Holdfast vs DGLegacy: honest comparison

01The short verdict

All DGLegacy facts on this page were taken from their own published pages (dglegacy.com, the Trust Center, the Apple App Store listing, the pricing page, and the TechCrunch Disrupt 2024 Startup Battlefield writeup) on the date this comparison was written. If anything has moved since, we would rather know than not. Drop us a line.

Choose DGLegacy if you want a structured asset cataloguing system that notifies beneficiaries about what you have and where it is without necessarily handing them the credentials directly, you value the multi-signal HeartBeat protocol (social media monitoring, biometric login monitoring, email and phone escalation), or you want bundled legal support for beneficiaries via DGLegacy's law-firm partnerships.

Choose Holdfast if you want recipients to receive the actual encrypted credentials, documents, and final messages themselves rather than just notifications, you want a single-passphrase delivery flow that explains itself on arrival, you want a named UK operator compliant with UK GDPR which the EU recognises as providing an equivalent level of protection under its adequacy decision, or you want a professional solicitor channel as part of the product.

The honest one-line summary: DGLegacy is an asset cataloguing and notification service. Holdfast is an encrypted vault that holds whatever you put in it — credentials, signposting information about where assets are held, documents, and private video messages — and delivers it to recipients directly when check-ins fail. Some families need the first, some need the second, many would benefit from both. The rest of this page helps you tell which group you are in.

02How each one is built

The two products solve overlapping problems with different architectures, and understanding the difference is the most important thing you can do before choosing.

DGLegacy's model

DGLegacy is, at its core, an asset register and notification engine. You catalogue your assets — bank accounts, insurance policies, retirement funds, cryptocurrency wallets, stocks, employee equity, physical property, documents — into a structured database with the minimum information needed for your beneficiaries to identify and locate them. You then assign beneficiaries and trustees to each asset entry.

DGLegacy describes itself as a zero-knowledge architecture with AES-256 encryption and compliance with GDPR and CCPA. Data is stored in EU data centres. Multi-factor authentication and biometric mobile login are supported.

The HeartBeat protocol is the trigger mechanism. DGLegacy monitors several signals to confirm you are alive:

• Social media activity: if you connect your social accounts, DGLegacy treats public posts as "alive" events (no access to private data, per their statement).
• Biometric app login: opening the DGLegacy app with biometric authentication is treated as an alive event.
• Periodic email confirmation: if no other alive event is detected within your configured window, DGLegacy emails you to confirm.
• Phone call escalation: on premium tiers, DGLegacy will phone you anywhere in the world before triggering inheritance.

If all signals fail and confirmations go unanswered, DGLegacy treats this as a fatal event and proactively notifies your beneficiaries about the assets you assigned to them. The beneficiaries are told what assets exist, where they are, and how to claim them — often, this means going to the actual financial institution or platform and providing documentation. The Platinum tier adds an Executive Assistant for beneficiary support and a "Guide and Inform" legal package via partnership with a renowned law firm.

DGLegacy is built by DGLegacy, registered at Amtsgericht Berlin-Charlottenburg (HRB 214312 B), with offices at Sony Center Kemperplatz 1, 10785 Berlin, Germany. Co-founded in January 2021 by Ana and Peter Minev. The company was featured at TechCrunch Disrupt 2024 Startup Battlefield and has partnerships with international law firms Cooley LLP and Bird & Bird.

Holdfast's model

Holdfast is an encrypted vault. What goes into it is up to you: credentials and recovery phrases that recipients can act on directly, signposting information that tells beneficiaries where to find assets they will need to claim institutionally, account access instructions, final letters, documents, and private video messages addressed to individual recipients. The Family tier and above support video messages up to 50MB per message, stored alongside the rest of the vault contents. All vault contents are encrypted client-side with AES-256-GCM. The key is derived from a passphrase you choose, using PBKDF2 with 250,000 iterations of SHA-256 against a per-user salt. The passphrase never leaves your browser, never reaches our servers, and cannot be recovered by us.

The encrypted vault blob lives in Supabase Postgres (hosted in Frankfurt). The encryption module sits at github.com/Nexus-sectech/holdfast-crypto and is loaded into the vault page with Subresource Integrity, so the browser refuses to execute it if the file has been altered.

