Holdfast · Comparison · Cipherwill

Holdfast vs Cipherwill: honest comparison

A working comparison of two zero-knowledge digital legacy platforms, written for people who are seriously evaluating both. We have not made this page to talk you out of Cipherwill. They are a real product solving a real problem in a way that overlaps with ours, and on a couple of axes they are genuinely the better fit. Where the two products diverge meaningfully, we explain the divergence in terms you can check.

Compares: Holdfast vs Cipherwill
Sources: Cipherwill's own published pages, verified on date of writing
Posture: Honest about where each product is the better fit

01The short verdict

All Cipherwill facts on this page were taken from their own published pages (cipherwill.com, the will execution timeline, the privacy policy, the third-party processors list, and the about page) on the date this comparison was written. If anything has moved since, we would rather know than not. Drop us a line.

Choose Holdfast if

You need delivery that works for everyone

Recipients open an email and decrypt with a passphrase you shared in life. No account, no signup, no platform learning curve on the day it matters. Operated under UK GDPR, which the EU recognises as equivalent. A dedicated tier for professional firms in legal and financial services.

Choose Cipherwill if

You want the lowest price and an open client

Cipherwill's Premium tier is the cheapest paid plan in the category at $40 a year. The entire frontend is published on GitHub. Hardware-key and FIDO2 options suit technical users protecting crypto and online accounts.

Choose Cipherwill if you are protecting primarily crypto holdings and online accounts, the operator's GDPR posture is not a meaningful concern to you, you want the cheapest paid plan in this category, or you want to read the open-source client code yourself before trusting it.

Choose Holdfast if you want a delivery flow that works for non-technical recipients without them having to sign up for the platform, you want an operator that is compliant with UK GDPR (which the EU recognises as providing an equivalent level of protection under its adequacy decision), or you want a B2B tier built for professional firms in legal and financial services.

That is the honest summary. The rest of this page is the working.

02How each one is built

Both products describe themselves as zero-knowledge. The phrase means the operator cannot read your vault contents even with full access to their own database, because the encryption key is derived from a passphrase that never leaves your browser. Both products earn that label on their primary content path. The architectures underneath are different.

Cipherwill runs on Google Cloud, Vercel, Render, DigitalOcean and Aiven, fronted by Cloudflare. Vault contents are encrypted with AES-256, key material is generated from one or more "security factors" (a master password, a FIDO2 key, a YubiKey, on-device biometrics, or a crypto wallet), and the encryption is layered with elliptic-curve cryptography for key encapsulation and what they call Time Capsule Encryption for timed release. The client-side code is published on GitHub at github.com/CipherwillHQ/Cipherwill, which is a real and unusual transparency commitment for this category and we will give it full credit further down.

Holdfast runs on Vercel for compute, Supabase Postgres for storage, and Cloudflare for DNS and CAPTCHA. Vault contents are encrypted client-side with AES-256-GCM. The key is derived from your passphrase using PBKDF2 with 250,000 iterations of SHA-256, against a per-user salt. The encryption module sits at github.com/Nexus-sectech/holdfast-crypto and is loaded into the vault page with Subresource Integrity, so the browser verifies its SHA-256 hash before executing it and refuses to run it if the file has been altered.

The honest delta on the cryptography:

Algorithm strength. AES-256 on both, fine on both. Neither product is the weak link here.
Key derivation. PBKDF2 is FIPS-validated and widely supported. Argon2id is the modern preference and is memory-hard, which makes large-scale offline guessing more expensive. Neither product currently uses Argon2id; Holdfast has it on the roadmap and says so.
Layered encryption. Cipherwill applies multiple cryptographic layers (time capsule key, then beneficiary's public key) as a defence-in-depth measure. The layering is real engineering work and not theatre, though the strongest single layer is what carries the security guarantee.
Quantum posture. Cipherwill lists CRYSTALS-Kyber (a post-quantum lattice scheme) among the cryptography on their footer. Holdfast does not currently use post-quantum primitives for vault contents and is honest that AES-256 plus a strong passphrase remains the part of the stack most resilient to quantum threats anyway. If your threat model explicitly includes a 10 to 20 year future quantum adversary, Cipherwill mentions the algorithm; verify it is actually applied to the content path you care about before assuming the marketing matches the implementation.
Verifiability. Both products publish the cryptographic client. Cipherwill publishes the full client repo. Holdfast publishes the cryptographic boundary as a standalone module with browser-enforced Subresource Integrity, which is a cryptographic guarantee that what executes in your browser matches the file on GitHub. Both are credible commitments; they answer slightly different questions ("can I read everything you ship me?" vs "can the browser refuse to run a tampered version?").

There is no good faith reading of either product's cryptography page that suggests it is weak. The differences are in what surrounds it.

03The trigger and delivery flow

This is where the two products diverge more sharply than the encryption pages would suggest, and it is the difference most likely to matter on the day a vault actually fires.

