Sensitive material lives in FutureVault, a SOC 2 Type II custodian. Plaintext on our servers is limited to data you choose to display. Every access by your executor is logged with name and timestamp.
Sensitive material lives in FutureVault, a SOC 2 Type II custodian. Plaintext on our servers is limited to data you choose to display. Every access by your executor is logged with name and timestamp.
Private keys, recovery phrases, full account numbers, and document blobs live in FutureVault — never our database. We hold pointers, not contents.
At rest: AES-256-GCM on every sensitive column. In flight: TLS 1.3. Backups are encrypted with separately-rotated keys.
Government ID + selfie + PIN, or the affidavit fallback. Every unlock is reviewed by a human before access opens.
A 7-day window after verification (30 days if no PIN). Other named designees are notified and can dispute. Nothing opens silently.
Every time an executor reveals a sensitive value or downloads a document, we log who, when, and what. Subpoena-able.
We don't sell your data. Sponsorship of the Estate Plan is opt-in: you choose if Barrett Tax Law or Donsky & Donsky sees your file.
| Data type | Where it lives | Who can read it |
|---|---|---|
| Email, name, plan, role | Our Postgres database | You, authorised staff (for support) |
| Will Registry metadata | Postgres (executor contact encrypted) | You always; verified searchers per their tier |
| Treasure Map asset descriptions | Postgres JSONB | You always; lawyer only on items you toggle on; executor after unlock |
| PINs, keys, account numbers | FutureVault (encrypted, SOC 2 II) | You always; executor after full unlock + log |
| Document uploads | FutureVault encrypted blob storage | Reviewers during verification, then sealed |
| Audit log | Append-only Postgres + cold archive | You, your executor, our compliance team |
Even with full read access to our Postgres database, an attacker would see asset descriptions and metadata — not the values that let someone actually take anything. The keys, account numbers, and recovery phrases live in FutureVault behind a separate encryption boundary and a per-user unlock path.
We follow PIPEDA (Canada) and applicable provincial privacy law. If we ever detect a real breach, we notify affected users within 72 hours and the Office of the Privacy Commissioner where required.
We support TOTP authenticator apps. Strongly recommended for any account with a Treasure Map.
Tape it inside the same envelope. Executors need both the registry code and the PIN to start the unlock flow.
People move and change emails. The annual renewal email is your nudge to confirm your executor is still reachable.
If you've set up FraudGuard, sign in here with the same identity assertion. Optional, not required.
The will registry is free. If you change your mind later, your data is yours to export or delete.