Transparency statement

Transparency is one of the principles that guides how we operate and how we build trust with our customers. As a provider of security software, we understand that our company, our product, and our corporate structure are subject to public scrutiny. We welcome thoughtful questions, independent audits, and constructive review, as they help strengthen both our product and our operations.

We want to provide complete clarity on Passwork’s origins, ownership, corporate structure, and technical architecture. Our goal is to give clear, accurate information about our company and product. To help customers, partners, and other interested parties better understand these topics, we have summarized the most common public claims about Passwork Europe S.L. and provided factual explanations supported by verifiable information.

The Passwork software was created in 2014 by developers of Russian origin. It was first incorporated in Europe in 2017 through the Finnish company Passwork Oy. Intellectual property rights were subsequently transferred to Passwork FZ-LLC, a company registered in the United Arab Emirates. In 2024, Passwork Europe S.L., a Spanish company, acquired from Passwork FZ-LLC the rights to develop, maintain, distribute and support the international Passwork product. Under that agreement a transition period runs until 30 August 2026, during which Passwork FZ-LLC provides source-code updates and technical knowledge transfer.

Below we answer the questions we are asked most often.

Main questions

Topic Question Summary of the facts
Ownership and corporate structure Is Passwork Europe S.L. connected to the Russian company operating under the resembling brand? Passwork Europe S.L. is an independent Spanish company with its own ownership, management, operations, and customer relationships. It has no corporate affiliation with any Russian companies.
Product development and transition Why are there similarities between the European and Russian versions of the product? Both products developed from a common codebase origin. As part of a temporary technology transition agreement ending in August 2026, Passwork Europe S.L. receives source-code updates and technical knowledge transfer from Passwork FZ-LLC (UAE company). European operations remain independently managed.
Security architecture Can external parties access customer data through the software? No. Passwork's on-premises, zero-knowledge architecture is designed so that customer data remains under the customer's exclusive control. Passwork Europe S.L. does not have access to customer passwords or encrypted vaults.
Security verification Can customers and independent experts verify the security of Passwork? Yes. Customers receive the server-side application in readable source code, may review the product and updates before deployment, and can restrict network access. Passwork also undergoes independent security assessments and welcomes third-party source-code audits.
Product origin Why is Passwork described as "Developed in Europe"? Passwork has been commercially operated, supported, and continuously developed for European customers from Europe since 2017. The current transition arrangement does not change the company's European operations or governance.

Details for each question

1. Is Passwork Europe S.L. affiliated with or controlled by the Russian company operating under the Passwork brand?

No, Passwork Europe S.L. is an independent Spanish company and it is not controlled by any Russian companies. Passwork Europe S.L. was founded in Barcelona in August 2024. Its sole shareholder and CEO is Alexander Muntyan, who acquired the intellectual property rights to the Passwork software from Passwork FZ-LLC, a UAE company, through a commercial asset acquisition. Alexander Muntyan is a Spanish tax resident and resides in Spain.

Passwork Europe S.L. has its own ownership, management, operations, customer relationships, and decision-making processes. It has no corporate affiliation with any Russian companies. The Russian company with the resembling brand operates within its domestic market, while Passwork Europe S.L. independently develops and supports customers in international markets.

The product's history is fully transparent. Passwork's European operations began in 2017 through Passwork Oy in Finland, and since then its European operations have continued through European legal entities. The establishment of Passwork Europe S.L. in Spain represents the latest stage of that development and reflects a commercial transfer of intellectual property and business operations. The original creators of the software hold no ownership interest, management positions, or decision-making authority within Passwork Europe S.L.

Today, Passwork Europe S.L. operates as an independent Spanish company with its own ownership, management, and responsibility for the product in international markets.

2. Why are there similarities between the European and Russian versions of the product?

Passwork Europe S.L. acquired the rights to the Passwork software as part of a commercial transaction and is currently completing a structured technology transition. This transition is governed by a transitional services agreement with Passwork FZ-LLC (UAE company), which runs until August 30, 2026.

During this period, Passwork FZ-LLC provides source-code updates and technical knowledge transfer to support continuity for existing customers. This is a standard part of transferring and integrating an active software product.

Every update undergoes security verification before release, including software bill of materials (SBOM) analysis, software supply-chain analysis, static and dynamic application security testing (SAST/DAST), AI-assisted analysis and manual code review. All changes remain visible in the source code and are subject to independent verification by customers.