Cipherwill's timeline

Default trigger window is three months. If you do not log in for three months, Cipherwill begins the execution sequence. The trigger window is configurable to weekly, monthly, quarterly, semi-annually or annually.

Once the trigger fires, Cipherwill's reminder schedule is:

Day 3 after the trigger: first reminder.
Day 30 after the trigger: second reminder.
Day 90 after the trigger: third reminder.
Day 100 after the trigger: will execution. Time capsule keys are released to beneficiaries on their Cipherwill dashboard, and beneficiaries are notified.
Day 200 (100 days after execution): beneficiary access ends, the will is revoked, and the user's account and data are deleted.

So on the default cadence, the full window from your last login to data being delivered to beneficiaries is approximately seven months. Beneficiaries access the data through a Cipherwill dashboard, which means they need to create a Cipherwill account (or have one already, and to have been added as a beneficiary in a way that pairs to their account).

Holdfast's timeline

Default trigger window is one month, with weekly available on Family and Firm tiers. Check-in is a single click on a tokenised email link, or a login to the dashboard.

Once a check-in is missed:

Grace period: 7 days, no escalation.
Escalation: 7 days, during which up to 3 reminder emails are sent through distinct delivery infrastructure so that a single deliverability failure does not silence the whole sequence.
Delivery: if escalation passes without check-in, the encrypted vault and delivery instructions go to the recipients you nominated. Recipients do not need a Holdfast account. They open an email and use the delivery passphrase you shared with them in life (text, card, sealed envelope, kept with a solicitor) to decrypt the contents.
Retention: 30 days after delivery the vault is fully purged. A warning email goes out on day 23. On day 30 the encrypted blob, salt, hash and hint are nulled, storage files are deleted, the Stripe subscription is cancelled, and the user row is anonymised.

On the default Holdfast cadence the full window from your last check-in to delivery is roughly six to eight weeks; the full lifecycle ends two months after that. Beneficiaries never sign up; the vault explains itself when it arrives.

Why this matters

The Cipherwill timeline is built around verifying that someone is genuinely gone before delivering anything. Three months without a login is a strong signal, and the additional 100 days before execution leaves plenty of room for a missed-email scenario to resolve itself. That is a defensible design choice and is honestly described on their site.

The Holdfast timeline is built around the practical reality that families need access more quickly than that. In our experience working with people who have administered estates, the cost of waiting is usually larger than the cost of an occasional false positive, particularly because Holdfast has a one-click pause for holidays, hospital stays, and digital detoxes, and because the check-in is a single tokenised click rather than a full login.

The recipient flow is the second sharp divergence. Cipherwill's beneficiaries need an account on Cipherwill's platform to receive what was left to them. Holdfast's recipients open an email and use a passphrase shared offline. For a tech-fluent beneficiary either flow is fine; for a 78-year-old surviving spouse who has never used a password manager, the difference is everything.

04Jurisdiction and compliance

This is the section that most often gets skipped in a comparison page, and it shouldn't be.

Cipherwill is operated by Zetapad Technologies, a company based at 13th Cross, Baldwins Road, Bengaluru, Karnataka, India. Their published privacy policy describes general security practices (AES-256, access controls, audits, incident response) but does not designate a data controller under UK or EU GDPR, does not list a representative in the UK or EU, does not reference Standard Contractual Clauses for cross-border data transfer, and does not list a regulator with which the company is registered. This is consistent with operating under Indian data protection law (the DPDP Act 2023) rather than under UK or EU GDPR; that is not a criticism of the company, it is simply where they are based.

Holdfast is operated by Nexus-Sec Ltd, a UK limited company at Companies House (number 17126982) registered at 71-75 Shelton Street, Covent Garden, London. Nexus-Sec Ltd is registered with the Information Commissioner's Office. Holdfast is compliant with UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision. Users worldwide are welcome; data is processed to UK/EU standards regardless of where the user is based. For users in jurisdictions with their own data protection regimes (CCPA in California, LGPD in Brazil, the Australian Privacy Principles, PIPEDA in Canada, and others), our baseline exceeds most jurisdictions' default protections, but we do not currently implement jurisdiction-specific flows like a CCPA "Do Not Sell" toggle as a first-class feature. We do not sell data in any case, and we say so plainly in our privacy policy. The data controller is named there, sub-processors are listed with their roles and locations, infrastructure is configured for EU data residency where possible (Supabase is hosted in Frankfurt), and we have a published closure plan committing to a minimum 90-day notice, an export tool, and a documented decryption procedure if the business ever winds down.

