NordPass Business has no technical means to access your encrypted passwords, secure notes, or other items stored in your vaults (where the End User’s items are stored; "Vault") because we built NordPass Business based on zero-knowledge architecture. Zero- knowledge architecture means that we do not have any access to what is stored in the Vault. In cryptography, it refers to being able to prove something you know without revealing what that is. As such, our zero-knowledge password manager keeps the proof that you have the key, but not the key itself, making it very safe. No one else can see the organization’s passwords, credit card details, or notes. We also don’t have the organization’s End Users Master Password, so the encrypted data will stay secure even if someone breaches our servers.
To understand more about NordPass Business specifications and technical features please check NordPass Business Whitepaper.
When the End Users use NordPass Business Services with the Vault provided by an organization (our Customer), that organization can:
Every item in the NordPass Business Vault has two types of data: metadata (title, website address, cardholder name, etc.) and secret data (login credentials, items (e.g., passwords, notes’ content, credit card number, comments, etc.). The organization cannot see secret data. However, the End Users items, stored in the Vault, are accessible by the organization via indirect ways, e.g., through activity logs, after deletion of the End Users account, etc. Therefore, please note that the NordPass Business Vault should only be used to store items related to the organization and we highly recommend End Users not to keep any personal information there or to delete such personal information before leaving the organization/ceasing to use the NordPass Business Services.
If the End User is invited to join the NordPass Business account administered by an organization and the End User already has one’s own personal NordPass account registered with the same email address, the End User's items will be transferred to the organization which will become the controller of this data as foreseen by the applicable legal acts. In case the End User does not want one’s personal items to be transferred to the organization (to which NordPass Business account the End User is joining), we strongly advise deleting or exporting all items and adding them to another personal NordPass account (i.e. NordPass version for non-business users) created with another email address before accepting the invite to join the organization on NordPass Business.
NordPass Business offers an additional feature — Data Breach Scanner ("Scanner"). This feature enables scanning if certain data has appeared in any personal data breaches detected by our third-party service provider. Using a third-party provider, the Scanner checks email addresses (which were used by the End Users to join the organization) and identifies which pieces of data might be exposed. Every time you use the Scanner, you grant us permission to share your hashed email addresses with our third-party service provider. To keep your data secure, any further matching of items against the third-party’s database is completed locally, on the device where it is initiated. This data will not be used by us or our service provider for any purpose other than helping to monitor data breaches where the personal data of the organization's End Users have appeared. Please note that when you use the Scanner, NordPass Business has no technical means to access your encrypted items stored in NordPass Business Vault and Scanner’s search results that are shown on the users’ devices.