All vault data is encrypted by Bitwarden before being stored anywhere. To learn how, see Encryption.
Vault data can only be decrypted using a key derived from your master password. Bitwarden is a zero knowledge encryption solution, meaning you are the only party with access to your key and the ability to decrypt the vault data. Listed below are examples of the data that is encrypted, as well as download links demonstrating the encrypted data.
Vault data that is encrypted:
For all items:
File encryption key
Custom field names and values
URIs (i.e. match detection strings)
Authenticator keys (i.e. TOTP secrets)
Social Security numbers, passport numbers, and license numbers
Emails and phones
Address 1, Address 2, Address 3, City / Town, State / Province, Zip / Postal code, Country
Send encryption key (learn more)
Secrets Manager data that is encrypted:
Service account names
Access token names (access token values are never stored by Bitwarden)
Some data, but never vault or secrets data, is used to provide the Bitwarden service to you. This is referred to as administrative data and can be accessed by Bitwarden. Learn more.