LegacySafe handles some of the most sensitive information a family can hold. Every architectural decision reflects that responsibility.
Every detail of your vault is engineered with military-grade precision, ensuring your legacy remains impenetrable.
Face ID, Touch ID, and device biometrics via iOS Secure Enclave and Android Keystore.
No analytics scripts touch vault data. Zero third-party visibility into your stored assets.
Assign shares to multiple people with custom percentages. Each beneficiary unlocks their slice independently.
Set contestation windows, dispute holds, and staged unlocks so your intent is honoured exactly as planned.
Our team guides beneficiaries through the process — KYC, legal questions, asset handover — step by step.
Every category of wealth, secured and documented for the people who matter most.
Bank accounts, FDs, PPF, NPS, mutual funds, stocks, and crypto wallets — all documented with nominee details and access instructions.
Encrypted photo albums, video messages, and personal letters that unlock as a final gift to the people you love.
Will, property deeds, insurance policies, and business agreements — stored securely with full access history.
Your documents are encrypted on your device before they leave it. LegacySafe's servers only ever see ciphertext — not your files. Even our engineers cannot read what you store.
We use AES-256-GCM encryption with keys derived from your credentials. The plaintext never touches our servers. Decryption only happens locally, in your browser or app.
Every vault is protected by its own unique encryption key managed by AWS Key Management Service with hardware security modules.
Each user gets a dedicated KMS key. Key material never leaves AWS HSMs. Envelope encryption means your data key is itself encrypted at rest. A breach of one account can never cascade to another.
Built to India's Digital Personal Data Protection Act 2023. Your data is stored in India, processed transparently, and you retain full rights to correction and erasure.
All personal data is stored in AWS ap-south-1 (Mumbai). We maintain a full data processing record, provide a consent audit trail, and support right-to-erasure requests within 72 hours.
No single person can trigger a vault unlock. Two independent notifiers — one family member, one legal contact — must separately confirm before any action begins.
After both notifiers confirm, a mandatory 72-hour contestation window begins. The vault owner is notified immediately via all registered channels. Any dispute freezes the process. Only after the hold expires — with no dispute — does beneficiary KYC begin.
Every login, every change, every notification is permanently logged with timestamps and actor IDs. Your family gets a complete, tamper-proof record of every access event.
Audit logs are written to a separate append-only store with no update or delete permissions. Each log entry is hash-chained to the previous, making retroactive tampering detectable. Logs are retained for 7 years.
End-to-end encrypted sync across web and mobile. Biometric authentication on mobile. Automatic session expiry keeps idle sessions safe.
Sessions expire after 30 minutes of inactivity. Mobile apps use device biometrics via iOS Secure Enclave and Android Keystore. All API traffic is TLS 1.3. No third-party analytics scripts have access to vault data.
Ready to protect what matters most?
Start your free trial →