bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2026-01-05 18:13:15 +00:00
Code Issues Releases Wiki Activity
Files
63ba2f081c7cd2a2ae16bcda40bb770d1d2c2598
help/_articles/security/is-bitwarden-audited.md
fred_the_tech_writer aa9e70659a Vault Management (#382) 
* Staging: Vault Mgmt (#380)

* Commit #1
- Updated Master Password article, and removed old versions (w/ 
redirects)
- Repurposed Account Encryption Key Article
- Moved Fingerprint Phrase article
- Requisite re-ordering of security articles
- Change "Account Mgmt" title to "Your Vault"
- Slight change to "Import & Export" category title

* - Managing Items
- Favorites & Folders (+images)
- Sync & Search (+images)
- Import Export title change
- Clarification re: Login v. Lock in "Field Guide to Two-step Login"
- Clarifiation re: Org Invite Expiry in managing-users.md
- New link to Acct. Encryption Key in encrypted-export.md

* Commit #3
-Custom Fields
- URIs (+ images)
- File Attachments
- VH Reports
- Required re-ordering

* Commit #4
-BWDC Login recommendation
-VH Reports images
- Added Two-step FAQs, Import FAQs
- FAQ Nav Item depricated, targetting FAQs for each category are now the 
last article within respective categories

* Commit #5
-Edit & move Account/Org Deletion Article
-config.yml to re-order global nav
-encrypted export update

* General FAQs (preliminary edits)

* Features > Misc.

* return forgot-master-password.md & downstream order changes

* delete account warning

* fixed link
2021-02-01 08:58:52 -05:00

76 lines
4.1 KiB
Markdown
Raw Blame History

---
layout: article
title: Compliance, Audits, and Certifications
categories: [security]
featured: true
popular: false
tags: [audit]
order: 07
---
Bitwarden is a global company with customers located all over the world. Our business is to help customers protect, store, and share their sensitive data. We prioritize protecting the personal data of our customers and their end-users as paramount to our company mission. Bitwarden complies with industry standards, and conducts regular audits shared transparently with our customers and users. Our open source approach puts us in a unique position, where our software is viewed and scrutinized by a globally engaged community.
## Privacy
For our privacy policy, visit [bitwarden.com/privacy](https://bitwarden.com/privacy){:target="\_blank"}.
### GDPR
Bitwarden participates in the EU-U.S. and Swiss Privacy Shield Frameworks and complies with GDPR and current applicable EU data protection rules.
### CCPA
Bitwarden is compliant with the California Consumer Privacy Act (CCPA).
### Privacy Shield
Bitwarden complies with EU-U.S. Privacy Shield Frameworks. In addition, Bitwarden uses and complies with EU Standard Contractual Clauses (SCCs). For more information, please see [Bitwarden Privacy Shield Frameworks](https://www.privacyshield.gov/participant?id=a2zt0000000CoURAA0){:target="\_blank"}.
### HIPAA
Bitwarden is HIPPA compliant.
## Third Party Security Audits
### SOC 2 Type 2 and SOC 3
Bitwarden has completed SOC Type 2 and SOC 3 compliance. For more information, see the blog post [Bitwarden achieves SOC 2 certification](https://bitwarden.com/blog/post/bitwarden-achieves-soc-2-certification/){:target="\_blank"}.
### 2020 Security Assessment
Bitwarden completed a thorough security assessment and penetration test by auditing firm [Insight Risk Consulting](https://www.insightriskconsulting.com/){:target="\_blank"}. For more information, please see the blog post [Bitwarden 2020 Security Audit is Complete](https://bitwarden.com/blog/post/bitwarden-network-security-assessment-2020/){:target="\_blank"}.
[Read the report](https://cdn.bitwarden.net/misc/Bitwarden%20Security%20Assessment%20Report.pdf).
### 2018 Security Assessment
Bitwarden completed a thorough security audit and cryptographic analysis by security firm [Cure53](https://cure53.de/){:target="\_blank"}. For more information, please see the blog post [Bitwarden Completes Third-party Security Audit](https://bitwarden.com/blog/post/third-party-security-audit/){:target="\_blank"}.
## Open Source Codebase
### Codebase on GitHub
Bitwarden is focused on open source software with the entirety of the codebase available on GitHub.com. For more information, please see [github.com/bitwarden](github.com/bitwarden){:target="\_blank"}.
### Open Source at Bitwarden
Bitwarden is an open source password manager. For more information please visit [our open source page](https://bitwarden.com/open-source/){:target="\_blank"}.
## Cloud Hosting
The Bitwarden cloud service is hosted on Microsoft Azure. Please visit [Microsoft Azure Compliance Offerings](https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/){:target="\_blank"} for more detail.
## Security Information
### Zero Knowledge Encryption
Bitwarden takes a zero knowledge encryption approach to password management, meaning every piece of information in your Vault is encrypted. For more information on this approach, please see the blog post [How End-to-End Encryption Paves the Way for Zero Knowledge](https://bitwarden.com/blog/post/end-to-end-encryption-and-zero-knowledge/){:target="\_blank"}.
### Vault Security in Bitwarden
For more information on how Bitwarden Vaults are protected, including options for Bitwarden client applications, please see the blog post [Vault Security in the Bitwarden Password Manager](https://bitwarden.com/blog/post/vault-security-bitwarden-password-manager/){:target="\_blank"}.
### Bug Bounty Program
Bitwarden also interacts with independent security researchers through our public bug bounty program on [HackerOne](https://hackerone.com/bitwarden/){:target="\_blank"}.
Reference in New Issue View Git Blame Copy Permalink