So all data is stored on the customers devices, and the app doesn't send data to any other places than the customer's own devices? That sounds good, but only assuming I can trust this to be true. But Enpass is not open source (only the encryption part of it is?), so all I have is your word for it. After the Edward Snowden incident we know for a fact that American companies may be forced by law to create back doors in their products _and to lie about it_. The combination of closed source and being subject to US legislation seems like a total deal breaker for any IT product where security or privacy is important. How am I wrong? I would be grateful if anyone could explain this to me. (And even I were to monitor the data traffic in and out of the Enpass clients and find that it looks okay, how do I know that it behaves the same the next day?)