Because the European and Russian products originate from the same historical codebase, some version releases and release notes may appear on similar timelines. This reflects the shared technical origin of the software and the ongoing transition process, but does not indicate common administration between the Spanish and Russian operating companies.

Passwork Europe S.L. maintains administrative control over its own technical environment. Historical Cloudflare, DNS, analytics, or marketing configurations identified during the transition have either been separated, reviewed, or placed under Passwork Europe S.L.’s control. Passwork Europe S.L. also maintains dedicated infrastructure hosted within the European Union and administered by its own team.

3. Can external parties access customer data through Passwork?

No, Passwork’s technical architecture makes it impossible to access customer data regardless of who has reviewed the source code. Most Passwork Europe S.L. customers deploy the product on their own infrastructure. In this deployment model, all data remains within the customer's environment and can be deployed without Internet access. There is no central application server through which customer passwords, vaults or encrypted data pass. This can be independently verified by reviewing the source code or analyzing the application's network traffic. This means that Passwork Europe S.L. does not host, store, or have access to customer passwords, vaults, or server infrastructure.

Passwork follows a zero-knowledge architecture. Encryption and decryption take place on the client side using AES-256 encryption before data is transmitted or stored. As a result, encrypted data cannot be read by Passwork Europe S.L. or any external party without the customer's encryption keys.

The software is also available for customer source-code review, allowing companies to verify its functionality independently.

4. Can customers and independent experts verify that Passwork is secure?

Yes, customers and independent experts can verify Passwork’s security. Customers receive the complete server-side application in readable source code and may conduct their own independent review. Our cryptographic architecture, including encryption algorithms, key hierarchy, and security parameters, is publicly documented to allow independent verification of the product's security model. Any connection used for update availability is separated from the encrypted customer database and does not provide remote access to it.

Updates are installed only with the customer's approval. Updates may be performed either semi-automatically, by running an update script that downloads signed update packages from Passwork Europe's update portal hosted in the European Union, or entirely manually by downloading the update archive and installing it offline. Customers may also restrict network access and review each new release before deployment. In both cases, every update is verified using a digital signature based on public-key cryptography. Without possession of the corresponding private signing key, it is technically impossible to substitute or tamper with the software distributed to customers.

In addition, Passwork regularly undergoes independent third-party security assessments, including a 2025 penetration test by HackerOne. Passwork Europe S.L. also welcomes independent source-code audits by security laboratories as part of customer security due diligence or procurement processes.

5. Why does Passwork describe the product as "Developed in Europe"?

The statement "Developed in Europe" reflects the way Passwork is operated, developed, and supported for international customers today.

Since 2017, Passwork has been operated, deployed, and supported through European companies serving international markets. Today, Passwork Europe S.L. manages the product from its headquarters in Barcelona, Spain, with a dedicated team of independent contractors responsible for product management, customer support, operations, and technical oversight.

As part of the intellectual property acquisition, Passwork Europe S.L. is completing a temporary technology transition with Passwork FZ-LLC (a UAE company) that will conclude in August 2026. During this period, source-code updates and technical knowledge are transferred under a commercial agreement to ensure continuity for customers. This transition does not affect the company's governance, ownership, or day-to-day operations.

Every software update received during the transition is reviewed, validated, and integrated by Passwork Europe S.L.'s technical team before release. This includes software bill of materials (SBOM) analysis, software supply-chain analysis, static and dynamic application security testing (SAST/DAST), AI-assisted analysis and manual code review. All changes remain visible in the source code and are subject to independent verification by customers. Administrative, operational, and customer support data is processed within the European Union in accordance with GDPR requirements.

Passwork Europe S.L. is responsible for the software distributed to its international customers and for the ongoing development, maintenance, support, and security of that product.


How we support transparency

Transparency is meaningful only when it can be supported by evidence. Rather than asking customers to rely solely on our statements, we provide multiple ways to independently verify the information presented on this page.

  • Source-code review. Customers may review the Passwork source code to independently verify its functionality and security.
  • Independent security assessments. We share the results of independent penetration testing and support independent source-code reviews. We also welcome independent source-code audits by security laboratories as part of customer security due diligence or procurement processes.
  • Technical documentation. We provide documentation describing our security architecture, deployment model, and zero-knowledge design.
  • Corporate information. Information about Passwork Europe S.L., including its ownership and corporate registration, is publicly available through the relevant official registers.

If you have additional questions about our company, product, or security architecture, our team will be happy to provide further information at [email protected].