Holdfast vs GoodTrust: honest comparison

01The short verdict

All GoodTrust facts on this page were taken from their own published pages (mygoodtrust.com, the security pages, the pricing page, the support help centre, and the AOL partnership announcement) on the date this comparison was written. If anything has moved since, we would rather know than not. Drop us a line.

Choose GoodTrust if you are in the US and need an integrated estate planning suite (will or revocable living trust plus directives, valid in all 50 US states), you want attorney-crafted estate documents bundled with a Digital Vault, you have access to GoodTrust through a partner channel (AOL Premium, Beneficiary Advance, employer benefits, insurance providers) where the cost is materially subsidised, or your problem is "I don't have a will and I need one, plus somewhere to organise the rest."

Choose Holdfast if you already have your legal estate planning handled separately (by a UK solicitor, an estate attorney, a notary, an IFA, or any qualified estate professional), you want client-side encryption where the operator cannot read your vault contents even if compelled, you want recipients to receive the actual encrypted contents directly without creating a platform account, or you want a B2B tier built specifically for professional firms in legal and financial services.

The honest one-line summary: GoodTrust is a US estate planning service with a vault attached. Holdfast is a UK-operated encrypted vault that pairs with your existing legal estate planning. If you need will-drafting, GoodTrust does that and we do not. If you need the strongest cryptographic guarantee on your vault contents and a clean delivery flow to non-technical recipients, Holdfast does that and GoodTrust uses a different model.

02How each one is built

The architectures look superficially similar — both products store information in vaults and deliver access to trusted contacts after a trigger event. The differences in scope and encryption posture are significant.

GoodTrust's model

GoodTrust is built around the Estate+ bundle: an integrated suite of attorney-crafted estate documents plus the Digital Vault. The Estate+ plan includes:

• A Last Will and Testament or Revocable Living Trust (your choice; the Trust option includes a pour-over will for full protection).
• Financial Durable Power of Attorney.
• Advance Medical Directive.
• Funeral Directive.
• Pet Directive.
• Digital Vault for documents, online account information, device access, social media accounts, future messages, and Trusted Contact assignment.
• Family plan: each adult family member can create their own complete plan at no additional cost.
• Unlimited updates for the first year, then $39/year membership to continue making changes.

All estate documents are valid in all 50 US states. The platform won the 2022 LegalTech Breakthrough Award.

Encryption architecture. GoodTrust describes its security as "bank-level 256-bit encryption" with multi-factor authentication and Digital Vault cloud storage. They do not publish a zero-knowledge architecture claim — meaning the encryption is operator-managed (keys held within GoodTrust's infrastructure) rather than derived from a user-held passphrase. This is "encrypted at rest with strong access controls" rather than cryptographically impossible-to-decrypt-by-the-operator.

Trigger model. Users designate Trusted Contacts and can grant access either immediately or only after death. The Dead Man's Switch is a recurring email check-in: GoodTrust sends you emails at user-configured intervals to confirm you are alive. If you do not respond within your designated timeframe, the trigger fires. Notified Trusted Contacts can access the documents you shared with them. Any pre-recorded email or video messages you scheduled are sent at this point.

Separate WGSD service. GoodTrust also offers a distinct "We Get Sh!t Done" (WGSD) service: families pay GoodTrust to handle post-mortem account work — memorialising Facebook pages, extracting Google Photos, stopping Netflix subscriptions, closing LinkedIn accounts, recovering PayPal funds. Customers give GoodTrust power of attorney and the documentation required by each website; GoodTrust does the institutional follow-up on their behalf. They claim compatibility with more than 100 popular sites and apps. This is a service offering rather than a product feature, and the company has stated that it does not have access to customer accounts or their content — only the authority to act on behalf of the family with the websites.

GoodTrust is built by GoodTrust Inc., headquartered in Palo Alto, California, founded September 2020 by Rikard Steiber (former Google executive). Co-founders include Markus Thorsveldt (CTO) and Daniel Sieberg (CMO, former technology journalist). The company has cultivated a wide partner-distribution network including AOL Premium, Beneficiary Advance, and various employee benefits and insurance providers.

Holdfast's model

Holdfast is an encrypted vault, not an estate planning suite. We do not draft wills, trusts, or legal directives. What we do is hold whatever you want to store: credentials and recovery phrases that recipients can act on directly, signposting information that tells beneficiaries where to find assets they will need to claim institutionally, account access instructions, final letters, documents, and private video messages addressed to individual recipients. The Family tier and above support video messages up to 50MB per message, stored alongside the rest of the vault contents.

All vault contents are encrypted client-side with AES-256-GCM. The key is derived from a passphrase you choose, using PBKDF2 with 250,000 iterations of SHA-256 against a per-user salt. The passphrase never leaves your browser, never reaches our servers, and cannot be recovered by us. Even with full access to our database, we cannot decrypt your vault.

The encrypted vault blob lives in Supabase Postgres (hosted in Frankfurt). Video messages are stored on Supabase Storage with the same encryption boundary. The encryption module sits at github.com/Nexus-sectech/holdfast-crypto and is loaded into the vault page with Subresource Integrity, so the browser refuses to execute it if the file has been altered.

