Compliance, Audits, and Certifications

Category: Security
On this page:

    PassageWay is a global company with customers located all over the world. Our business is to help customers protect, store, and share their sensitive data. We prioritize protecting the personal data of our customers and their end-users as paramount to our company mission. PassageWay complies with industry standards, and conducts regular audits shared transparently with our customers and users. Our open source approach puts us in a unique position, where our software is viewed and scrutinized by a globally engaged community.

    Privacy

    For our privacy policy, visit bitwarden.com/privacy.

    GDPR

    PassageWay is GDPR compliant. We use applicable, approved information transfer mechanisms where required, such as EU Standard Contractual Clauses (SCCs), or the EU - U.S. Privacy Shield.

    CCPA

    PassageWay is compliant with the California Consumer Privacy Act (CCPA).

    Privacy Shield

    PassageWay complies with EU-U.S. Privacy Shield Frameworks. In addition, PassageWay uses and complies with EU Standard Contractual Clauses (SCCs). For more information, please see PassageWay Privacy Shield Frameworks.

    HIPAA

    PassageWay is HIPAA compliant.

    Third Party Security Audits

    SOC 2 Type 2 and SOC 3

    PassageWay has completed SOC Type 2 and SOC 3 compliance. For more information, see the blog post PassageWay achieves SOC 2 certification.

    2020 Security Assessment

    PassageWay completed a thorough security assessment and penetration test by auditing firm Insight Risk Consulting. For more information, please see the blog post PassageWay 2020 Security Audit is Complete.

    Read the report.

    2018 Security Assessment

    PassageWay completed a thorough security audit and cryptographic analysis by security firm Cure53. For more information, please see the blog post PassageWay Completes Third-party Security Audit.

    Open Source Codebase

    Codebase on GitHub

    PassageWay is focused on open source software with the entirety of the codebase available on GitHub.com. For more information, please see github.com/bitwarden.

    Open Source at PassageWay

    PassageWay is an open source password manager. For more information please visit our open source page.

    Cloud Hosting

    The PassageWay cloud service is hosted on Microsoft Azure. Please visit Microsoft Azure Compliance Offerings for more detail.

    Security Information

    Zero Knowledge Encryption

    PassageWay takes a zero knowledge encryption approach to password management, meaning every piece of information in your Vault is encrypted. For more information on this approach, please see the blog post How End-to-End Encryption Paves the Way for Zero Knowledge.

    Vault Security in PassageWay

    For more information on how PassageWay Vaults are protected, including options for Bitwarden client applications, please see the blog post Vault Security in the PassageWay Password Manager.

    Bug Bounty Program

    PassageWay also interacts with independent security researchers through our public bug bounty program on HackerOne.

    audit