LEGAL CENTER

Code of Business Conduct

Our Code of Business Conduct guides our employees on their ethical and legal responsibilities.

Revised: January 2024

This Code of Business Conduct and Ethics (“Code”) sets forth legal and ethical standards of conduct for all directors, officers and employees (referred to herein as “you”) of LastPass US LP and its worldwide subsidiaries and affiliated companies (together referred to herein as the “LastPass”). This Code is intended to deter wrongdoing and to promote the conduct of all LastPass business in accordance with high standards of integrity and in compliance with all applicable laws and regulations.

If you have any questions regarding this Code or its application to you in any situation, you should contact your supervisor or LastPass' General Counsel.

Compliance with Laws, Rules and Regulations

LastPass requires that all employees, officers and directors comply with all laws, rules and regulations applicable to LastPass wherever it does business. You are expected to use good judgment and common sense in seeking to comply with all applicable laws, rules and regulations and to ask for advice when you are uncertain about them.

If you become aware of the violation of any law, rule or regulation by LastPass, whether by its officers, employees, directors, or any third party doing business on behalf of LastPass, it is your responsibility to promptly report the matter to your supervisor and/or to the General Counsel or, if you are an executive officer or director, to LastPass' Board of Directors. While it is LastPass’ desire to address matters internally, nothing in this Code should discourage you from reporting any illegal activity, including any violation of the securities laws, antitrust laws, environmental laws or any other federal, state or foreign law, rule or regulation, to the appropriate regulatory authority. Employees, officers and directors shall not discharge, demote, suspend, threaten, harass or in any other manner discriminate or retaliate against an employee because he or she reports any such violation, unless it is determined that the report was made with knowledge that it was false. This Code should not be construed to prohibit you from testifying, participating or otherwise assisting in any state or federal administrative, judicial or legislative proceeding or investigation.

Conflicts of Interest

Employees, officers and directors must act in the best interests of LastPass. You must refrain from engaging in any activity or having a personal interest that presents a “conflict of interest.” A conflict of interest occurs when your personal interest interferes, or appears to interfere, with the interests of LastPass. A conflict of interest can arise whenever you, as an officer, director or employee, take action or have an interest that prevents you from performing your LastPass duties and responsibilities honestly, objectively and effectively.

For example:

  • No employee, officer or director shall perform services as a consultant, employee, officer, director, advisor or in any other capacity for, or have a financial interest in, a direct competitor of LastPass, other than services performed at the request of LastPass and other than a financial interest representing less than one percent (1%) of the outstanding shares of a publicly- held company; and
  • No employee, officer or director shall use his or her position with LastPass to influence a transaction with a supplier or customer in which such person has any personal interest, other than a financial interest representing less than one percent (1%) of the outstanding shares of a publicly-held company.

It is your responsibility to disclose any transaction or relationship that reasonably could be expected to give rise to a conflict of interest to LastPass’ General Counsel or, if you are an executive officer or director, to the Board of Directors, who shall be responsible for determining whether such transaction or relationship constitutes a conflict of interest.

Confidentiality

Employees, officers and directors must maintain the confidentiality of confidential information entrusted to them by LastPass or other companies, including our suppliers and customers, except when disclosure is authorized by a supervisor or legally mandated. Unauthorized disclosure of any confidential information is prohibited. Additionally, employees should take appropriate precautions to ensure that confidential or sensitive business information, whether it is proprietary to LastPass or another company, is not communicated within LastPass except to employees who have a need to know such information to perform their responsibilities for LastPass. Employees, officers and directors who have confidential information about LastPass or other companies, including our suppliers and customers, as a result of their relationship with LastPass are prohibited by law from profiting off of such confidential information, as well as from communicating such information to others who might seek to profit off of that confidential information

