Security isn't a feature.
It's the product.
Trust requires transparency. Here is exactly what we encrypt, who holds keys, what we can and cannot read, and what happens at every step.
Your Browser
Encrypted with AES-256-GCM locally. Your passphrase never leaves.
AfterYou Servers
We store unreadable data. No keys, no plaintext, no access.
Recipients
Must pass identity verification. Decrypt locally in their browser.
Encrypted so we cannot read your vault
Live at launchYour files and notes are encrypted in your browser before they reach our servers. We store only ciphertext — scrambled data we cannot read, scan, or interpret. We never receive your passphrase. Even if our servers were compromised or we received a subpoena, there is nothing readable to hand over. This is not a policy. It is the architecture.
Encryption specifications
Live at launchAES-256-GCM for symmetric encryption of vault contents. Your master key is derived from your passphrase using PBKDF2 with 600,000 iterations and a unique per-vault salt. All cryptographic operations use the standard, browser-native WebCrypto API — not a custom implementation. The encryption library is open-source and independently auditable.
Recipient verification
Live at launchWhen a vault enters release mode, recipients must prove their identity before accessing any contents. Default: government ID plus selfie match comparing their document to the name you registered. For sensitive items like crypto seed phrases, you can require a shared passphrase you give them in person. You configure this per item — different levels for different people.
Infrastructure and access controls
Live at launchAll databases are encrypted at rest. All data in transit uses TLS 1.3. Production infrastructure access is restricted to named engineers authenticated via hardware security keys, logged, and audited. No AfterYou employee can read your vault contents — the encryption design makes it impossible, not merely policy. We are not yet SOC 2 certified; that audit is on our roadmap. We will not claim it until it is complete.
Data export and deletion
Live at launchYou own your data. You can export your entire vault as a self-contained encrypted HTML file with the decryption logic included — allowing you or your heirs to decrypt it offline forever, without depending on our servers. You can request full account and vault deletion at any time; ciphertext is removed within 30 days.
What we collect about you
Live at launchAccount email, name, check-in timestamps, and vault access logs. We do not collect analytics beyond what is necessary for security and service operation. We do not sell your personal data. We do not use your data to train AI models. Log data is retained for 90 days.
The missed check-in process
Live at launchThis is what happens if you miss a check-in. Every step is designed to prevent accidental release. You have 14 days and multiple chances to respond before any content reaches a recipient.
Email reminder sent to you.
SMS sent to your registered phone number.
Your designated backup contact is notified and asked to check on you.
Final email and SMS warning — vault is approaching release.
Vault enters release mode. Recipients receive identity-verified access links for the items you assigned them.
What happens if AfterYou shuts down?
RoadmapWe maintain a financial escrow specifically allocated to keep release infrastructure online for at least 5 years after any corporate dissolution. Your encrypted vault is also escrowed quarterly with an independent estate-law trustee — they cannot decrypt it, but they can trigger delivery if we go dark. And you can export a self-contained offline decryption tool at any time so you never depend on our infrastructure.
Financial escrow and trustee escrow are planned pre-launch commitments — not yet active at early access.
Important legal boundary
AfterYou.fyi is not a will, trust, power of attorney, or any legally recognised estate-planning instrument. It does not provide legal advice. It is an information delivery service that complements traditional estate planning by handling practical digital handoffs that wills cannot safely include. We strongly recommend working with a licensed estate attorney for formal legal documents.