When check-ins stop, Holdfast delivers the encrypted vault and instructions to each recipient by email after a documented escalation. Recipients open an email and use the passphrase that you shared with them in life — written on a card, in a sealed envelope, kept with a solicitor — to decrypt the vault contents directly. They see the credentials, the signposting, the documents, and any video messages addressed to them.

Holdfast is operated by Nexus-Sec Ltd (71-75 Shelton Street, Covent Garden, London), a UK limited company at Companies House (number 17126982), registered with the Information Commissioner's Office, compliant with UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision.

Why this difference matters

The two products are addressing related but distinct problems:

• GoodTrust's core proposition: "You probably don't have a will. We will give you one (and a trust, and directives, and a vault) for $149, and your family will get an integrated package that includes all the legal documents your estate needs." This is a real and useful proposition, particularly for US households without existing legal estate planning.
• Holdfast's core proposition: "Your will is handled by your solicitor or estate attorney. What that legal process does not cover — the credentials, the signposting, the private messages your recipients need to hear directly from you — sits in a cryptographically secure vault and delivers itself when check-ins fail. Recipients open an email and decrypt with a passphrase you shared in life."

These two propositions complement each other more than they compete. A US household with neither a will nor a digital legacy plan might genuinely benefit from GoodTrust's bundled approach. A household where the will and trust are already drafted with a qualified estate professional might find GoodTrust's legal-document tooling redundant and Holdfast's stricter encryption and direct-delivery model more useful for the digital-asset layer.

Where the two products meaningfully overlap is the vault itself, and on that layer, the encryption posture differs: operator-managed at GoodTrust, cryptographically zero-knowledge at Holdfast.

03The trigger and delivery flow

Both products use a check-in-based trigger and deliver access to designated contacts after a failed response window. The recipient experience differs.

GoodTrust's flow

Users designate Trusted Contacts and grant them either immediate access (for selected information) or after-death access. The Dead Man's Switch sends scheduled email check-ins. The user configures the cadence; if confirmations are not received within the designated window, the trigger fires.

When the trigger fires:

• Trusted Contacts are notified by email about the documents and information they have access to.
• Pre-recorded email and video messages scheduled by the user are sent at this point.
• Trusted Contacts log into GoodTrust to view the documents and Vault items assigned to them.

For the WGSD service, beneficiaries can pay GoodTrust separately to handle post-mortem account closures across more than 100 sites, providing GoodTrust with the death certificate and power of attorney documentation needed for each platform.

Holdfast's flow

When a check-in is missed:

• Grace period: 7 days, no escalation.
• Escalation: 7 days, during which up to 3 reminder emails are sent through distinct delivery infrastructure so that a single deliverability failure does not silence the whole sequence.
• Delivery: if escalation passes without check-in, the encrypted vault and delivery instructions go to each nominated recipient. Each recipient receives their email independently.
• Retention: 30 days after delivery, the vault is fully purged. A warning email goes out on day 23. On day 30 the encrypted blob, salt, hash and hint are nulled, storage files are deleted, the Stripe subscription is cancelled, and the user row is anonymised.

Each recipient opens their email, follows the instructions, and decrypts the vault with the passphrase shared with them offline. No platform account required, no app to install.

The asymmetry

GoodTrust's flow keeps recipients inside its platform. Trusted Contacts log into GoodTrust to view the documents and Vault items assigned to them. This is the same model used by Everplans and most US estate-planning platforms, and it has real advantages: documents stay alongside the legal estate plan, the platform mediates access, and the operator can support beneficiaries through the process.

Holdfast's flow delivers content directly. Recipients open an email, decrypt with a passphrase, and see whatever was in the vault — credentials, signposting, documents, video messages — without ever touching the Holdfast platform after delivery. This is the same approach used by services prioritising recipient simplicity for non-technical contacts, and it has the advantage that recipients do not need to remember Holdfast exists when the time comes.

For the WGSD service, GoodTrust offers something Holdfast does not: a paid service where the operator does the institutional account-closure work on behalf of the family. This is a real value for families dealing with a complex digital estate they do not want to navigate themselves.

04Jurisdiction and compliance

This is where the two products diverge most sharply.

GoodTrust is a Delaware corporation based in Palo Alto, California. All estate documents (will, trust, directives) are crafted by US estate-planning attorneys and are valid in all 50 US states. The company operates under US data protection law and the regulatory frameworks of the states it serves. GoodTrust does not publish UK or EU GDPR controller designations, EU representative information, or references to Standard Contractual Clauses for cross-border data transfer. This is consistent with operating primarily as a US service for US customers — GoodTrust's value proposition is largely tied to US legal jurisdictions, and the company has not positioned itself as a globally-operated platform.

