TL;DR: We do our best to respect your privacy!

Website Privacy Policy

This website, "" and any subdomains such as "" (collectively referred to as the "Site") is owned and operated by Passbolt SA ("we", "us" or "Passbolt"). By using and accessing our Site, you ("you", "user" or, "end user") agree to the terms of our Privacy Policy (collectively, the "privacy policy").

This Privacy Policy is effective with respect to any data that we’ve collected, or collect, about and/or from you on the Website, according to our Website Terms of Service.


We define ‘Personal Information’ (which refers with no exception to, "your information", "personal information") in the following manner:

Any information that you provide to us about yourself while using the service that could help someone else identify you as an individual entity. This may include information such as your name, phone number, location, IP address, system locale and preferences, picture, public key information, etc.

We define the following subdomain of the Website "" as “Demo Site”. We define the following sub domain as "Forum" or "Community Forum".

We define as "Products" Passbolt downloadable Software products, such as Passbolt web extension or API server.

Do you have a question about this privacy policy? Get in touch!

contact us

Collected Personal Information

Here is a summary of the personal data we collect for each services. All of these services are optional, for example when you may use the Demo Site and not sign up for the community forum.


We use collect information about your usage of the Site, such as which page you visited, how long you stayed on the Site, etc. It is possible for you to opt-out of this analytics tracking by enabling your browser's " Do Not Track" preference.


We collect your name, email and IP address as part of the newsletter signup process. This information is required to be able to get in touch with you and for security purposes such as spam and abuse detection.

Demo Site

On the Demo Site we collect personal information such as your name, email, and information about your usage, such as when you triggered a system error, etc.

The Demo Site is organized by domains in the form of Users signed up on a given domain are capable of viewing other users email addresses and names. This is needed to provide functionalities such as sharing passwords and organizing users by groups.

Community Forum data

On the Community Forum we collects personal information such as your email and IP address, the kind of browser or computer you use, number of links you click within the site, state or country from which you accessed the site, the date and time of your visit, the name of your Internet service provider, the web page you linked to our site from, pages you viewed on the forum. This information is needed to enhance your experience as well as allow automated moderation and spam prevention.

See discourse privacy policy for more information.

Payment and billing data

We collect personal information such as your email, name, address, VAT information, preferred payment channel, etc. when you purchase a subscription or service with Passbolt SA.

We do not collect directly your credit card information, this information is collected in a secure iframe and processed securely directly by the third party services involved such as our payment gateway and your bank.


We may collect personal information about you and your usage of passbolt as part of voluntary surveys you participate in. Surveys may request personal information such as your name, email, phone number, organization name, etc.

Cookies and Tracking


A cookie is information stored on your computer by a website you visit. This Site use cookies for two purposes:

  • Sessions, e.g. to provide you with the functionality that keeps you logged in or to make sure your preferences are carried forward.
  • For analytics (see next section). We do not use cookies to track you on third party sites.


We use Google Analytics to collect information about your usage of the Site. This service may store a cookie to identify which page you visited, how long you stayed on the Site, etc.

Demo Site application session

The Demo Site uses cookies to be able to tell if you are logged in or if an authentication is required.

Community Forum session cookie

The Community Forum uses cookies to be able to tell if you are logged in or not as well to allow you to personalize your user experience.

Payment and billing session cookie

We may may use cookies in order to be able to process your purchase order as part of the payment and billing process.

Cookie and Tracking (Summary)

Respect "Do Not Track"

No tracking on 3rd party sites

Social buttons

To protect you from third party tracking, we do not include any third party javascript application such as “facebook like” buttons on this Site.

Cookie and Tracking (Summary)

No 'social button' tracking

Our use of your personal information

We may use your personal information only for one or more of the following purposes:

To give you access to the Products or Service. For example, if you register to the demo section of the Site we may send you a link by email to activate your account. For example if you subscribe to Passbolt Pro Edition we will send you an email with instructions on how to get started.

To notify you about any activity within the Service. For example if you are using the demo section of the Site and if another user shares a password with you, we may send you an email notification.

To provide you with support. For example, if you leave your personal information by email or the Forum, we may contact you back to help you solve your issues or answer your questions.

To promote our services. For example, if we think you might benefit from using another Products or Service we offer, or if we think an information about a change in the current Service is relevant for you, we may contact you to tell you about it.

To bill and collect money owed to us. This includes communications with regards to invoices, receipts, payment statuses and processing issues.

Disclosure of personal information

We may disclose your Personal Information for one or more of the following purposes:

To provide you with the Service. For example, if you register on the Demo Site other people will be able to see the email address and name you used to register and will be able to share information with you.

To meet legal requirements. In the event we are to comply with court orders and valid subpoenas or to defend a court, arbitration, or similar proceeding.

To provide information to representatives and advisors. These include engineers, attorneys and accountants, who help us comply with legal, accounting, or security requirements.

To transfer your information in the case of a sale, merger, consolidation, or acquisition, any acquirer will be subject to our obligations under this privacy policy, including your rights to edit and delete your personal data. We will notify you of the change either by sending you an email or posting a notice on our Web site, so that you can opt-out if you wish to do so.

Use of data summary

Limited use of personal data

3rd Party Access

We will not give, sell, rent or loan any personal information to any third party. The following third parties may have access to your personal data under certain conditions.


Our organization is registered in Luxembourg. We are therefore subject to luxembourgish and european legislative texts on data protection and privacy.

Our organization relies on services (such as hosting, help desk and newsletters) provided by companies registered in the USA. They are obliged to provide access to notices pursuant to judicial, regulatory or other governmental orders or requests valid in USA.

Hosting provider

We primarily use Google Cloud Platform to host our websites.
See GCP Data Processing and Security Terms.

We also use Amazon Web Services to host the demo website.
See AWS GDPR center and Service Terms.


We use Google Recaptcha (with remoteip unset) to protect signup forms against spam and other types of automated abuse.
See Google privacy policy.

Newsletter provider

We use Mailchimp to send newsletters.
See Mailchimp legal framework.

Help desk provider

We use GrooveHQ to provide support by email or on social networks.
See GrooveHQ privacy policy.

Analytics provider

We use Google Analytics for analytics.
To protect your privacy, Google Analytics is configured on our website to anonymize your ip address and not to collect data for advertising or remarketing purpose.
See the privacy section in the Google Analytics terms of services and their GDPR compliance policy.

Surveys provider

We use typeform for some of our surveys.
See the privacy section in the Typeform terms of services.

Forum provider

We use discourse to run the community forum.
See Discourse privacy policy.

Customer Relationship Management

We use Hubspot to manage sales inquiry.
See Hubspot privacy policy.

Payment gateway provider

We use Stripe to process payments.
See Stripe privacy policy.

Invoices and billing history provider

We use Zoho Books to provide you with invoices, receipts and billing history.
See Zoho privacy policy.

3rd party access (Summary)

European laws apply

List of 3rd party services

Deleting, editing and accessing your personal information

You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.

You can stop receiving Demo notification emails by deleting your account in the demo section of our Site. To delete your account send us an email at: Demo data are also periodically deleted automatically at regular intervals.

You can stop receiving emails and/or delete your account from the Community Forum by logging in and going on your profile settings page.

We can also edit/delete/get access to any personal information that we hold within 60 days of any request you make by contacting us:

Information security

We work hard to prevent unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:

  • We aim to encrypt all of our services using SSL.
  • We regularly review our information collection, storage and processing practices, to guard against unauthorized access to systems.
  • We restrict access to personal information to employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations.

Date of Last Update

This privacy policy was last updated on 1st of October 2018.

Deleting data (Summary)

You can request access to your data

You can delete your data