Everything you need to know about securing your digital legacy
Not at this stage, but this is something on our roadmap. We're focusing on getting the core web platform rock-solid first, with plans to release native mobile apps within the next year. The web app is fully responsive and works well on mobile browsers in the meantime.
Your data is encrypted client-side before it ever leaves your device using AES-256-GCM. We use a zero-knowledge architecture—we cannot access your data even if we wanted to. While you can upload pre-encrypted archives, that creates a challenge: how do your trusted contacts get the passphrase when needed? That's why VaultWard handles secure key distribution automatically through our quorum-based emergency access system.
We've designed VaultWard with this concern in mind. All encryption happens client-side, and you can export your encrypted vault at any time. We also provide the encryption keys and algorithms used, so your data is never locked into our platform. Additionally, we're exploring decentralized storage options to ensure long-term data availability independent of our operations.
You set a check-in interval (e.g., every 30 days). VaultWard sends you reminders to confirm you're okay. If you miss check-ins, a warning period begins. Trusted contacts can then initiate emergency access requests. Only after your configured quorum (e.g., 2 of 3 contacts) have requested access AND the waiting period expires does the vault become accessible. You can cancel at any time by checking in.
No. We use a quorum-based emergency access system with multiple safeguards: (1) Multiple contacts must independently request access to meet your configured threshold (e.g., 2 of 3). (2) A mandatory waiting period (24h to 30 days) gives you time to cancel if you're still active. (3) You receive alerts when access is requested. (4) All access attempts are logged in an immutable transparency log. No single contact—or even a subset below your threshold—can access your data.
Your Data Encryption Key (DEK) is protected using multiple layers: It's encrypted with a Key Encryption Key (KEK) derived from your passkey using HKDF. For emergency access, we use X25519 key exchange—each contact has their own public/private keypair, and your DEK is encrypted specifically to their public key using NaCl authenticated encryption. Only after emergency release can contacts use their private keys to decrypt their key shares.
Yes! Our core cryptographic libraries and client-side code are open source and available on GitHub. This allows security researchers to audit our implementation and ensures transparency. The server-side infrastructure uses well-known open-source components like Ory Kratos for identity management and HAProxy for secure load balancing.
We use FIDO2/WebAuthn passkeys for authentication. This means you can log in using your device's biometrics (Face ID, Touch ID, fingerprint) or a hardware security key like a YubiKey. Passkeys are phishing-resistant and more secure than passwords because the cryptographic credentials are bound to our specific domain and cannot be stolen or reused. We also use the WebAuthn PRF extension to derive encryption keys directly from your passkey.
VaultWard is designed for storing critical information you'd want passed on in an emergency: legal documents, financial account details, cryptocurrency wallet seeds, insurance policies, medical directives, passwords to important accounts, personal messages for loved ones, and any other sensitive data. There's no strict file type limit, but we recommend keeping individual files under 100MB for optimal performance.
We're currently in private beta, offering early access to founding members. Pricing will be announced closer to our public launch, but we're committed to making VaultWard accessible. We believe everyone deserves to secure their digital legacy, regardless of technical expertise or budget. Early adopters will receive significant discounts and lifetime benefits.
VaultWard addresses several critical risks: (1) Data breach: Even if our servers are compromised, attackers only get encrypted data they cannot decrypt. (2) Single point of failure: Quorum requirements prevent any single person (including VaultWard staff) from accessing your vault. (3) Malicious contacts: The waiting period and owner notifications prevent unauthorized access. (4) Sudden death: Your digital legacy is preserved and can be accessed by trusted contacts. (5) Platform lock-in: You can always export your data. All actions are logged in a transparency log for audit purposes.
We're here to help. Reach out to our team for personalized assistance.
Contact Us