Questions about GPDR in Bitwarden

Hello guys,

I’ve been using Bitwarden for a long time and would like someone from the community to help. I would like a partial or total answer to a technical question related to the GPDR and how to use the Bitwarden password manager in the best way. Maybe this help me better understand some technical questions I have at the moment.

My doubts are these:

  1. Is Bitwarden GDPR compliant in legal terms? If Is Bitwarden GDPR compliant in legal terms, where can I find information related to Data Residency or Data Sovereignty on the Bitwarden website?
  2. Where is data stored on Bitwarden?
  3. How is this data stored?
  4. What encryption is used?
1 Like

You bring up some interesting reading and its very thought provocative. However; regardless of the answer you can relax while using BitWarden. Why?

Your vault data “glob” is in fact stored on Microsoft Azure cloud. ONLY you have the ability to gain plain text access to it at all times. The software is written in “Zero Knowledge” mathematics so that it is never unencrypted except on your device using YOUR password and the algo/hash you select. The latest hashing option (arguably the better) uses argon2id and with a strong password nobody is going to break in and see anything. I know this doesn’t give you a crystal answer to your question but it should abate concerns about your data security.

ps. at the device level I use LUKS2 and they are encrypted beyond belief. In the US I have the right to refuse entering a password ---- at least in theory.

2 Likes

Bitwarden claims to be compliant. They also maintain a document describing how their security works.

1 Like