When check-ins stop, Holdfast delivers the encrypted vault and instructions to each recipient by email after a documented escalation. Recipients open an email and use the passphrase that you shared with them in life — written on a card, in a sealed envelope, kept with a solicitor — to decrypt the vault contents. They now have direct access to whatever you stored — credentials, signposting, documents, and any video messages you recorded for them.

Holdfast is operated by Nexus-Sec Ltd (71-75 Shelton Street, Covent Garden, London), a UK limited company at Companies House (number 17126982), registered with the Information Commissioner's Office, compliant with UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision.

Why this difference matters

The DGLegacy model assumes your beneficiaries will go to the underlying institutions (banks, insurers, exchanges, employers) to claim assets, armed with the information that those assets exist. Beneficiaries still have to prove identity, provide death certificates, navigate institutional probate processes, and follow whatever the institution requires. DGLegacy's job is to make sure your beneficiaries know where to start and don't miss accounts entirely.

The Holdfast model assumes your recipients need direct access to whatever you decide to put in the vault — credentials to log in, recovery phrases to recover wallets, signposting information about where to find assets, instructions to follow, documents to read, video messages from you to receive. We deliver the encrypted vault and your recipients decrypt it.

The two models are not mutually exclusive. A thorough digital legacy plan might use both: DGLegacy for the asset register your executor needs to inventory your estate, Holdfast for the credentials, final messages, and instructions that need to reach specific people directly. We are honest that some users will rationally choose to use both products for different parts of the problem.

Where you have to choose, the question is: do your beneficiaries need a list of what assets exist and how to claim them institutionally, or do they need the credentials and instructions to act directly?

03The trigger and delivery flow

DGLegacy's multi-signal HeartBeat protocol and Holdfast's single-signal check-in lead to materially different experiences for the user and for the recipients on the other end.

DGLegacy's flow

DGLegacy's HeartBeat protocol uses multiple alive-signals as described above. The owner configures the cadence of email confirmations. If all configured signals fail (no social activity, no biometric logins, no email response, no phone response on premium tiers), DGLegacy declares a fatal event and:

• Sends email notifications to designated beneficiaries about the assets assigned to them.
• Notifies trustees so they can guide beneficiaries through the claiming process.
• On Platinum tier, the Executive Assistant and "Guide and Inform" legal package activate to support beneficiaries.

Beneficiaries log into DGLegacy (creating an account on the platform if they don't have one) to view the asset information assigned to them. They then go to the institutions to claim the assets themselves.

The exact cadence between signals failing and the fatal event being declared is configurable by the user and is not publicly specified as a single number. The multi-signal approach is the main design feature: a missed email alone is not treated as fatal, because social activity or biometric login might still indicate you are alive.

Holdfast's flow

When a check-in is missed:

• Grace period: 7 days, no escalation.
• Escalation: 7 days, during which up to 3 reminder emails are sent through distinct delivery infrastructure so that a single deliverability failure does not silence the whole sequence.
• Delivery: if escalation passes without check-in, the encrypted vault and delivery instructions go to each nominated recipient. Each recipient receives their email independently.
• Retention: 30 days after delivery, the vault is fully purged. A warning email goes out on day 23. On day 30 the encrypted blob, salt, hash and hint are nulled, storage files are deleted, the Stripe subscription is cancelled, and the user row is anonymised.

Each recipient opens their email, follows the instructions, and decrypts the vault with the passphrase shared with them offline. No platform account required. No multi-party coordination. No institution navigation needed for the vault contents themselves.

The asymmetry

DGLegacy's multi-signal trigger has a real advantage: it is harder to false-positive. A user on a long sabbatical who has stopped checking email but is still posting on social media will not be declared dead. A user who has lost their phone but logs in biometrically on their tablet will not be declared dead. The HeartBeat protocol's redundancy is a genuine engineering strength.

Holdfast's single-signal trigger (a tokenised email check-in) is simpler and more predictable. Each check-in is a deliberate confirmation. False positives are minimised by the 7-day grace period plus 7-day escalation plus three-channel reminder system, and the user can pause check-ins for holidays or hospital stays with a single click. We are explicit that we don't monitor social media or biometric logins, both because we don't think we need to and because we don't want to.

For the receiving end, DGLegacy beneficiaries get notification and asset information; they still have to do institutional work to claim. Holdfast recipients get the encrypted vault and decrypt it themselves with a passphrase shared in life. Different jobs, different flows.

