TL;DR: We do our best to respect your privacy!

Privacy Policy

This website, is owned and operated by Passbolt SARL ("we", "us" or "passbolt"). By using and accessing our Site, you ("you", "user" or, "end user") agree to the terms of our Privacy Policy (collectively, the "privacy policy").

This Privacy Policy is effective with respect to any data that we’ve collected, or collect, about and/or from you, according to our Terms of Service.


We define ‘Personal Information’ (which refers with no exception to, “your information”) in the following manner:

Any information that you provide to us about yourself while using the service that could help someone else identify you as an individual entity. This may include information such as your name, phone number, location, IP address, system locale and preferences, picture, public key information, etc.

We define this website (also referred to as the "Site", or “Service”) as and any other subdomains such as (also reffered as “Demo Site”).

Do you have a question about this privacy policy? Get in touch!

contact us

Cookies and Tracking


A cookie is information stored on your computer by a website you visit. This Site use cookies for two purposes:

  • Sessions, e.g. to provide you with the functionality that keeps you logged in or to make sure your preferences are carried forward.
  • For analytics (see next section). We do not use cookies to track you on third party sites.


We use Piwik to collect information about your usage of the Site, such as which page you visited, how long you stayed on the Site, etc. It is possible for you to opt-out of this analytics tracking by enabling your browser's "Do Not Track" preference.

Demo Site application logs

The Demo Site itself collect information about your usage, such as when you created or edited a password, when you posted a comment, when you triggered a system error, etc. This is needed to provide functionalities such as access and control logs within the application. You should setup your own test environment if you are not comfortable with this.

Forum application logs (also called Forum) may use cookies to personalize or enhance your user experience and does collect information about your usage, such as your Internet protocol address, the kind of browser or computer you use, number of links you click within the site, state or country from which you accessed the site, the date and time of your visit, the name of your Internet service provider, the web page you linked to our site from, pages you viewed on the forum. See discourse privacy policy for more information

Cookie and Tracking (Summary)

Respect "Do Not Track"

No tracking on 3rd party sites

We keep usage logs on demo site

Community forum usage logs

Passbolt API anonymous usage report

When installing the API application on your own server you will be asked if you want to share anonymous usage statistics. Such data are sent each time you install or update the passbolt API application and are composed of aggregated information only, such as the total number of users or passwords. These reports are stored as anonymized results, we do not store the IP address nor any personal information.

This functionality is off by default. You can opt-out of these reports at any moment by changing a setting in the temporary application configuration files. This file is located in app/tmp/config/anonymous_statistics.php.

Anonymous usage statistics

Opt-in only usage statistics

Anonymous usage statistics

Easy opt-out from usage statistics

Social buttons

To protect you from third party tracking, we do not include any third party javascript application such as “facebook like” or “google +1” buttons on this Site.

Cookie and Tracking (Summary)

No 'social button' tracking

Our use of your personal information

We may use your personal information only for one or more of the following purposes:

To give you access to the Service. For example, if you register to the demo section of the Site we may send you a link by email to activate your account.

To notify you about any activity within the Service. For example if you are using the demo section of the Site and if another user shares a password with you, we may send you an email notification.

To provide you with support. For example, if you leave your personal information on the help section of the Site, we may contact you to help you solve your issues or answer your questions.

To promote our services. For example, if we think you might benefit from using another service we offer, or if we think an information about a change in the current Service is relevant for you, we may contact you to tell you about it.

To bill and collect money owed to us. This includes communications with regards to invoices, receipts, payment statuses and processing issues.

Disclosure of personal information

We may disclose your Personal Information for one or more of the following purposes:

To provide you with the Service. For example, if you register on the Demo Site other people will be able to see the email address and name you used to register and will be able to share information with you.

To meet legal requirements. In the event we are to comply with court orders and valid subpoenas or to defend a court, arbitration, or similar proceeding.

To provide information to representatives and advisors. These include engineers, attorneys and accountants, who help us comply with legal, accounting, or security requirements.

To transfer your information in the case of a sale, merger, consolidation, or acquisition, any acquirer will be subject to our obligations under this privacy policy, including your rights to edit and delete your personal data. We will notify you of the change either by sending you an email or posting a notice on our Web site, so that you can opt-out if you wish to do so.

Cookie and Tracking (Summary)

Limited use of personal data

Personal data visible on demo site

3rd Party Access

We will not give, sell, rent or loan any personal information to any third party. The following third parties may have access to your personal data under certain conditions.


Our organization is registered in Luxembourg. We are therefore subject to luxembourgish and european legislative texts on data protection and privacy.

Our organization relies on services (such as hosting, help desk and newsletters) provided by companies registered in the USA. They are obliged to provide access to notices pursuant to the Digital Millennium Copyright Act as well as judicial, regulatory or other governmental orders or requests valid in USA.

Hosting provider

We primarily use Google Cloud Platform to host our websites.
See GCP terms and conditions.

Newsletter provider

We use Mailchimp to send newsletters.
See Mailchimp legal framework.

Help desk provider

We use GrooveHQ to provide support by email or on social networks.
See GrooveHQ privacy policy.

Analytics provider

We use Piwik Cloud Pro for analytics.
See the privacy section in the Piwik terms of services.

Surveys provider

We use typeform for some of our surveys.
See the privacy section in the Typeform terms of services.

Forum provider

We use discourse to run the community forum.
See Discourse privacy policy.

3rd party access (Summary)

European laws apply

Digital Millennium act apply

Transparency of 3rd party services

Deleting, editing and accessing your personal information

You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.

You can stop receiving Service notification emails by deleting your account in the demo section of our Site. To delete your account send us an email at: (in the future we will allow you to delete your account from your profile page).

We can also give you access to any personal information that we hold within 60 days of any request you make by contacting us:

Information security

We work hard to prevent unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:

  • We aim to encrypt all of our services using SSL.
  • We regularly review our information collection, storage and processing practices, to guard against unauthorized access to systems.
  • We restrict access to personal information to employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations.

Date of Last Update

This privacy policy was last updated on 09th of November 2017.

Last changes summary: switched to Google instead of Amazon, added section about forum and discourse.

Deleting data (Summary)

You can request access to your data

You can delete your data