PersonalBusinessDownloadPricingHelpBlogContact
Get Started
Log In
PersonalBusinessDownloadPricingHelpBlogContactBusiness SalesGet StartedLog In

Compliance, Audits, and Certifications

Bitwarden is a global company with customers located all over the world. Our business is to help customers protect, store, and share their sensitive data. We prioritize protecting the personal data of our customers and their end-users as paramount to our company mission. Bitwarden complies with industry standards, and conducts regular audits shared transparently with our customers and users. Our open source approach puts us in a unique position, where our software is viewed and scrutinized by a globally engaged community.

Privacy

For our privacy policy, visit bitwarden.com/privacy.

GDPR

Bitwarden is GDPR compliant. We use applicable, approved information transfer mechanisms where required, such as EU Standard Contractual Clauses (SCCs), or the EU - U.S. Privacy Shield.

Bitwarden uses Standard Contractual Clauses pursuant to Regulation (EU) 2016/679 of the European Parliament and the Council approved by European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as currently set out at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

CCPA

Bitwarden is compliant with the California Consumer Privacy Act (CCPA).

Privacy Shield

Bitwarden complies with EU-U.S. Privacy Shield Frameworks. In addition, Bitwarden uses and complies with EU Standard Contractual Clauses (SCCs). For more information, please see Bitwarden Privacy Shield Frameworks.

HIPAA

Bitwarden is HIPAA compliant.

Third Party Security Audits

SOC 2 Type 2 and SOC 3

Bitwarden has completed SOC Type 2 and SOC 3 compliance. For more information, see the blog post Bitwarden achieves SOC 2 certification.

2021 Security Assessment

Bitwarden completed a thorough security assessment and penetration test by auditing firm Insight Risk Consulting.

Read the report.

2020 Security Assessment

Bitwarden completed a thorough security assessment and penetration test by auditing firm Insight Risk Consulting. For more information, please see the blog post Bitwarden 2020 Security Audit is Complete.

Read the report.

2018 Security Assessment

Bitwarden completed a thorough security audit and cryptographic analysis by security firm Cure53. For more information, please see the blog post Bitwarden Completes Third-party Security Audit.

Open Source Codebase

Codebase on GitHub

Bitwarden is focused on open source software with the entirety of the codebase available on github.com. See our codebase at github.com/bitwarden, or learn more on our open source page.

Licensing

Source code in Bitwarden repositories are covered by one of two licenses, the GNU Affero General Public License (AGPL) v3.0 and the Bitwarden License v1.0. Refer to these links to learn more about what is included in and permitted by each license.

Cloud Hosting

The Bitwarden cloud service is hosted on Microsoft Azure. Please visit Microsoft Azure Compliance Offerings for more detail.

Security Information

Zero Knowledge Encryption

Bitwarden takes a zero knowledge encryption approach to password management, meaning every piece of information in your Vault is encrypted. For more information on this approach, please see the blog post How End-to-End Encryption Paves the Way for Zero Knowledge.

Vault Security in Bitwarden

For more information on how Bitwarden Vaults are protected, including options for Bitwarden client applications, please see the blog post Vault Security in the Bitwarden Password Manager.

Bug Bounty Program

Bitwarden also interacts with independent security researchers through our public bug bounty program on HackerOne.


Language

Products

Resources

  • Resource Center
  • Community Forums
  • Security Compliance
  • Success Stories
  • User Reviews
  • Newsfeed
  • Subscribe to Updates
©2022 Bitwarden, Inc.
Terms Privacy Sitemap