04Jurisdiction and compliance

Both DGLegacy and Holdfast are EU/UK-based GDPR-compliant operators. This is a comparison where the regulatory posture is broadly similar on both sides, with one notable difference in geographic ambition.

DGLegacy is a German company registered at Amtsgericht Berlin-Charlottenburg (HRB 214312 B), based at Sony Center Kemperplatz 1, 10785 Berlin. Operating under EU GDPR with the Berliner Beauftragte für Datenschutz as the regulator. Data centres are EU-based. DGLegacy states compliance with both GDPR and CCPA. The company describes itself as a "global service" and has formal compliance partnerships with international law firms Cooley LLP and Bird & Bird to handle cross-jurisdiction questions.

Holdfast is operated by Nexus-Sec Ltd, a UK limited company registered with the Information Commissioner's Office. Holdfast is compliant with UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision. Users worldwide are welcome; data is processed to UK/EU standards regardless of where the user is based. For users in jurisdictions with their own data protection regimes (CCPA in California, LGPD in Brazil, the Australian Privacy Principles, PIPEDA in Canada, and others), our baseline exceeds most jurisdictions' default protections, but we do not currently implement jurisdiction-specific flows like a CCPA "Do Not Sell" toggle as a first-class feature. We do not sell data in any case, and we say so plainly in our privacy policy.

The practical differences come down to architecture and scope rather than regulation:

• What the operator can technically access. Both operators describe zero-knowledge architectures. DGLegacy holds structured metadata about your assets (which institutions, account identifiers, beneficiary assignments) encrypted at rest. Holdfast holds an encrypted blob it cannot read, with the decryption passphrase never leaving your browser.
• What a regulator can do for you. Both companies are reachable through their respective EU/UK data protection authorities. Subject access requests, erasure rights, and rectification all work as expected.
• Geographic compliance ambition. DGLegacy has invested in formal law-firm partnerships (Cooley LLP and Bird & Bird) for global compliance posture. Holdfast operates under UK GDPR uniformly and is honest about not implementing jurisdiction-specific first-class flows for regimes like CCPA. DGLegacy's posture is broader; Holdfast's is simpler.

If your concern is "I want a GDPR-compliant European operator," both products clear that bar. The choice between them is not primarily about regulation.

05Pricing

DGLegacy uses a tiered subscription model with optional one-time lifetime plans for their Gold and Platinum tiers. Holdfast uses recurring subscription pricing only. Both publish their pricing transparently and the figures below were taken on the date of writing.

DGLegacy (taken from their App Store listing and pricing aggregators on the date of writing):

• Silver (Free): 3 assets protected, 10 passwords, 1 beneficiary per asset, unlimited trustees, email notifications, multi-factor authentication.
• Gold: $5.99/month, $83.90/year, or $120 lifetime. Unlimited assets, beneficiaries, trustees, and passwords. Email and phone notifications for beneficiaries. Phone confirmation on the HeartBeat protocol.
• Platinum: $9.99/month, $107.99/year, or $180 lifetime. All Gold features plus dedicated Executive Assistant support for beneficiaries and the "Guide and Inform" legal package via DGLegacy's law-firm partnership.

A 90-day money-back guarantee is offered on paid plans.

Holdfast (taken from our pricing page on the date of writing):

• Free: £0 forever. 5 entries, 1 recipient, monthly check-in.
• Personal: £5 per month or £45 per year. Unlimited entries, 3 recipients, choice of weekly, fortnightly, or monthly check-in.
• Family: £9 per month or £79 per year. Two independent vaults on one plan, 5 recipients per vault, video messages up to 50MB each.
• Firm: £39 per month or £399 per year. Solicitor B2B tier with white-label delivery, soft cap of 20 clients included.

At year one, DGLegacy Gold ($83.90/year ≈ £67) costs roughly the same as Holdfast Personal (£45/year). At year three, DGLegacy's one-time $120 Gold plan becomes cheaper than three years of Holdfast subscription (£135). The interesting question isn't which is cheaper at three years — it's whether the products are doing the same job for your situation.

DGLegacy's Platinum tier offers something Holdfast does not at any tier: bundled legal support for beneficiaries via an international law firm partnership. If that bundled legal layer is genuinely important to you, it is a real reason to choose DGLegacy. If your estate planning legal work is already handled by your own qualified professional — a UK solicitor, an estate attorney, a notary in a civil-law jurisdiction, or an IFA with estate-planning capability — the Platinum legal package may be redundant.

