Go back

Building Clefi: A Password Manager for the French and EU Market

Password managers are everywhere. 1Password, Bitwarden, LastPass, Dashlane… the market seems saturated. So why build another one?

Because compliance-first design for the French market is still missing.

I’m building Clefi a password manager designed from the ground up for French small and medium enterprises, starting with a rock-solid foundation for individuals first (and also prioritized for EU resident but we also accept all countries :) ).

Table of contents

Open Table of contents

The Problem: Compliance Is an Afterthought

Most password managers are built for the global English-speaking market and localized later. French support is often added as a translation layer, and compliance with French regulations (GDPR, CNIL guidelines, RGS requirements) is treated as a checkbox.

But for French SMEs, compliance isn’t optional it’s foundational.

When you’re handling sensitive business credentials, you need:

Clefi is designed to meet these requirements from day one, not retrofit them later.

Starting With Individuals, Scaling to SMEs

The MVP focuses on delivering exceptional password management for individuals. Why start there?

Because the foundation has to be bulletproof before adding team complexity.

Individual users get:

Once the core platform is proven and stable, we’ll add team features:

The Technical Foundation

Building a password manager means getting security right. Not “mostly right” completely right.

Here’s how Clefi approaches this:

Zero-Knowledge Architecture

The server never sees your passwords. Ever.

All encryption and decryption happen in the browser or extension, on your device. Your master password never leaves your machine. Even if someone gained access to Clefi’s servers, they’d find only encrypted data they can’t decrypt.

This is called zero-knowledge architecture the service provider (us) has zero knowledge of what you’re storing.

Cryptography That Works

We’re using proven, industry-standard cryptographic primitives:

Password Hashing: Argon2id Your master password is hashed using Argon2id—a memory-hard, GPU-resistant algorithm that makes brute-force attacks computationally expensive. It’s the winner of the (Password Hashing Competition)[https://www.password-hashing.net/] and the current gold standard.

Key Derivation: HKDF-SHA256 We derive encryption keys from your master password using (HKDF)[https://en.wikipedia.org/wiki/HKDF] (HMAC-based Extract-and-Expand Key Derivation Function). This ensures that even if one key is compromised, others remain secure.

Vault Encryption: XChaCha20-Poly1305 Your vault is encrypted using XChaCha20-Poly1305—an authenticated encryption algorithm that’s both fast and secure. The “authenticated” part means it detects tampering; the “extended nonce” means we can encrypt large amounts of data safely.

Why these choices?

The Tech Stack

Clefi is built as a monorepo with four main components:

Backend: Go We chose Go for its performance, built-in concurrency, and excellent security libraries. The backend uses the chi router, connects to a PostgreSQL database.

Frontend: SvelteKit SvelteKit gives us a fast, reactive web application with great developer experience. Styled with Tailwind CSS and shadcn-svelte components.

Browser Extension: Web Extension API Cross-browser compatible extension for Chrome, Firefox, and Edge. Auto-fill, password capture, and seamless vault access—all with client-side encryption.

Landing Page: SvelteKit For now, the landing page only propose to visitors to subscribe to a mailing list and so separated from the main frontend still in development.

The stack is intentionally modern but proven technologies that are mature enough to trust, new enough to be pleasant to work with.

The Business Model

Clefi will launch with a freemium approach for individuals:

This isn’t a venture-backed land-grab. It’s a sustainable business designed to serve customers well, not chase hockey-stick growth at all costs.

When we introduce SME features (shared vaults, team management, admin controls, Enterprise SSO…), we’ll add appropriate pricing for businesses that reflects the additional value.

Where We Are Now

Full transparency: Clefi is in the planning and design phase.

The architecture is defined. The cryptographic approach is decided. The tech stack is chosen. Development is underway.

MVP target: Q1-Q2 2026

The goal is to launch with:

Post-MVP, we’ll add:

Why I’m Building This

I believe French SMEs deserve tools built for their specific needs—not global products with French translations slapped on.

I believe security should be default, not optional.

And I believe that building in public, being transparent about progress, and listening to feedback makes better products.

If you’re interested in Clefi, whether you’re a potential user or someone who has feedback on password management for French businesses I’d love to hear from you.

📧 andreaa@nekolab.fr or andrea@clefi.app or 💻 Twitter

Clefi is in active development. Follow along on this blog for technical updates, architecture decisions, and the journey of building a compliance-first password manager.

🔐 clefi.app - you can subscribe to the mailing list and receive updates about the journey | 💻 Twitter (If I manage to keep a schedule haha)

Share this post on:
Share this post via WhatsAppShare this post on FacebookShare this post on XShare this post via TelegramShare this post on PinterestShare this post via email
Next Post
Launching Project Banana: Budgeting That Actually Makes Sense