Ever Legacy
Security & Privacy

Security and privacy you can actually understand

Your digital legacy contains some of the most sensitive information in your life. Ever Legacy is designed to keep that information protected while still making it possible to share it with the right people at the right time.

Below is a high-level overview of how we approach security. For any questions, reach us at support@everlegacy.app.

Last updated: November 2025

How we protect your data

Vault encryption

All sensitive vault data (passwords, account numbers, private keys, notes, etc.) is encrypted using AES-256-GCM before it's stored in the database. This is an industry-standard authenticated encryption algorithm that provides both confidentiality and integrity.

Each user has a unique encryption key (256 bits) that is used to encrypt their vault data. This user-specific key is itself encrypted with a master key (stored securely as an environment variable) using the same AES-256-GCM algorithm.

This means that even if someone gains access to the database, they cannot read your encrypted data without the master key. Each user's data is isolated — one user cannot decrypt another user's vault.

Passwords

Your account password is never stored in plaintext. We use bcrypt with a cost factor of 12 (4,096 iterations) to hash your password before storing it in the database.

Bcrypt automatically generates a unique salt for each password, making it resistant to rainbow table attacks. Even if someone gains access to the password hashes, they cannot easily reverse them to get your original password.

Transport

All communication between your browser and our servers is encrypted using HTTPS/TLS. This ensures that data in transit cannot be intercepted or modified by third parties.

Our database connections also use SSL/TLS encryption, protecting data as it moves between the application server and the database.

What we DON'T do

We don't read your vault

We don't read or analyze the contents of your encrypted vault for advertising, analytics, or any other purpose. Your encrypted data remains private.

We don't sell your data

We never sell your personal information or encrypted vault data to third parties. We only collect the data we need to run the service.

We're not a law firm

Ever Legacy is a technical solution for storing and delivering digital information. We don't provide legal advice or act as a legal will provider. We recommend consulting with a lawyer for formal estate planning.

We don't log sensitive data

We never log plaintext passwords, encryption keys, or decrypted vault content. Our logging policy focuses on operational data (user IDs, timestamps, error messages) without exposing sensitive information.

Limitations and transparency

What this is

  • Strong industry-standard encryption (AES-256-GCM)
  • Defense in depth against database breaches
  • Per-user isolation (unique keys per user)
  • Authenticated encryption (tampering is detected)
  • Clear, transparent practices — we tell you exactly what we do

What this is NOT

We want to be clear about what Ever Legacy is not, so you can make an informed decision:

  • Not zero-knowledge: This is server-side encryption. The server has access to the master key and can decrypt data if needed (for example, to deliver it to beneficiaries). This is suitable for our use case but different from zero-knowledge systems where the server cannot decrypt your data.
  • Not "bank-level": We don't use Hardware Security Modules (HSM) or have formal compliance certifications like PCI-DSS or HIPAA. We use strong, industry-standard encryption that's appropriate for protecting sensitive personal data.
  • Not end-to-end encrypted: While data is encrypted at rest and in transit, the server mediates the encryption/decryption process. This is necessary for the service to function (e.g., delivering data to beneficiaries when triggered).
  • Not a legal will: Ever Legacy is a technical tool that complements your legal estate plan. It doesn't replace a formal will or provide legal advice.

Where your data lives

Ever Legacy runs on modern cloud infrastructure in professionally managed data centers. We follow industry best practices for securing our servers and limit access to production systems to a small, authorized team. If you'd like more detail about our hosting setup, please contact us at support@everlegacy.app.

We believe in transparency. If you have questions about our security practices, we're happy to discuss them.

Have security questions? Reach us at support@everlegacy.app and we're happy to discuss.