the EU-U.S., Swiss-U.S. Privacy Shield Frameworks.

Privacy Shield Framework
HIPAA

HIPAA

Bitwarden is officially HIPAA-compliant after receiving a HIPAA Security Rule Assessment Report from AuditOne in December 2020.

Bitwarden HIPAA Compliance
CCPA

CCPA

Bitwarden is compliant with the California Consumer Privacy Act (CCPA).

Third-party Security Audits

2022 SOC 3 Report

Read the PDF Report

2021 Bitwarden Network Security Assessment Report

Read the PDF Report

2021 Bitwarden Security Assessment

Read the PDF Report

2021 SOC 3 Report

Read the PDF Report

2020-2021 SOC 2 Type II

Read the blog post

2020 Bitwarden Network Security Assessment Report

Read the PDF Report

2020 SOC 3 Report

Read the PDF Report

2018 Security Assessment Report

Read the PDF Report

Open Source Codebase

Codebase on GitHub

Bitwarden is focused on open source software with the entirety of the codebase available on GitHub.com.

github.com/bitwarden

Open Source at Bitwarden

Bitwarden is an open source password manager.

Open Source Page

Security Information & Resources

Industry Standards

Bitwarden is a member of the FIDO Alliance.

FIDO Alliance

Independent Security Researcher Public Bug Bounty Program

Bitwarden partners with leading security researchers through HackerOne to improve our software.

Bug Bounty Program

Cloud Hosting

The Bitwarden cloud service is hosted on Microsoft Azure.

Microsoft Azure Compliance Offerings

The Bitwarden Security & Compliance Program

Bitwarden is committed to ongoing investments to help you better understand how Bitwarden products and your data are secured and protected. For more information, read:

The Bitwarden Security Whitepaper

Zero Knowledge Encryption

Bitwarden takes a zero knowledge encryption approach to password management, meaning every piece of information in your Vault Is encrypted. For more information on this approach, please see:

How End-to-End Encryption Paves the Way for Zero Knowledge

Vault Security in Bitwarden

For information on how Bitwarden Vaults are protected, including options for Bitwarden client applications, please see:

Vault Security in the Bitwarden Password Manager

Security FAQs

Visit the Security section of our help site for more information on Bitwarden security, or jump directly to one of the following:

Can the Bitwarden team see my passwords?
Does Bitwarden use a salted hash for my password?
How do you keep the cloud servers secure?
How is my data securely transmitted and stored on Bitwarden servers?
Is Bitwarden audited?
What encryption is being used?
What happens if Bitwarden gets hacked?
What information is encrypted?
Where is my data stored in the cloud?
Where is my data stored on my computer/device?
Why should I trust Bitwarden with my passwords?

Have questions? We're here to help.

Additional Resources

Read Our Blog

Read Our Blog

Help Center

Help Center

Resources and Events

Resources and Events

Language
© 2022 Bitwarden, Inc.
TermsPrivacySitemap