Bitwarden Security and Compliance

Our commitment to security, privacy, and compliance with international standards

Protecting Customer Data

Bitwarden serves customers globally, helping them protect, store and share their sensitive data. Protecting customer data remains paramount to our company mission and Bitwarden complies with industry standards, conducting regular audits shared transparently with users. Through an open source approach, Bitwarden software is viewed and scrutinized by an engaged community around the world.



Bitwarden complies with GDPR and current applicable EU data protection rules. In addition, Bitwarden uses and complies with EU Standard Contractual Clauses (SCCs).

See the Bitwarden Privacy Policy
Privacy Shield Logo

Privacy Shield

Bitwarden complies with the EU-U.S., Swiss-U.S. Privacy Shield Frameworks.

HIPAA Compliant Logo


Bitwarden is officially HIPAA-compliant after receiving a HIPAA Security Rule Assessment Report from AuditOne in December 2020.



Bitwarden is compliant with the California Consumer Privacy Act (CCPA).

Third-party Security Audits

Bitwarden conducts comprehensive third-party security audits on an annual basis. These audits are conducted by notable security firms like Cure53 and Insight Risk Consulting and include source code assessments and penetration testing across Bitwarden IPs, servers, and web applications.

Annual Bitwarden Third-Party Security Audits

2023 Bitwarden Web App Security Assessment Report

2023 Bitwarden Desktop App Security Assessment Report

2023 Bitwarden Core App & Library Security Assessment Report

2023 Bitwarden Browser Extension Security Assessment Report

2023 Bitwarden Network Security Assessment Report

2022 Bitwarden Security Assessment Report

2022 Bitwarden Network Security Assessment Report

2021 Bitwarden Network Security Assessment Report

2021 Bitwarden Security Assessment Report

2020 Bitwarden Network Security Assessment Report

SOC 2 and 3 Reports

2023 SOC 3 Report

2022 SOC 3 Report

2021 SOC 3 Report

2020 SOC 3 Report

SOC 2 Reports available upon request

Open Source Codebase

Codebase on GitHub

Bitwarden is focused on open source software with the entirety of the codebase available on

Open Source at Bitwarden

Bitwarden is an open source password manager

Security Information & Resources

Industry Standards

Bitwarden is a member of the FIDO Alliance.

Independent Security Researcher Public Bug Bounty Program

Bitwarden partners with leading security researchers through HackerOne to improve the software.

Cloud Hosting

The Bitwarden cloud service is hosted on Microsoft Azure.

The Bitwarden Security & Compliance Program

Bitwarden is committed to ongoing investments to help you better understand how Bitwarden products and your data are secured and protected. For more information, read:

Zero Knowledge Encryption

Bitwarden takes a zero knowledge encryption approach to password management, meaning every piece of information in your Vault Is encrypted. For more information on this approach, please see:

Vault Security in Bitwarden

For information on how Bitwarden Vaults are protected, including options for Bitwarden client applications, please see:

Security FAQs

Visit the Security Section of our help site for more information on Bitwarden security, or jump directly to one of the following:

Have questions? We're here to help.

Contact us

© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here