Third parties may ask you for information concerning LastPass. Subject to the exceptions noted in the preceding paragraph, employees, officers and directors (other than LastPass’ authorized spokespersons) must not discuss internal LastPass matters with, or disseminate internal (i.e., non-public) LastPass information to, anyone outside LastPass, except as required in the performance of their LastPass duties and, if appropriate, after a confidentiality agreement is in place. This prohibition applies particularly to inquiries concerning LastPass from the media, market professionals (such as securities analysts, institutional investors, investment advisers, brokers and dealers) and security holders. All responses to inquiries on behalf of LastPass must be made only by LastPass’ authorized spokespersons. If you receive any inquiries of this nature, you must decline to comment and refer the inquirer to your supervisor or one of LastPass’s authorized spokespersons.

You also must abide by any lawful obligations that you may have to your former employer. These obligations may include restrictions on the use and disclosure of your former employer’s confidential information, restrictions on the solicitation of former customers or the solicitation of former colleagues to work at LastPass and/or non-competition obligations.

Honest and Ethical Conduct and Fair Dealing

All LastPass employees, officers and directors should endeavor to deal honestly, ethically and fairly with LastPass’ suppliers, customers, competitors and employees. Statements regarding LastPass’ products and services must not be untrue, misleading, deceptive or fraudulent. You must not take unfair advantage of anyone through manipulation, concealment, abuse of privileged information, misrepresentation of material facts or any other unfair-dealing practice.

Protection and Proper Use of Corporate Assets

Employees, officers and directors should seek to protect LastPass’ assets. Theft, carelessness and waste have a direct impact on LastPass’ financial performance. Employees, officers and directors must use LastPass’ assets and services solely for legitimate business purposes of LastPass and not for any personal benefit or the personal benefit of anyone else.

Employees, officers and directors must advance LastPass’ legitimate interests when the opportunity to do so arises. You must not take for yourself personal opportunities that are discovered through your position with LastPass or the use of property or information of LastPass.

Gifts and Gratuities

The use of LastPass funds or assets for gifts, gratuities or other favors to employees or government officials is prohibited, except to the extent such gifts are in compliance with applicable law, insignificant in amount and not given in consideration or expectation of any action by the recipient.

Employees, officers and directors must not accept, or permit any member of his or her immediate family to accept, any gifts, gratuities or other favors from any customer, supplier or other person doing or seeking to do business with LastPass, other than items of insignificant value. Any gifts that are not of insignificant value should be returned immediately and reported to your supervisor. If immediate return is not practical, they should be given to LastPass for charitable disposition or such other disposition as LastPass, in its sole discretion, believes appropriate.

Common sense and moderation should prevail in business entertainment engaged in on behalf of LastPass. Employees, officers and directors should provide, or accept, business entertainment to or from anyone doing business with LastPass only if the entertainment is infrequent, modest and intended to serve legitimate business goals.

Anti-Bribery and Anti-Corruption Laws

LastPass conducts its business with the highest level of integrity and is committed to conducting its business ethically. Bribes and kickbacks are criminal acts, strictly prohibited by anti-corruption laws. You must not offer, give, solicit or receive any form of bribe or kickback anywhere in the world.

LastPass complies with all anti-corruption laws that apply to its business. Specifically, LastPass is subject to the U.S. Foreign Corrupt Practices Act (“FCPA”), the UK Bribery Act, the U.S. Anti-Kickback Act, and all other applicable anti-bribery and anti-corruption laws, both in the U.S. and internationally. Since LastPass operates as a global SaaS company, these anti-corruption laws apply to each employee, officer and director, regardless of where they are physically located.

Each of these frameworks has an important interpretation of corruption which is important to understand. Specifically, the FCPA prohibits offering anything of value to foreign officials for the purpose of influencing that foreign official or to secure any improper advantage in order to obtain or retain business. Similarly, the UK Bribery Act prohibits: (i) bribing another person or receiving a bribe; (ii) bribing foreign officials; and (iii) for corporations or commercial organizations, failing to prevent bribery, no matter where in the world the act takes place.

