EU Alts

Passbolt

Open-source team password manager — a Luxembourg alternative to 1Password Teams.

WebsiteBack to list

Overview

Passbolt is a Luxembourg City, Luxembourg-based European company building open source, password manager, privacy, and security software since 2016. As an EU-headquartered provider, Passbolt operates under GDPR and is outside the reach of the US CLOUD Act, making it a privacy-friendly alternative to well-known US incumbents for European teams.

Why European teams pick Passbolt

Teams in Europe pick Passbolt when they want a open source provider that bills in EUR, supports their local data-protection officer requirements, and keeps customer data under Luxembourg law, operating since 2016. Compared with well-known US incumbents, Passbolt avoids cross-border data transfers under Schrems II and the US CLOUD Act, which is often the deciding factor for European procurement and legal teams.

See more EU open source tools or browse other startups from Luxembourg.

About

Passbolt is a Luxembourg-based open-source password manager designed specifically for teams and organisations. Passwords are end-to-end encrypted using OpenPGP — only the intended recipients can decrypt credentials — and all encryption and decryption happens in the browser, so the server never sees plaintext passwords. Passbolt is self-hostable on any EU server (a free Community Edition is available under AGPL) or available as a managed cloud service hosted in the EU. It integrates with LDAP/Active Directory for enterprise user provisioning and supports fine-grained access control for sharing credentials across teams and departments. Passbolt is widely used by EU public sector organisations, engineering teams, and businesses that need a SOC 2 and GDPR-compliant credential management solution.

Details

Founded
2016
Headquarters
Luxembourg City, Luxembourg

Categories

Other EU startups like Passbolt

  • FormVaultNorway GDPR-compliant form builder with end-to-end encryption (AES-256-GCM), EU data residency, and a submission dashboard. No cookie banners needed.
  • PocketbaseBulgaria Open-source backend in a single file — a European alternative to Firebase.
  • NocoDBGermany Open-source Airtable alternative that turns databases into smart spreadsheets.
  • BaserowNetherlands Open-source no-code database and Airtable alternative — built in the Netherlands.
  • PortainerNew Zealand Container management UI for Docker and Kubernetes — a New Zealand/European alternative to Rancher.
  • NetdataGreece Open-source real-time infrastructure monitoring — an alternative to Datadog.

Frequently asked questions

What is Passbolt?

Passbolt is a Luxembourg-based open-source password manager designed specifically for teams and organisations. Passwords are end-to-end encrypted using OpenPGP — only the intended recipients can decrypt credentials — and all encryption and decryption happens in the browser, so the server never sees plaintext passwords. Passbolt is self-hostable on any EU server (a free Community Edition is available under AGPL) or available as a managed cloud service hosted in the EU. It integrates with LDAP/Active Directory for enterprise user provisioning and supports fine-grained access control for sharing credentials across teams and departments. Passbolt is widely used by EU public sector organisations, engineering teams, and businesses that need a SOC 2 and GDPR-compliant credential management solution.

What does Passbolt do?

Passbolt is open-source team password manager — a luxembourg alternative to 1password teams. It is listed under open source, password manager, privacy, and security on EU Alts because its core functionality serves teams looking for a European open source tool with EU data residency, typically as a switch away from well-known US incumbents.

Is Passbolt a good European open source alternative?

Passbolt is a fit for European businesses evaluating open source options where data residency and GDPR alignment matter — typical buyers include EU-based SaaS teams, public-sector projects, regulated industries (healthcare, finance, legal), and any organisation that needs to demonstrate that customer data does not leave the EU. It also overlaps with password manager and privacy use cases.

Is Passbolt GDPR compliant?

Passbolt is headquartered in Luxembourg City, Luxembourg and falls under EU jurisdiction, so it processes user data under the GDPR by default. Customer data processing is supervised by Luxembourg's data protection authority, the Commission nationale pour la protection des données (CNPD). Because the company is not US-incorporated, it is not subject to the US CLOUD Act — meaning US authorities cannot compel Passbolt to disclose customer data the way they can with well-known US incumbents. For European buyers, that often simplifies DPIA paperwork and standard contractual clauses.

How do teams switch from well-known US incumbents to Passbolt?

Most teams move to Passbolt from well-known US incumbents because they want EU data residency without giving up the core open source workflow. Passbolt's Luxembourg base means a single jurisdiction for both the company and (typically) its hosting infrastructure, so you can drop Schrems II transfer impact assessments for this part of your stack. Plan the migration in stages: export your data from the US incumbent, pilot Passbolt with a small team, then move the rest once the integration coverage you need is confirmed.

Where is Passbolt based?

Passbolt is headquartered in Luxembourg City, Luxembourg. The company was founded in 2016. Its main website is https://www.passbolt.com.