06Where DGLegacy is genuinely better

Three things are worth saying clearly and not burying.

Multi-signal HeartBeat protocol. The combination of social media monitoring, biometric login monitoring, email check-in, and phone escalation is genuinely more robust against false-positive triggers than any single-signal system. For users who travel extensively, have erratic email habits, or want belt-and-braces life-detection, this is real engineering value. Holdfast is deliberately single-signal because we think a clear check-in click is more predictable than a fuzzy multi-signal estimate, but the trade-off favours DGLegacy if your concern is false positives.

Asset cataloguing as the primary mental model. If your situation is one where the problem is your family not knowing what assets exist — multiple bank accounts across countries, employer equity, scattered crypto exchanges, insurance policies you forget about, retirement plans from old employers — DGLegacy's "single pane of glass for assets" framing is genuinely useful. Holdfast can hold this information too, but DGLegacy is built around the cataloguing problem and has structured features for it that we don't.

Bundled legal support. The Platinum tier's "Guide and Inform" package via Cooley LLP and Bird & Bird gives beneficiaries access to international legal guidance on claiming assets. For complex multi-jurisdiction estates, that is a real benefit. Holdfast's Firm tier serves the same audience by integrating with the user's own solicitor, which is a different operating model.

07Where Holdfast is built differently

Three things we have done deliberately that DGLegacy has not.

Recipients receive the actual contents, not just notifications. Holdfast vaults deliver whatever you stored, encrypted: credentials and recovery phrases recipients can act on directly, signposting information about where assets are held, documents, and on Family tier and above, private video messages addressed to individual recipients up to 50MB each. Recipients decrypt with the passphrase you shared in life and have what they need to act, without needing to go to financial institutions, navigate probate, or wait for an Executive Assistant to schedule a call. For situations where the time between an unforeseen event and your recipients needing access is short — a crypto wallet that must be moved before a market event, a final letter that needs to be read, a recurring service that must be paused — direct delivery is decisive.

No platform account required for recipients. Holdfast recipients do not need a Holdfast account, do not need to install an app, do not need to verify identity through the platform. They receive an email and use a passphrase. For non-technical recipients — a 78-year-old surviving spouse, a non-technical adult child — this matters more than any feature in the product. DGLegacy beneficiaries log into the DGLegacy platform to access their notifications.

A solicitor-facing tier. The Holdfast Firm tier is built for professional firms offering digital legacy planning to clients as part of their service — UK solicitors and IFAs, and their international counterparts in legal and financial services. White-label delivery, CSV bulk client invite, a per-firm dashboard, and a soft-cap-plus-overage pricing model are all aimed at making this a viable channel for professional firms. DGLegacy serves a similar audience through Cooley LLP and Bird & Bird partnerships, which is a different model — institutional law firms acting as a referral and support layer rather than individual firms using the platform with their own clients.

08Honest summary

Choose DGLegacy if the primary problem for your family is that they don't know what assets exist or where to find them, you value redundant fatal-event detection, you want bundled international legal support for beneficiaries, or your situation involves complex cross-jurisdiction estates where having law firms on tap matters. Their HeartBeat protocol is genuinely clever engineering, their feature set for the asset-cataloguing problem is mature, and their TechCrunch Disrupt 2024 visibility is a fair signal of category investment.

Choose Holdfast if your recipients need direct access to credentials and instructions rather than notifications and platform logins, you want delivery to work for people who have never used a digital legacy product, you want an operator compliant with UK GDPR which the EU recognises as providing an equivalent level of protection under its adequacy decision, or you want a solicitor channel as part of the product. The Family tier at £79 a year covers two partner vaults independently, and the Firm tier opens an entire B2B route to professional services that complements rather than replaces existing solicitor relationships.

If you are still on the fence, the most useful thing you can do is ask yourself one question: when an unforeseen event happens, do my beneficiaries need a structured notification that my assets exist and where to find them, or do they need to open an encrypted vault and see whatever I put in it — credentials, signposting, documents, video messages — without going through a platform? Both are real needs. The product that answers your version of that question is the product to choose. Some people will rationally end up using both.

Last verified against published DGLegacy pages on the date this comparison was written. If DGLegacy has changed materially since and any fact above is out of date, please let us know at [email protected] and we will correct it.