1Password complies with the requirements of the European Union’s General Data Protection Regulation (GDPR). Read our GDPR statement.
1Password was designed with a deep respect for your privacy. The data you save in 1Password is encrypted and inaccessible to us. Anything else is only ever used to provide you with service and support.
Your rights
You have the right to your information. We’ll never lock you out of your 1Password account, but we’re unable to decrypt it for you. You can export your 1Pasword information at any time. If you discontinue payment, your account will enter a frozen (read-only) state that still allows you to retrieve and export your information. Your export will be limited to the information you saved in 1Password. We can’t guarantee that vault permissions, group structures, and other details about relationships between people and information are included.
You have the right to know what we know. You have the right to know what we know about you and see how we handle that information. If you make such a request, you’ll receive a screenshot of what we can see about you in our systems. To protect customer privacy, these requests will be carefully authenticated beyond demonstrating control of the registered email address.
You have the right to have your information erased. Account owners have the right to instruct us to permanently remove information from our systems. You have to delete your account through an authenticated session first to make sure information isn’t deleted without consent. You (or the account owner) can contact us and ask that we expunge the information after you delete the account. After we authenticate your request, we’ll begin to process it and remove your information from our active systems.
Disaster recovery and data availability requirements dictate that we maintain secure and immutable backups. Erasure requests will leave those backups untouched unless we’re legally compelled to remove information from them.
- You have the right to access and control your personal information. You can control your personal information and exercise your data protection rights by contacting 1Password.
If an organization provides you with access to your 1Password account and services, there may be certain restrictions based on your organization’s privacy or other policies.
Our responsibilities
In the event of a breach, we recognize our responsibility to our customers and the public to promptly disclose any risk and provide a transparent account of events. We follow applicable Canadian data privacy breach notification requirements, and all requirements related to data breach notifications under the GDPR.
Access to 1Password
If you receive a Secret Key and create an account password when you sign up for 1Password, your access depends on both secrets and anyone with both secrets can access your 1Password account. We’ll never ask you for your account password or full Secret Key, and you shouldn’t share it with us or anyone else.
Information you saved in 1Password
Your passwords, credit cards, notes, and all your other items are protected with strong encryption.
- All your passwords and other saved items are private. The vaults and items you save in 1Password are end-to-end encrypted with keys that only you possess.
- Your 1Password account password is private. We don’t know your account password and can’t reset it or bypass it to access your data.
- Your metadata is private. Metadata like titles, URLs, tags, and custom icons are also encrypted.
Personally identifiable information
We collect only the information necessary to provide our services and assist you in troubleshooting. We collect information about:
- Your 1Password account: What kind of account you signed up for, who owns that account, and how that account has been paid for.
- Your usage: When you log in, how many vaults you create, how many items are stored in your vaults, and how much storage space you use.
- You: Your IP address, the devices connected to your account, and the name, email address, and profile pictures that you have given to us.
Due to the complexity of the 1Password security design and sensitivity of the information you entrust to us (even in encrypted form), it may not be possible for us to provide support unless you’re listed as an account owner and using your verified email address to communicate with us. Make sure the email address listed on your 1Password account is current and accessible.
We will not provide identifiable non-public information unless we believe in good faith that:
- We are responding to an enforceable Law Enforcement Request;
- Disclosure is necessary to protect the safety of a user or the safety of others; or
- Disclosure is necessary to investigate fraud or other criminal activity.
See the 1Password Government Request Guidelines for more information.
Telemetry
If you participate in telemetry, we collect information about actions you take in the 1Password apps.
- We won’t collect product usage telemetry data without your awareness. Telemetry is optional in most cases. We won’t collect your usage data without your knowledge.
- Designed to protect your privacy. Telemetry at 1Password is designed to protect your privacy. Any data collected is de-identified and aggregated, so it isn’t linked to you in our analytics.
Tip
If you use work and personal accounts on the same device, learn more about telemetry.
Privacy features in 1Password
Watchtower tells you about password breaches and other security problems with the items you have saved in 1Password. Everything is checked locally on your own device. Your websites and password are never sent to us or anyone else. Learn more about Watchtower privacy.
Learn more
- AgileBits Privacy Policy
- About the 1Password security model
- How to keep your 1Password account secure
- How 1Password protects your data when you use a sync service
- How to participate in telemetry at 1Password
- About 1Password browser permissions
- About 1Password diagnostics reports
- About Watchtower privacy in 1Password
- 1Password Security Design White Paper