Please contact the Legal Department (legal@lastpass.com) if you have any questions related to these anti-corruption laws or their application to you.

Anti-Slavery and Human Trafficking

A substantial portion of LastPass’ workforce consists of skilled labor. All employees hired by LastPass are subject to background checks. LastPass also utilizes independent contractors. Because of the nature of the types of jobs performed by our independent contractors, we believe that there is no meaningful risk of modern slavery. LastPass generally uses placement agencies to source independent contractors. These agencies are selected following a standard sourcing process with defined business criteria.

We are committed to ensuring that there is no slavery or human trafficking in our supply chains or in any part of our business. As a software company, our main operations consist of the delivery of information technology products, solutions and services, and we have undertaken an assessment of risks by completing a detailed review of our business operations and supply chain. As a result of this process, and due to the nature of our business and our approach to governance, we assess that there is very low risk of slavery and human trafficking in our business and supply chains. LastPass does not use an extensive range of local or international suppliers where modern slavery or human trafficking would generally be a material risk. Our supply chain is relatively simple, including acquiring products and services needed for the businesses’ day-to-day operations such as office supplies, leasing premises, employment and professional advice. Our actions to address slavery and human trafficking have included developing this Code. However, we aim to periodically review the effectiveness of and ongoing compliance with the relevant policies and procedures that we have in place. We do not have key performance indicators in relation to slavery or human trafficking as any instance would be expected to be a breach of law, our supplier standards or our LastPass policies.

LastPass is committed to providing a safe and violence-free work environment. Therefore, LastPass has implemented a zero-tolerance policy of violence, threats of violence or any other illegal activity in the workplace. LastPass has mechanisms for its employees to ask questions or report concerns about possible violations of this Code, LastPass policies and laws. This would include any questions or concerns relating to slavery or human trafficking.

Accuracy of Books and Records and Public Reports

Employees, officers and directors must honestly and accurately report all business transactions. You are responsible for the accuracy of your records and reports. Accurate information is essential to LastPass’ ability to meet its legal and regulatory obligations.

All LastPass books, records and accounts shall be maintained in accordance with all applicable regulations and standards and must accurately reflect the true nature of the transactions they record. No undisclosed or unrecorded account or fund shall be established for any purpose. No false or misleading entries shall be made in LastPass’ books or records for any reason, and no disbursement of corporate funds or other corporate property shall be made without adequate supporting documentation.

It is the policy of LastPass to provide full, fair, accurate, timely and understandable disclosure in any financial statements, reports and in public communications.

Concerns Regarding Accounting or Auditing Matters

Employees with concerns regarding questionable accounting or auditing matters or complaints regarding accounting, internal accounting controls or auditing matters may confidentially, and anonymously if they wish, submit such concerns or complaints in writing to LastPass’ General Counsel and Chief Financial Officer. For more information, see the “Reporting and Compliance Procedures” section below. All such concerns and complaints will be forwarded to the Board of Directors, unless they are determined to be without merit by the General Counsel and Chief Financial Officer of LastPass. Any such concerns or complaints may also be communicated, confidentially and, if you desire, anonymously, directly to any member of the Board of Directors.

The Board of Directors will evaluate the merits of any concerns or complaints received by it and authorize such follow-up actions, if any, as it deems necessary or appropriate to address the substance of the concern or complaint.

LastPass will not discipline, discriminate against or retaliate against any employee who reports a complaint or concern, unless it is determined that the report was made with knowledge that it was false.

Dealings with Independent Auditors

No employee, officer or director shall, directly or indirectly, make or cause to be made a materially false or misleading statement to an accountant or auditor in connection with (or omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which such statements were made, not misleading to, an accountant in connection with) any audit, review or examination of LastPass’ financial statements. No employee, officer or director shall, directly or indirectly, take any action to coerce, manipulate, mislead or fraudulently influence any independent public or certified public accountant engaged in the performance of an audit or review of LastPass’ financial statements.

