Your secrets are encrypted on your device before they reach our servers. EU data residency on every plan. Zero-knowledge architecture that simplifies your GDPR obligations — not complicates them.
In short
SealedKeys supports GDPR-compliant credential management through EU-only data residency and a zero-knowledge architecture where the provider never holds plaintext secrets. All data is encrypted client-side with AES-256-GCM and protected by TLS 1.3 in transit.
The architecture and features that matter for your compliance team.
Your encrypted vault is stored on Hetzner infrastructure in Germany. No data is transferred outside the EU. This applies to every plan — not just enterprise. No contractual gymnastics to keep your data in Europe.
GDPR requires a lawful basis for processing personal data. SealedKeys' zero-knowledge architecture means we store only AES-256-GCM ciphertext. We cannot read your secrets — we are not a controller of your secret data, only the encrypted form.
A GDPR-compliant DPA is available on request. Given the zero-knowledge model, SealedKeys' role as a data processor is minimal — but if your compliance team needs one, email hello@sealedkeys.com.
GDPR's accountability principle requires you to demonstrate control over personal data access. SealedKeys logs every view, copy, edit and deletion with timestamp, user and IP — ready for DPA audit requests or incident responses.
Right to erasure? Delete vault items immediately and they are gone — the ciphertext is removed from the database. No backups with your plaintext secrets exist on our servers because we never had the plaintext.
GDPR's right to data portability. Export your entire vault as an encrypted backup at any time — no support tickets, no hoops. The offline viewer decrypts it locally with no internet connection.
Under UK GDPR and EU GDPR Article 28, any time you engage a third party to process personal data on your behalf — including a password manager that stores your team's credentials — you must have a written Data Processing Agreement in place. Without one, your organisation is in breach of GDPR regardless of how secure the underlying technology is.
SealedKeys provides a pre-signed DPA covering both UK GDPR and EU GDPR Article 28 requirements, available immediately at sealedkeys.com/dpa. Because SealedKeys' zero-knowledge architecture means we hold only encrypted ciphertext — not your plaintext secrets — our role as a data processor is unusually limited. The DPA documents this clearly, simplifying your compliance team's review. No negotiation required for standard terms; custom DPA addenda available on Pro plans.
The questions your DPO, auditor or enterprise procurement team will ask when reviewing SealedKeys.
A. Your organisation is the data controller for the credentials and secrets stored in your SealedKeys vault. SealedKeys (SealedKeys Ltd) acts as the data processor — we hold encrypted ciphertext on your behalf but cannot decrypt or read any of it. This controller/processor split is documented in the Article 28 DPA available at sealedkeys.com/dpa.
A. All data is stored and processed on Hetzner GmbH infrastructure in Frankfurt, Germany — within the EU. No sub-processors outside the EU are used for vault data. TLS 1.3 is enforced in transit and AES-256-GCM encryption is applied client-side before upload. No data transfer mechanisms (SCCs, adequacy decisions) are required because no data leaves the EU.
A. SealedKeys holds: your account email address (used for authentication and transactional emails), a bcrypt hash of your master password (the plaintext is never transmitted), and AES-256-GCM ciphertext of your vault items. We cannot link the ciphertext to any individual or read its contents. Analytics in the vault interface use Umami, a privacy-first tool that stores no IP addresses and collects no personal identifiers.
A. SealedKeys undergoes annual penetration testing (most recently May 2026, zero findings) and holds Cyber Essentials certification. In the event of a security incident, we follow a documented incident response process and notify affected customers within 72 hours as required under Article 33. Because vault data is encrypted with keys we do not hold, a breach of our servers would expose only ciphertext with no practical decryption path.
SealedKeys is designed with UK GDPR and EU GDPR in mind. Data is stored on EU infrastructure (Hetzner, Germany) and never transferred outside the EU. The zero-knowledge architecture means we process only encrypted ciphertext — the lawful basis and data minimisation obligations are simplified because we cannot access your secrets. A Data Processing Agreement is available at sealedkeys.com/dpa.
All data is stored on Hetzner servers in Germany (EU). No data is transferred to the US or any third countries. TLS 1.3 protects data in transit. At rest, secrets are stored as AES-256-GCM ciphertext only — never plaintext.
Yes. A pre-signed DPA covering both UK GDPR and EU GDPR Article 28 requirements is available at sealedkeys.com/dpa. Given the zero-knowledge model, our role as a data processor is limited — we cannot read the personal data your team stores in the vault. The DPA documents this relationship clearly.
GDPR requires a lawful basis for processing personal data and mandates data minimisation. SealedKeys' zero-knowledge architecture means the server stores only ciphertext we cannot decrypt. This simplifies your GDPR obligations: we are not a controller of your secret data, only an encrypted storage layer.
Yes. Export your full vault at any time from Settings → Export. Two formats: encrypted backup (recommended) and plaintext JSON. No support ticket required. The offline viewer decrypts the encrypted backup locally with no internet connection — your data is genuinely portable.
You can export your vault at any time before cancelling. After account deletion, vault data is permanently deleted from the database within 30 days. Because we store only ciphertext, there is no plaintext data to recover or retain.
SealedKeys does not currently appoint a DPO. Under UK GDPR and EU GDPR, a DPO is mandatory only for public authorities, organisations that carry out large-scale systematic monitoring, or those that process special category data at scale. SealedKeys does not process special category data — it stores only encrypted ciphertext — so appointment of a DPO is not required at our current scale. We are registered with the ICO. For any data protection queries, contact hello@sealedkeys.com.
SealedKeys is suitable for storing credentials that grant access to healthcare systems — for example, the username and password your team uses to log in to an NHS portal or clinical system. What SealedKeys is not designed to be is a primary store for special category health data (patient records, clinical notes) under GDPR Article 9. The distinction matters: your login secrets are protected by zero-knowledge encryption; actual patient data should remain in a compliant clinical records system. If you are unsure whether your use case is in scope, email hello@sealedkeys.com.
Article 25 requires controllers to implement technical and organisational measures that embed data protection into processing activities by design and by default. SealedKeys' zero-knowledge architecture is that technical measure: encryption is performed entirely on the client before any data leaves the device, so the server is structurally incapable of accessing plaintext. There is no configuration option to disable this — it is the default and the only mode. This means your password manager satisfies Article 25's 'by design' and 'by default' requirements at the infrastructure level, not through policy alone.
Need full data residency on your own infrastructure?
Dedicated instance — your vault on an isolated server in your chosen region, managed by us. No shared tenancy. From £399/month.
Free to start — no credit card. DPA available at sealedkeys.com/dpa. Pro at £3.49/user/month.