Padloc

Padloc is an open-source, end-to-end encrypted password manager developed by MaKleSoft, a German micro-company based at Meisenstr. 5 in Ansbach, Bavaria, with Martin Kleinschrodt as the contact person. It is the successor to the earlier "Padlock" project (which dates to around 2015) and was rebranded to Padloc around 2019. The product is published under the **GNU Affero General Public License (AGPLv3)**, with a commercial licence available for commercial use; self-hosting is free for personal use and non-profit organisations. Padloc states its data is end-to-end encrypted so neither MaKleSoft nor anyone else can read it, and the project advertises that it has been **audited by three independent groups of security experts**. For an EU-sovereignty audit, Padloc splits sharply into two products. The **self-hosted** path is excellent: AGPLv3 source on GitHub, a published security whitepaper, a German developer bound by GDPR, and full control of where the data lives — run on Hetzner, OVHcloud or Scaleway and it is effectively a 5/5 with no CLOUD Act exposure. The **hosted cloud** path is where the concerns sit. Padloc's public privacy policy still states that its third-party data processors "conform to the U.S.-E.U. Privacy Shield Framework" — a framework that the Court of Justice of the EU invalidated in the Schrems II ruling in July 2020. A privacy policy that has not been updated to reflect five-year-old case law is itself a red flag. The policy also names **Stripe** (US) as the payment processor and does not disclose the cloud hosting location or a full sub-processors list. On that basis the hosted product is treated as carrying material CLOUD Act exposure, and the compliance score is held at 3/5. Pricing is freemium: a Free $0 tier; Premium at $3.49/month ($34.90/year); Family at $5.95/month; Team at $3.49/user/month; Business at $6.99/user/month; Enterprise custom. Best fit: privacy-conscious individuals and teams who will **self-host** Padloc on EU infrastructure — that is the configuration that earns the listing. Buyers considering the hosted cloud version should weigh the outdated privacy policy and prefer Proton Pass, Passbolt or Psono until MaKleSoft updates its sub-processor and hosting disclosures.