YourEstateVaultBeta
Back to Home

Security Overview

How YourEstateVault protects your data — explained plainly for users, executors, and solicitors evaluating the platform.

Last reviewed: April 2026

1. How your data is encrypted

Your vault data is encrypted in your browser before it is ever sent to our servers. This means the plaintext contents of your vault — your personal details, financial records, final wishes, and messages — never leave your device unencrypted.

We use AES-256-GCM (Advanced Encryption Standard, 256-bit key, Galois/Counter Mode), which is the same standard used by governments, banks, and the NHS to protect sensitive data.

Technical details

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key derivation: PBKDF2-SHA256, 310,000 iterations
  • Key source: Derived from your unique account identity (OAuth openId)
  • Where encryption happens: Client-side (in your browser), using the Web Crypto API
  • What the server stores: Ciphertext only — never plaintext

2. What we can and cannot see

We cannot see

  • • The contents of any vault section
  • • Your personal identity details
  • • Your financial records
  • • Your final wishes or messages
  • • Your vault PIN
  • • Your Executor Pack passphrase

We do store

  • • Your email address (for login and notifications)
  • • Your subscription status
  • • Dead Man's Switch schedule settings
  • • Executor email address(es)
  • • Encrypted vault ciphertext
  • • Last check-in timestamp

Because vault data is encrypted before it reaches us, a breach of our servers would expose only ciphertext — not your personal information.

3. Server infrastructure and data residency

YourEstateVault is operated from the United Kingdom. Encrypted vault data is stored on servers within the EU/EEA, in compliance with UK GDPR. We do not transfer personal data to countries outside the UK/EEA without appropriate safeguards.

All data in transit is protected by TLS 1.2 or higher. Our infrastructure is hosted on enterprise-grade cloud providers with 99.9% uptime SLAs, automated backups, and monitoring.

4. Executor Pack security

The Executor Pack is a self-contained encrypted HTML file you can generate from your vault and store offline (USB drive, cloud storage, with a solicitor, etc.).

It is protected by a separate passphrase you choose at export time. This passphrase is entirely independent of your YourEstateVault login password and your vault PIN — it is never transmitted to or stored on our servers.

Important: If you lose the Executor Pack passphrase, there is no recovery mechanism — the file cannot be decrypted without it. Store the passphrase somewhere your executor can find it (e.g. with a solicitor, in a sealed envelope, or recorded in your Dead Man's Switch settings).

5. Responsible disclosure

If you believe you have found a security vulnerability in YourEstateVault, please report it responsibly using the form below or by emailing [email protected]. We will acknowledge your report within 1 business day and aim to resolve confirmed vulnerabilities within 30 days.

Please do not publicly disclose vulnerabilities before we have had a reasonable opportunity to investigate and address them.

Questions about security?

We are happy to answer questions from users, solicitors, or organisations evaluating YourEstateVault for estate planning purposes.

[email protected]