Waivers of this Code of Business Conduct and Ethics

Anyone who seeks an exception to any of these policies should contact LastPass' General Counsel. Any waiver of these policies may be made only by the Board of Directors of LastPass and will be disclosed as required by law.

Reporting and Compliance Procedures

Every employee, officer and director has the responsibility to ask questions, seek guidance, report suspected violations and express concerns regarding compliance with this Code. Any employee, officer or director who knows or believes that any other employee or representative of LastPass has engaged or is engaging in LastPass-related conduct that violates applicable law or this Code should report such information to his or her supervisor or to the General Counsel, as described below. You may report such conduct openly or anonymously without fear of retaliation. LastPass will not discipline, discriminate against or retaliate against any employee who reports such conduct, unless it is determined that the report was made with knowledge that it was false, or who cooperates in any investigation or inquiry regarding such conduct. Any supervisor who receives a report of a violation of this Code must immediately inform the General Counsel.

LastPass has established a whistleblower hotline where you may report any violations or suspected violations of this Code, on a confidential or anonymous basis,. You may also report a suspected violation by contacting LastPass’ General Counsel by mail at: LastPass, 125 High Street, Suite 220, Boston, MA 02110, Attn: General Counsel, or by e-mail (at the email address found in LastPass’ directory).

If the General Counsel receives information regarding an alleged violation of this Code, he or she shall, as appropriate: (a) evaluate such information; (b) if the alleged violation involves an executive officer or a director, inform the Chief Executive Officer and Board of Directors of the alleged violation; (c) determine whether it is necessary to conduct an informal inquiry or a formal investigation and, if so, initiate such inquiry or investigation; and (d) report the results of any such inquiry or investigation, together with a recommendation as to disposition of the matter, to the Chief Executive Officer for action, or if the alleged violation involves an executive officer or a director, report the results of any such inquiry or investigation to the Board of Directors.

Employees, officers and directors are expected to cooperate fully with any inquiry or investigation by LastPass regarding an alleged violation of this Code. Failure to cooperate with any such inquiry or investigation may result in disciplinary action, up to and including discharge.

LastPass shall determine whether violations of this Code have occurred and, if so, shall determine the disciplinary measures to be taken against any employee who has violated this Code. In the event that the alleged violation involves an executive officer or a director, the Chief Executive Officer and the Board of Directors, respectively, shall determine whether a violation of this Code has occurred and, if so, shall determine the disciplinary measures to be taken against such executive officer or director.

Failure to comply with the standards outlined in this Code will result in disciplinary action including, but not limited to, reprimands, warnings, probation or suspension without pay, demotions, reductions in salary, discharge and restitution. Certain violations of this Code may require LastPass to refer the matter to the appropriate governmental or regulatory authorities for investigation or prosecution. Moreover, any supervisor who directs or approves of any conduct in violation of this Code, or who has knowledge of such conduct and does not immediately report it, also will be subject to disciplinary action, up to and including discharge.

Dissemination and Amendment

This Code shall be made available to each new employee, officer and director of LastPass upon commencement of his or her employment or other relationship with LastPass and shall remain available to them throughout their tenure at LastPass.

LastPass reserves the right to amend, alter or terminate this Code at any time for any reason.

This document is not an employment contract between LastPass and any of its employees, officers or directors.

icon-s-light_illustrative_legal-scales-svg

Legal Center

Explore LastPass’ terms of service, privacy policies, and other legal policies and documents.

Go to Legal Center
icon-s-light_illustrative_trust-center-svg

Trust Center

Your single source for the latest security, privacy, compliance, and system performance information.

Visit Trust Center
icon-s-light_illustrative_family-group-svg

About Us

Leading the way in password security and identity management for personal and business digital safety.

Learn about LastPass

Get started with LastPass

LastPass makes it easy to improve employee password habits and endpoint security. See for yourself with a free 14-day trial. No credit card required.