DashLane comes with a free version that runs on one device and manages up to 50 passwords. It has been editors choice in the Apple App Store, and Best App on Google Play. Due to the issues below, we cannot recommend the use of DashLane.
DashLane allows syncing using DashLanes own servers, or keeping the data just on your device. It does not allow you to synchronize your data using your own preferred cloud service.
DashLane is available for Windows, macOS, Android, iOS and Linux.
We do not and cannot know your Master Password and, because of that, we do not and cannot know what Secured Data you store on the Services. We use technology, including cookies, to collect anonymous data that we use to provide and improve the Services.
Automated Decision Making and Profiling. We do not use your Personal Data for automated decision-making. However, we may do so in the future to comply with applicable law, in which case we will inform you of any such processing and provide you with an opportunity to object.
Once installed, Dashlane contacts gate.hockeyapp.net. HockeyApp is, quoting the service itself:
HockeyApp is a service for app developers to support them in various aspects of their development process, including the management and recruitment of testers, the distribution of apps and the collection of crash reports.
That this is automated profiling is made clearer by the use of the term "analytics" in various places on the HockeyApp website:
Because HockeyApp’s distribution, crash reporting, and analytics services are now available in App Center, HockeyApp will be retired on November 16, 2019.
Security (pre May 15th, 2019)
In order to use the password manager and secure digital wallet elements of the Services you will enter certain information into the App, including highly sensitive information like names, addresses, phone numbers, identity information, credit card information, passwords, receipts for online transactions and secure notes (“Encrypted Sensitive Information”). The Encrypted Sensitive Information is encrypted locally on your device using strong encryption and is backed up on the Dashlane cloud. None of it is viewable to Dashlane because it is encrypted with the Master Password. If you choose to synchronize your Encrypted Sensitive Information with more than one device (each an “Authorized Device” via the Services, the “Sync Function”), the Services are designed to transmit and store the Encrypted Sensitive Information through the Dashlane cloud to the Authorized Device(s) using strong encryption and in a manner that Dashlane will not be able to read.
At the same time, DashLane requests the right to share this Encrypted Sensitive Information that they say they have no access to with third party:
In order to make it less likely that someone will perpetrate a fraud on you, we may provide some portion of the Information, including some Encrypted Sensitive Information, to the financial institution that issued your credit card or other payment information that operates your credit card or payment network (collectively, “Payment Providers”).
Having lost faith that Encrypted Sensitive Information is out of reach for DashLane, the next part lowers the trust even further: