Holdfast — Your vault. Delivered when it matters.

Digital estate planning

Everything you'd
want them to
know. Kept safe.
Delivered when
it matters.

Holdfast stores your encrypted vault — accounts, letters, wishes, credentials — and delivers it to the people you trust, only when you need it to.

Create your vault See how it works

Preview a completed vault → See what they'll receive →

AES-256-GCM, client-side

GDPR compliant

ICO registered

Built in the UK, used worldwide

My Vault Encrypted

🔐

Banking & finance 3 items

✉️

Letters to family 2 items

📋

Account credentials 7 items

⚖️

Legal & solicitor/lawyer details 1 item

👤

Recipients Sarah, James

⏰

Monthly check-in due Tap to confirm you're still with us

How it works

Five steps.
A lifetime of peace of mind.

You set it up once. Holdfast handles everything else — quietly running in the background until the moment it's needed.

Build your vault

Everything you'd want them to find, and nothing you'd want anyone else to see. Encrypted on your device first, so even Holdfast can't read it.

Choose who gets what

The people you'd want there if you couldn't be: partner, sibling, solicitor. Each one only ever sees the parts meant for them.

A small monthly check-in

A single click in an email. That's it. Confirms you're well, resets the timer, and keeps the door closed for another month.

We're patient

Life happens. You get busy, you go off-grid, you forget. A missed check-in triggers a follow-up, then another. Nothing is sent on a single ping.

Your people, in your words

Only after the silence is real do your recipients hear from you. Each gets exactly what you set aside for them. Nothing more, nothing they aren't meant to see.

The same security principles used to protect
enterprise infrastructure —
applied to what matters most to you.

AES-256-GCM encryption Zero-knowledge architecture GDPR Article 17 compliant Client-side encryption ICO registered No plaintext storage UK data residency Encrypted at rest & in transit Enterprise-grade architecture

Read the full security breakdown →

Pricing

Simple. No surprises.
Cancel any time.

Start free. Upgrade when you're ready. Every paid plan includes a 30-day money-back guarantee.

Free

£0

forever

Get started, try the vault, set up your first check-in.

1 encrypted vault
Up to 5 vault entries
1 recipient
Monthly check-in only
Text notes only
No document storage

Start free

Personal

£5

per month · or £45/yr

Everything you need to protect what matters most.

Unlimited vault entries
3 recipients
Weekly, fortnightly, or monthly check-in
Document & credential storage
Record a video message for your loved ones
Entry templates to guide what to store
Search, sort & filter entries
Letters to specific recipients
Email delivery confirmation
Digital Estate Addendum for your will

Get started

Family

£9

per month · or £79/yr

Two vaults. One plan. For couples and partners.

Everything in Personal
2 vaults (couple or partner)
5 recipients per vault
Partner invitation flow
Independent, fully private vaults
One plan, both of you covered

Get started

Early Access

Firm

£39

per month · or £399/yr

For solicitors, attorneys, and financial advisers recommending Holdfast to clients.

Unlimited clients
Multi-client dashboard
Invite & revoke clients
Bulk client import
Check-in alerts & client nudges
Personal plan included for every client
Certified Partner Badge
White-label delivery
Export reports (CSV & PDF)
Same-day priority support
and more

Limited places — shape the product and lock in founding-member pricing.

Apply for Early Access

Every plan includes

AES-256-GCM encryption
Encrypted vault export
Zero-knowledge architecture
30-day money-back guarantee

Questions

The things people
always ask first.

What if I go on holiday and miss a check-in?

We never act on a single missed check-in. You'll receive a follow-up email, then a second reminder with a longer grace window. Your vault only triggers after multiple missed check-ins with no response. You can also pause check-ins before you travel.

Can Holdfast read what's in my vault?

No. Your vault is encrypted in your browser using AES-256-GCM before it ever reaches our servers. The encryption key is derived from your passphrase using PBKDF2 (250,000 iterations) — the passphrase never leaves your device, and we never see it or the key. We store ciphertext only. Without your passphrase, the data is meaningless to us and to anyone else, including a future operator or anyone who compromised our database.

Does this replace a will?

No, and we're clear about that. Holdfast is a secure delivery mechanism for the information and messages you want to pass on. It does not create legal documents. We strongly recommend having a formal will alongside your Holdfast vault.

What happens to my data if I cancel?

Your vault stays intact. If you cancel a paid plan, your account reverts to the free tier — your existing entries, recipients, and encryption remain untouched. You can still unlock and read everything. Free tier limits apply to new entries (up to 5) and recipients (1), but nothing you've already stored is removed or locked. Your dead man's switch and delivery instructions remain active regardless of plan — the people you've chosen to protect will still receive your vault.

If you want your data removed entirely, you can request deletion at any time and we will comply fully with GDPR Article 17 — the right to erasure.

Where is my data stored?

All data is stored on EU-based servers in the West EU (Ireland) region and processed under UK GDPR. We do not transfer data outside the UK or EEA. Holdfast is registered with the ICO (registration reference ZC120755) as a data controller.

How do recipients access the vault?

They receive a secure, time-limited link by email. The link gives access only to the items you specifically designated for them — not the entire vault. Each recipient sees only what you intended for them.

Early access

Be there for them
when you can't be.

Holdfast is in early access. Join the list and we'll notify you when your vault is ready — plus 3 months free on the Personal plan.

No spam. Unsubscribe any time. GDPR compliant.

Who We Are

Holdfast is a digital estate management service operated by Nexus-Sectech Ltd ("we", "us", "our"), registered in England and Wales (Company No. 17126982). Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We are registered with the Information Commissioner's Office (ICO) under registration reference ZC120755. Our service allows users to store an encrypted vault of personal information and designate recipients to receive it under specified conditions.

Contact: [email protected]

What We Collect

We collect and process the following personal data:

Account data — your name and email address, provided when you create a vault
Recipient data — names and email addresses of people you designate to receive your vault
Encrypted vault data — the contents of your vault, encrypted client-side before transmission. We never have access to the plaintext contents.
Check-in activity — timestamps of your periodic check-ins and missed check-in events
Payment data — billing information processed by Stripe. We do not store card details.
Usage data — basic server logs, IP addresses, and request metadata for security and operational purposes
Analytics data — anonymised page view data (page URL, referrer, browser type, OS, and country) collected via Plausible Analytics. This data contains no personal identifiers and is never linked to your account.

Zero-Knowledge Architecture

Your vault contents are encrypted in your browser using AES-256-GCM before being sent to our servers. Your passphrase is never transmitted to or stored by us. This means we are technically unable to read, access, or recover the contents of your vault. This is by design.

Passphrase Hint (Optional)

You may choose to set an optional passphrase hint — a short text clue (up to 200 characters) to help your recipients recall the passphrase. The hint is encrypted at rest using AES-256-GCM with a key held outside the database (in our application environment). It is decrypted in-memory only at the moment a recipient opens the vault, and shown to them on the vault open page. The hint is not included in delivery emails — recipients must click through to the vault open page to see it. You control whether the hint is ever shown via a visibility toggle in Settings, and you may edit or remove it at any time.

Because the encryption key is held by us (not by you), this protects against database-only compromise but does not provide the same zero-knowledge guarantee as your vault contents — if you require absolute secrecy, do not set a hint.

How We Use Your Data

To operate the Holdfast service and deliver your vault to recipients when triggered
To send check-in reminder, escalation, and delivery notification emails
To process subscription payments via Stripe
To respond to support enquiries
To comply with legal obligations

Legal Basis (UK GDPR)

Contract — processing necessary to deliver the service you have signed up for
Legitimate interests — security logging, fraud prevention, and service improvement
Legal obligation — where required by applicable law

Third-Party Services

We use the following sub-processors to deliver our service:

Supabase — database and file storage hosting (EU region). Stores encrypted vault data, encrypted file attachments, recipient details, and account metadata.
Resend — transactional email delivery for check-in reminders and vault delivery notifications
Stripe — payment processing. Stripe's own privacy policy applies to payment data.
Vercel — application hosting and serverless infrastructure
Cloudflare — edge network, DDoS protection, DNS, and bot mitigation (Cloudflare Turnstile). Cloudflare acts as a reverse proxy for all traffic to Holdfast and processes IP addresses and request metadata at the network edge. Cloudflare does not have access to encrypted vault contents. Data is processed in accordance with Cloudflare's DPA. See cloudflare.com/privacypolicy.
Cloudflare Turnstile — loaded on signup, login, password reset, invite acceptance, account recovery, and the support form to verify requests come from genuine users. Turnstile is privacy-preserving — it sets no tracking cookies, does not profile users, and does not track activity across sites, though it may process anonymised browser signals (user agent, interaction telemetry, IP address) to score bot likelihood.
Plausible Analytics — privacy-friendly, cookieless website analytics. Plausible collects anonymised aggregate data only (page views, referrers, browser, OS, country). No personal data is collected, no cookies are set, and no cross-site tracking occurs. Plausible is GDPR compliant and does not process personal data as defined under UK GDPR. See plausible.io/privacy.
Google LLC (Google Workspace) — waitlist lead capture. Email addresses submitted via the Holdfast waitlist form are stored in Google Sheets with EU data residency. Google's Data Processing Amendment is in force. See workspace.google.com/terms/dpa.

We do not sell your data to third parties. We do not use your data for advertising.

Push Notifications (Optional, Per-Device)

If you opt in to push notifications — from the check-in page after a successful check-in, or from Settings → Push reminders — Holdfast stores a per-device subscription record containing your browser's push endpoint URL and the encryption keys your browser generates for the subscription. We use this to send you a brief reminder on your device when a check-in is due or overdue. Email reminders fire regardless of push state; push is supplementary.

Push messages reach your device through your browser's push service — Google's Firebase Cloud Messaging (Chrome, Edge), Mozilla autopush (Firefox), or Apple Push Notification service (Safari). The browser determines which service handles your subscription. These act as transport endpoints rather than data processors: the message body is authenticated and encrypted end-to-end (VAPID + RFC 8291 Web Push encryption) before leaving our servers, so the push service forwards opaque ciphertext only. The payload itself contains only a generic line (e.g. "Time to check in") and a link back to /checkin — never vault contents, entry titles, recipient details, or other plaintext metadata.

You can disable push at any time from Settings → Push reminders. Disabling is per-device — turning push off on your phone does not affect a separate subscription on your laptop. If your browser cancels the subscription (you clear site data, reinstall, or revoke permission), our records are auto-cleaned on the next delivery attempt.

Data Retention

Your vault and account data are retained for as long as your account is active
Vault data is never deleted due to payment lapse — only editing is restricted
You may request deletion of your account and all associated data at any time by contacting us
Delivery tokens expire after 30 days of issue

Your Rights

Under UK GDPR you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request erasure of your data
Restrict or object to processing
Data portability
Lodge a complaint with the ICO at ico.org.uk

To exercise any of these rights, contact us at [email protected].

Cookies & Analytics

Holdfast does not use tracking or advertising cookies. We use localStorage in your browser solely to store your encrypted vault key material and session preferences.

We use Plausible Analytics to understand how the site is used. Plausible is cookieless — it sets no cookies and does not collect or store any personal data. Analytics data is aggregate and anonymous. You will not be tracked across sites or sessions.

Cloudflare Turnstile is loaded on signup, login, password reset, invite acceptance, account recovery, and the support form to distinguish humans from automated bots. Turnstile is privacy-preserving — it sets no tracking cookies and does not track users across sites. Strictly-necessary security cookies may be set briefly during the verification process.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The effective date above will be updated accordingly.

Agreement

By creating a Holdfast account or using our service, you agree to these Terms of Service. If you do not agree, do not use the service. These terms are governed by the laws of England and Wales.

The Service

Holdfast is a digital estate management and dead man's switch service. It allows you to store an encrypted vault of personal information, nominate recipients, and set a check-in schedule. If you stop checking in, the service escalates and ultimately delivers your vault to your nominated recipients.

Your Account

You are responsible for maintaining the confidentiality of your login credentials and vault passphrase
You must provide accurate contact information including a valid email address
You are responsible for all activity that occurs under your account
You must be at least 18 years old to use this service

Your Passphrase — Critical Notice

Your vault is encrypted with a passphrase that is never transmitted to or stored by us. We cannot recover your passphrase under any circumstances. If you lose your passphrase, your vault contents are permanently inaccessible — including to us. You are solely responsible for sharing your passphrase with recipients through a secure offline method of your choosing.

Recipient Responsibility

You confirm that you have the right to store personal information about your nominated recipients and that they have been informed (or will be informed) that they may receive communications from Holdfast. You are responsible for keeping recipient contact details current.

Vault Contents

You are solely responsible for the contents of your vault. You agree not to store:

Content that is illegal under UK law
Credentials or information belonging to third parties without their consent
Content intended to harm, defraud, or harass any person

As your vault is zero-knowledge encrypted, we cannot monitor its contents. However, we reserve the right to suspend accounts where we have reasonable grounds to believe these terms are being violated.

Check-In Schedule and Delivery

You are responsible for completing your check-ins on schedule
Failure to check in will trigger escalation emails followed by vault delivery to your recipients
Holdfast is not liable for unintended vault delivery resulting from missed check-ins
Delivery links sent to recipients expire after 30 days

Subscription and Payment

The free plan is provided without charge and may have feature limitations
Paid plans are billed via Stripe on a monthly or annual basis
Subscriptions renew automatically unless cancelled before the renewal date
On cancellation, your account reverts to the free plan — vault contents and the dead man's switch remain active
We do not offer refunds for partial billing periods except where required by law
30-day money-back guarantee: If you are unsatisfied with Holdfast for any reason, you may request a full refund within 30 days of your first subscription payment. This applies to first-time subscribers only and does not extend to subscription renewals or plan upgrades. Upon refund, your account will revert to the free plan. To request a refund, contact [email protected]
We reserve the right to modify pricing with 30 days' notice to existing subscribers

Data and Deletion

Your vault data is never deleted due to non-payment — your account reverts to the free tier with its limits, but existing entries and recipients are preserved
You may request full account and data deletion at any time by contacting [email protected]
Deletion is irreversible. Encrypted vault data will be permanently removed.

Service Availability

We aim to maintain high availability but do not guarantee uninterrupted access to the service. Scheduled maintenance will be communicated where possible. We are not liable for losses arising from service unavailability.

Limitation of Liability

To the fullest extent permitted by law, Holdfast and Nexus shall not be liable for any indirect, incidental, or consequential damages arising from your use of the service. Our total liability to you in any calendar year shall not exceed the amounts paid by you to us in that period.

We are not liable for the actions of recipients upon receiving vault contents, or for the consequences of vault delivery triggered by missed check-ins.

Changes to These Terms

We may update these terms from time to time. Material changes will be communicated by email at least 14 days before taking effect. Continued use of the service after that date constitutes acceptance of the updated terms.

Contact

For any questions regarding these terms, contact us at [email protected].

Holdfast: zero-knowledge digital estate vault and dead man's switch

Five steps.A lifetime of peace of mind.

Simple. No surprises.Cancel any time.

The things peoplealways ask first.