KeePassXC

VERIFIED

Password managers · Germany

Founded 2016 · keepassxc.org ↗

GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016) — no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.

Why this score?

KeePassXC is a GPLv3 open-source, fully offline desktop password manager maintained by an unfunded international volunteer team (the KeePassXC Team, with core members based in Weimar, Germany; the project began in 2016 as a community fork of KeePassX) — there is no cloud, no servers, no account, no telemetry, no data processing of any kind: the encrypted .kdbx database file lives entirely on the user's own devices — which makes CLOUD Act exposure structurally impossible and earns a clean 5/5, the strongest data-minimisation posture in the directory alongside Mullvad.

SCORE: 5.0/5
CLOUD ACT
OWNERSHIP
SUB-PROCS: — not disclosed

Visit site ↗

Compare alternatives →

Verified

Last audit: 2026-05-18
Next audit: 2026-08-18
Methodology: v2026.05 ↗

JUMP TO

OVERVIEW

About KeePassXC

KeePassXC is a modern, secure, open-source password manager for Windows, macOS and Linux, maintained by the KeePassXC Team — an unfunded, international volunteer group with core members based in Weimar, Germany. The project began in 2016 as a community-driven fork of KeePassX (itself a cross-platform port of the original Windows-only KeePass), and is licensed under **GPLv3** with the full source openly available on GitHub. KeePassXC is the structurally cleanest listing in the password-manager category, for one simple reason: it is **entirely offline**. There is no cloud service, no servers, no online account, no subscription, no ads, and no telemetry. Passwords are stored in a locally encrypted .kdbx database file that the user controls completely — KeePassXC explicitly states "no data is stored on remote servers." Because there is no service-side data processing at all, there is no DPA, no sub-processors list, and no hosting country to audit — and CLOUD Act exposure is not merely "none" but structurally impossible. Sync, if the user wants it, is the user's own choice: they can place the .kdbx file on any storage they trust (a EU cloud-storage provider from this directory, a USB key, a self-hosted server) — but that is a decision the user makes and controls, not something KeePassXC does. The trade-off is that KeePassXC is a desktop application, not a service: there is no built-in cross-device sync, no team-sharing infrastructure, and no web client — features that hosted competitors (Proton Pass, NordPass, Uniqkey) provide out of the box. It does offer a robust feature set within its offline scope: strong AES/ChaCha20 encryption, a password generator, browser integration via the official browser extension, TOTP storage, SSH-agent integration, and Secret Service API support on Linux. The project is funded entirely by donations. Best fit: privacy-maximalist individuals and technically confident users who want absolute local control of their credentials with zero service dependency — and any procurement-grade buyer for whom "there is no vendor and no server" is the strongest possible answer to a sovereignty question.

SUB-PROCESSORS

Sub-processor map · not disclosed

Self-hosted — no vendor sub-processor chain. This software has no vendor-operated service; when self-hosted, data stays on infrastructure the operator controls and there is no vendor processing chain to disclose.

CERTIFICATIONS

Frameworks & certifications · none listed

We checked the vendor's website and standard certification body registries. No active certifications found at the time of last audit (2026-05-18).

FEATURES

Capability matrix

INTEGRATION & ACCESS

REST API

SSO (SAML / OIDC)

COMPLIANCE & GOVERNANCE

Audit log

Self-host / on-prem option

PUBLIC DOCUMENTS

Public documents

DPA accessibility is not scored for this listing. Self-hosted or local software, vendors that are not data processors, and products carrying a SecNumCloud, EUCS or BSI C5 certification are not assessed on DPA accessibility — see How we score.