KeePassXC/keepass2android/Nextloud. Those are the major entities with access to my passwords/kdbx. Not including Linux, and if I exclude Linux because it’s open source, I should technically also exclude all other of those things, because they’re also licensed under GPL. So the only entity I have to trust is me, and that’s actually a security risk.