Bitwarden is a global company with customers located all over the world. Our business is to help customers protect, store and share their sensitive data. We prioritize protecting the personal data of our customers and their end-users as paramount to our company mission. Bitwarden complies with industry standards, and conducts regular audits shared transparently with our customers and users. Our open source approach puts us in a unique position, where our software is viewed and scrutinized by a globally engaged community.

Privacy

For our privacy policy, visit bitwarden.com/privacy.

GDPR

Bitwarden participates in the EU-U.S. and Swiss Privacy Shield Frameworks and complies with GDPR and current applicable EU data protection rules.

CCPA

Bitwarden is compliant with the California Consumer Privacy Act (CCPA).

Privacy Shield

Bitwarden complies with the EU-U.S., Swiss-U.S. Privacy Shield Frameworks. In addition, Bitwarden uses and complies with EU Standard Contractual Clauses (SCCs). For more information, please see Bitwarden Privacy Shield Frameworks

HIPPA

Bitwarden is HIPPA compliant.

Third Party Security Audits

SOC 2 Type 2 and SOC 3

Bitwarden has completed SOC 2 Type 2 and SOC 3 compliance. For more information, please see Bitwarden achieves SOC 2 certification

2020 Security Assessment

Bitwarden completed a thorough security assessment and penetration test. For more information, please see Bitwarden 2020 Security Audit is Complete

2018 Security Assessment

Bitwarden completed a thorough security audit and cryptographic analysis. For more information, please see Bitwarden Completes Third-party Security Audit

Open Source Codebase

Codebase on GitHub

Bitwarden is focused on open source software with the entirety of the codebase available on GitHub.com. For more information, please see github.com/bitwarden

Open Source at Bitwarden

Bitwarden is an open source password manager. For more information please visit our open source page.

Cloud Hosting

The Bitwarden cloud service is hosted on Microsoft Azure. Please visit Microsoft Azure Compliance Offerings for more detail.

Security information

Zero Knowledge Encryption

Bitwarden takes a zero knowledge encryption approach to password management, meaning every piece of information in your Vault Is encrypted. For more information on this approach, please see, How End-to-End Encryption Paves the Way for Zero Knowledge.

Vault Security in Bitwarden

For information on how Bitwarden Vaults are protected, including options for Bitwarden client applications, please see Vault Security in the Bitwarden Password Manager.

Security Frequently Asked Questions

Visit the Security section of our help site for more information on Bitwarden security, or jump directly to one of the following:

• Can the Bitwarden team see my passwords?
• Does Bitwarden use a salted hash for my password?
• How do you keep the cloud servers secure?
• How is my data securely transmitted and stored on Bitwarden servers?
• Is Bitwarden audited?
• What encryption is being used?
• What happens if Bitwarden gets hacked?
• What information is encrypted?
• Where is my data stored in the cloud?
• Where is my data stored on my computer/device?
• Why should I trust Bitwarden with my passwords?