The practical implications of operating under UK GDPR:

Subject access requests. Both products say you can request your data. Holdfast operates inside the jurisdiction that gives you a statutory 30-day response window and an established complaints route through the ICO, and we apply that response standard uniformly regardless of where the requester lives.
Erasure and rectification rights. UK GDPR rights, applied to every user, with a regulator on our side who can be contacted if we fall short.
Cross-border transfers. Cipherwill's infrastructure list (Google Cloud, Vercel, Render, DigitalOcean, Aiven) implies US and international processing. There is no published SCC documentation. If your work or personal threat model requires documented EU/UK transfer controls, this is a gap to weigh.
Successor liability. Holdfast's terms commit to user notice on change of control, with the architectural property (keys we cannot read) surviving any change in ownership. Cipherwill's privacy policy references business transfers more briefly.

None of this makes Cipherwill an unsafe product. It does mean that if you value data protection under a regime the EU has formally recognised as equivalent to its own, Holdfast is operating under a posture that Cipherwill is not.

05Pricing

Both products publish their pricing transparently on their main sites. The figures below were taken on the date of writing and may have shifted since.

Cipherwill (taken from their pricing page on the date of writing):

Free: $0 forever. Limited segments, 5 beneficiaries, email-only communications, email support.
Premium: $40 per year (discounted from a list price of $60). All segments, unlimited beneficiaries, 1GB file storage, data backup, SMS and phone notifications, live chat support, early access to features.

Holdfast (taken from our pricing page on the date of writing):

Free: £0 forever. 5 entries, 1 recipient, monthly check-in.
Personal: £5 per month or £45 per year. Unlimited entries, 3 recipients, choice of weekly, fortnightly or monthly check-in.
Family: £9 per month or £79 per year. Two independent vaults on one plan (one per partner, each fully private), 5 recipients per vault, video messages up to 50MB each.
Firm: £39 per month or £399 per year. Solicitor B2B tier with white-label delivery, soft cap of 20 clients included, tiered overage above that, dedicated dashboard, client invitation flow.

On price alone, Cipherwill Premium at roughly $40 per year is cheaper than Holdfast Personal at £45 per year (call it $55-ish at the exchange rate as of writing). If price is the deciding factor and the rest of the comparison is a wash for your use case, Cipherwill wins on that axis. Be honest with yourself about whether the rest of the comparison really is a wash.

06Where Cipherwill is genuinely better

Two things are worth saying clearly and not burying.

The open-source client. Cipherwill publishes the entire client codebase on GitHub. We publish only the cryptographic boundary. If you are someone who wants to clone, read and audit the whole frontend before trusting it, Cipherwill gives you more material to work with. That is a real choice on their part and we respect it.

The security factor options. Cipherwill supports FIDO2 keys, YubiKeys, on-device biometrics and crypto wallets as ways of holding the key material, not just a passphrase. For users who already live inside that ecosystem (a hardware-token-using crypto holder, for instance), that is a more natural fit than memorising and sharing a passphrase. Holdfast has deliberately stayed with passphrases because the recipients on the other end of a delivery are typically non-technical, and a passphrase shared offline is something they can act on under stress. Both choices are defensible; if you sit on the technical end of the spectrum, Cipherwill's options will appeal more.

07Where Holdfast is built differently

Three things we have done deliberately that Cipherwill has not.

Recipients without an account. Holdfast vaults deliver themselves on email plus an offline-shared passphrase. The recipient does not sign up. The vault explains itself on arrival. This is a locked principle of the product and is the thing that most often matters on the day delivery actually fires.

A Firm tier built around professional firms in legal and financial services. The Holdfast Firm tier is built for professional firms offering digital legacy planning to clients as part of their service — UK solicitors and IFAs, and their international counterparts in legal and financial services. White-label delivery, CSV bulk client invite, a per-firm dashboard, and a soft-cap-plus-overage pricing model are all aimed at making this a viable channel for professional firms rather than a side offering. Cipherwill does not have a B2B tier of comparable scope.

Compliance with UK GDPR. Companies House registration, ICO registration, named director, published closure plan, documented sub-processors, EU data residency where possible, and a privacy policy written to UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision. None of this is a competitive moat on its own. Taken together, it is the difference between a family knowing what to do if something goes wrong and the same family discovering that the operator is on a different continent under a different legal regime.

08Honest summary

Choose Cipherwill if you sit at the technical end of the spectrum, your assets are mostly crypto and online accounts, you want the lowest paid tier in the category, and the operator's regulatory posture is not part of your decision. Their cryptography is sound, their commitment to open source is real, and at $40 a year their Premium tier is excellent value if it fits.

Choose Holdfast if you want delivery to work for recipients who have never used a password manager, you want an operator compliant with UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision, or you want a B2B tier built for professional firms in legal and financial services. The Family tier at £79 a year covers two partner vaults independently, and the Firm tier opens an entire B2B route that does not exist on Cipherwill at all.

If you are still on the fence, the most useful thing you can do is set up a Free account on each and walk through the recipient flow with someone you would actually nominate. The product that lets your nominee finish the test without asking you for help is the product to choose.

Last verified against published Cipherwill pages on the date this comparison was written. If Cipherwill has changed materially since and any fact above is out of date, please let us know at [email protected] and we will correct it.