Security · Privacy
How we protect your documents
We hold ourselves to a standard you would expect of a private bank, not a consumer software product. This page is plain English, on purpose.
Encryption at rest
Every document you upload is encrypted with its own unique key using AES-256-GCM, an industry-standard algorithm trusted by governments and financial institutions. That key is then wrapped by a master key held in a hardware-protected key management service. We never store decryption keys alongside your data.
Access control
No Legatus employee can read your documents without an authenticated request from you or a fully verified release event. Row-level security is enforced inside our database, not just in application code, so a mistake in one layer cannot expose another customer's data.
Authentication
We strongly encourage two-factor authentication on every account, and we prompt you to turn it on before you begin. Recovery codes are generated once and stored by you, not us. Sessions expire after 30 minutes of inactivity and 12 hours of absolute use.
Audit trail
Every meaningful action on your account is recorded permanently — uploads, access, designations, claims, votes, and releases. The log is append-only; even we cannot rewrite it. You can review your full history at any time.
Honest limits
Today, we use server-side encryption. That means a sufficiently determined breach of our infrastructure could, in theory, expose documents. We mitigate that risk with a managed KMS, strict access boundaries, and SOC 2 controls (targeting Type I within twelve months of launch). A future release will offer a zero-knowledge mode for those who want it; we will not ship it until it has been independently reviewed by professional cryptographers.
Subprocessors
We use Supabase (database and storage), Vercel (application hosting), Resend (email), and Twilio (SMS notifications). All are bound by data processing agreements appropriate for personal and sensitive data.
Questions, answered
- How are my documents encrypted?
- Every document you upload is encrypted with its own unique key using AES-256-GCM — an industry-standard algorithm trusted by governments and financial institutions. That per-document key is then wrapped by a master key held in a hardware-protected key management service, and we never store decryption keys alongside your data.
- Who can access my documents?
- No Legatus employee can read your documents without an authenticated request from you or a fully verified release event. Access is enforced by row-level security inside our database, not just in application code, so a mistake in one layer cannot expose another customer's data. Your documents are released only to the heirs you designate, and only after the verification process you configured.
- Is a digital vault safer than a safe-deposit box for my will?
- For most families, yes. A safe-deposit box can be sealed or hard to access after someone passes, and the people who need the will often cannot get to it when it matters. Legatus Vault keeps your documents encrypted during your life and releases them to the people you name when the time comes — with an append-only record of everything that happens.
- What happens if Legatus is breached?
- Today we use server-side encryption, so a sufficiently determined breach of our infrastructure could in theory expose documents. We mitigate that risk with a managed key management service, strict access boundaries, and SOC 2 controls (targeting Type I within twelve months of launch). A future zero-knowledge mode will be offered only after independent review by professional cryptographers.
More questions? Write to security@legatusvault.com. We answer every message.