Definitions
- Vault data
The collection of a user's private information that they choose to store securely within Bitwarden's secure environment. This typically includes highly sensitive data such as:
- Passwords: Credentials for various websites, applications, and services.
- Usernames: Associated usernames for accounts.
- Secure Notes: Encrypted notes containing sensitive information that the user wants to keep secure.
- Credit Card Information: Payment card details like card number, expiration date, CVV, etc.
- Identities: Personal information such as names, addresses, phone numbers, and email addresses that can be used to autofill forms.
- Attachments: Any files uploaded by the user to be stored securely within the vault.
Vault data may also refer to less sensitive data such as metadata:
- Last Updated: The last time an item was updated.
- Created Date: The date an item was created.
- User
An individual who uses Bitwarden to store, manage, and access vault data.
- Client
The software application that the User interacts with to access their vault data. This includes the official Bitwarden web vault, desktop applications, mobile applications, browser extensions, and any other software provided by Bitwarden that interacts with the Bitwarden server to access or manage vault data.
- Protected data
Data stored in a format that is unreadable without additional information. Usually synonymous to encrypted, but with additional expectations about how the key is stored. Encrypted data which is stored together with its decryption key in plain text is not considered to be protected, even though it is encrypted.
- Communication channel
A medium through which two or more entities, such as processes, applications, or systems, exchange data or messages. This can include communication between components on the same machine, such as inter-process communication (IPC), or over a network, such as between a client and a server. Common types of communication channels include sockets, APIs, message queues, shared memory, and HTTP connections.
- Secure channel
A communication channel that provides confidentiality and integrity for the data transmitted between two or more parties.
- Confidentiality: The data is unreadable to unauthorized parties, typically using encryption.
- Integrity: The data cannot be tampered with or altered without detection during transmission.
- Trusted channel
A secure channel that also provides authenticity.
- Authenticity: The identities of the communicating parties are verified, ensuring that data is exchanged only between the intended parties.
- Partially trusted channel
A communication channel where trust is asymmetrical, meaning only some of the parties trust the channel. One party may have verified the other(s) and thus trusts the channel, while the other party or parties may not have done so, making the channel trusted by one party but untrusted by the other(s).
- Fully trusted channel
A communication channel where all parties have verified each other's identities. This means the channel provides confidentiality, integrity, and authenticity, ensuring that the data is secure, unaltered, and exchanged only between the trusted parties.
- Data at rest
Any data that is stored on a device or medium that is not actively being used, processed, or transmitted. This includes (but is not limited to) data stored on disk on the user's devices, or on disk on the server side.
- Data in use
Any data that is actively being used, processed or accessed. This includes (but is not limited to) data that is temporarily held in volatile memory (like RAM) for quick access, computation, or rendering.
- Data in transit
Data that is actively being transferred from one location to another, such as between memory locations, processes, or between devices across a network.
- Data exporting
The controlled process in which data leaves the Bitwarden secure environment unprotected. As a consequence the guarantees made by this document will no longer apply. The receiving party may or may not have its own guarantees.
- Data sharing
The controlled process in which data is shared with another party within the Bitwarden secure environment.
- Data leaking
The process in which data unintentionally leaves the Bitwarden secure environment unprotected.
- Informed and explicit consent
The process by which the User is provided with all relevant information regarding an action, understands it, and agrees to the terms in a clear and unmistakable way.
- Informed: The person giving consent must have all necessary information to understand what they are agreeing to.
All or parts of the information may be assumed to be implicitly provided/understood by the context in which the user
is giving consent. This includes:
- Purpose: A clear explanation of what the consent is for, such as how their data will be used or what actions will be taken.
- Risks and Benefits: Disclosure of any potential risks, benefits, or consequences associated with their consent.
- Alternatives: Information about any alternatives to consenting and what happens if they choose not to consent.
- Rights: A description of their rights, such as the right to withdraw consent at any time without penalty.
- Explicit consent: Consent must be given clearly and unambiguously, typically through a direct and affirmative action, such as clicking "I agree" or a similar action.
- Informed: The person giving consent must have all necessary information to understand what they are agreeing to.
All or parts of the information may be assumed to be implicitly provided/understood by the context in which the user
is giving consent. This includes:
- Certify
- Officially recognize (someone or something) as possessing certain qualifications or meeting certain standards.
- Bitwarden secure environment
- Any process or application that adheres to the "Security" section is treated as "within the Bitwarden secure environment".