Bitwarden

Vault data is end-to-end encrypted and inaccessible to Bitwarden — a genuine architectural guarantee — but the service collects a broad set of administrative data, uses Google Analytics on both the website and the Bitwarden Service itself, and stores IP addresses, device identifiers, and behavioural data for analytics and marketing purposes.

Vault contents cannot be shared because Bitwarden cannot access them; personal data is not sold; but the policy relies heavily on 'legitimate interest' for secondary uses, subprocessors are linked rather than listed inline, data flows to Google via Analytics, and the company is bound by US government request obligations with no warrant canary.

Access, correction, and deletion rights are available by email request; California CCPA rights are formally addressed; material policy changes trigger email notification; but there is no named DPO, response timelines are vague ('in accordance with our legal obligations'), GDPR rights are not enumerated beyond Data Privacy Framework language, and the Google Analytics opt-out is a secondary link rather than a built-in control.

Open source code, independent security audits, and EU-U.S. Data Privacy Framework certification are meaningful commitments — but US jurisdiction under FTC oversight, Google Analytics in a security product, legitimate interest for user experience monitoring, and the absence of a warrant canary or transparency report represent structural tensions for a product handling credential security.