Security you can trust
Legacy Vault is built on a simple principle: your private information should stay private. No servers, no accounts, no compromises.
Privacy by design
Every architectural decision in Legacy Vault prioritizes your privacy and security.
Offline-first architecture
Legacy Vault runs entirely on your device. No internet connection is required after installation. Your sensitive estate information never touches a server.
Zero network calls
We don't collect analytics, sync to the cloud, or phone home. There are no accounts to create, no servers to trust, and no data breaches to worry about.
Local encryption
Your vault is encrypted using industry-standard AES-256 encryption. The encryption key is derived from your master password and never stored anywhere.
Password-derived keys
We use PBKDF2 with a high iteration count to derive encryption keys from your password. This makes brute-force attacks computationally infeasible.
How we protect your data
Multiple layers of protection ensure your estate information stays secure.
You control access
Only you hold the keys to your vault. Executor access is optional and requires a separate passphrase that you create and share on your terms.
Verified exports
When you export documents or your emergency kit, the data is encrypted before it leaves the app. You choose how and where to store backups.
Executor isolation
Executors get read-only access with their own passphrase. They cannot modify your vault, and their access can be revoked at any time.
No recovery backdoors
There's no "forgot password" option because we don't store your password. Your emergency kit is your recovery method—keep it safe.
Technical specifications
| Encryption algorithm | AES-256-GCM |
| Key derivation | PBKDF2-SHA256, 100,000+ iterations |
| Data storage | Local encrypted SQLite database |
| Network activity | None (fully offline) |
| Backup format | Encrypted binary with integrity verification |
| Executor access | Separate passphrase, read-only permissions |
Security FAQ
What encryption does Legacy Vault use?
Legacy Vault uses AES-256-GCM for encrypting your data. Keys are derived using PBKDF2-SHA256 with 100,000+ iterations, making password attacks extremely difficult.
Where is my data stored?
All data is stored locally on your device in an encrypted database file. Nothing is ever uploaded to any server. You can back up this file manually or through your system's backup solution.
What happens if I forget my password?
Without your password, your vault cannot be decrypted. This is by design—it means no one else can access your data either. Use your emergency kit for recovery.
Can Legacy Vault see my documents?
No. We have no access to your data. The app runs entirely offline, and encryption happens on your device with keys only you possess.
Is executor access secure?
Yes. Executors use a separate passphrase that grants read-only access. They cannot modify your vault, and you can change or revoke their access anytime.
How do I back up my vault?
You can export encrypted backups at any time. Store them on an external drive, in a safe deposit box, or with a trusted family member. The backup remains encrypted.
Your privacy matters
Experience true data ownership with Legacy Vault.