Holdfast is operated by Nexus-Sec Ltd, a UK limited company registered with the Information Commissioner's Office. Holdfast is compliant with UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision. Users worldwide are welcome; data is processed to UK/EU standards regardless of where the user is based. For users in jurisdictions with their own data protection regimes (CCPA in California, LGPD in Brazil, the Australian Privacy Principles, PIPEDA in Canada, and others), our baseline exceeds most jurisdictions' default protections, but we do not currently implement jurisdiction-specific flows like a CCPA "Do Not Sell" toggle as a first-class feature. We do not sell data in any case, and we say so plainly in our privacy policy.

The practical implications:

• For US users. GoodTrust's estate planning documents work within the US legal framework you live in. Holdfast operates under UK GDPR uniformly and pairs with your existing US estate attorney rather than replacing them.
• For UK and EU users. GoodTrust's US wills and trusts are not valid in UK or EU jurisdictions. The Digital Vault can still be used independently, but the estate-document layer is essentially US-only. Holdfast is a UK-operated service compliant with UK GDPR and the EU adequacy framework.
• For users elsewhere. GoodTrust's estate documents will not be valid in your jurisdiction. The Digital Vault component remains usable, but the bundled value proposition is meaningfully reduced outside the US. Holdfast operates under UK GDPR uniformly and welcomes users from any jurisdiction.

This is the most important framing for the comparison: GoodTrust's legal-documents layer is bounded by US jurisdiction; Holdfast does not attempt to draft legal documents and is therefore not jurisdictionally bounded in the same way.

05Pricing

The price comparison is not apples-to-apples because the products are not the same.

GoodTrust (taken from their pricing page on the date of writing):

• Estate+ Plan: $149 one-time for the first year. Includes Will or Trust, all four directives (financial power of attorney, advance medical directive, funeral directive, pet directive), Digital Vault, family plan (each adult creates their own), and unlimited updates for the first year.
• Annual membership after first year: $39/year to continue making updates and maintaining the plan.
• WGSD service: Pricing per task or per bundle; some services (Facebook memorialisation for first responders) at no cost.
• Partner channels: Free or subsidised access through AOL Premium, Beneficiary Advance, employer benefits, insurance providers, and similar partnerships.

Holdfast (taken from our pricing page on the date of writing):

• Free: £0 forever. 5 entries, 1 recipient, monthly check-in.
• Personal: £5 per month or £45 per year. Unlimited entries, 3 recipients, choice of weekly, fortnightly, or monthly check-in.
• Family: £9 per month or £79 per year. Two independent vaults on one plan, 5 recipients per vault, video messages up to 50MB each.
• Firm: £39 per month or £399 per year. B2B tier for professional firms in legal and financial services with white-label delivery, soft cap of 20 clients included, tiered overage above that, dedicated dashboard, client invitation flow.

GoodTrust's $149 first-year cost includes legal estate documents that, if drafted by a US attorney directly, could cost $500 to $2,500 or more depending on complexity. The $39/year ongoing membership keeps those documents updatable. If you would otherwise be paying an attorney for will preparation, GoodTrust's value at $149 is substantial.

Holdfast's pricing reflects the vault scope: we are not bundling legal document creation. £45/year for Personal or £79/year for Family is the cost of the encrypted vault service alone. If you already have your will and estate planning handled separately (by a solicitor, attorney, or notary), Holdfast's pricing is comparable to other vault-only services in the category. If you do not have a will yet and are in the US, GoodTrust's bundled approach is materially cheaper than handling these things separately.

On the B2B side, GoodTrust's partner distribution model is sophisticated — they have integrations with insurance providers, employee benefit programmes, and financial institutions that essentially make GoodTrust a benefit included in other products. The Holdfast Firm tier serves UK solicitors, IFAs, and their international counterparts in legal and financial services through a different model: professional firms directly invite their clients through a white-label flow rather than GoodTrust's partner-channel approach.

06Where GoodTrust is genuinely better

Three things are worth saying clearly and not burying.

Bundled estate planning at a remarkably low price point. $149 for a will or trust, all four directives, and a Digital Vault — valid in all 50 US states, with attorney-crafted templates — is genuinely the cheapest comprehensive US estate planning package in this category. For US households without existing legal estate planning, this is a real and useful value proposition. Holdfast does not draft legal documents and does not attempt to replace this.

The WGSD post-mortem service. GoodTrust will do the actual institutional work of memorialising Facebook accounts, extracting Google Photos, stopping Netflix subscriptions, recovering PayPal funds, and closing other accounts on behalf of a family who has lost someone. This is a service rather than a product, and for families dealing with a complex digital estate they do not want to navigate themselves, it is genuinely valuable. Holdfast does not offer this service.

The partner distribution network. GoodTrust has cultivated relationships with AOL, Beneficiary Advance, insurance providers, employee benefit programmes, and other channels that essentially make GoodTrust available as a free or heavily-subsidised benefit. If you have access to GoodTrust through one of these partner channels, the effective cost is materially lower than paying retail.

07Where Holdfast is built differently

Three things we have done deliberately that GoodTrust has not.

Cryptographic zero-knowledge through a user-held passphrase. Holdfast's encryption is derived from a passphrase that never reaches our servers. We cannot decrypt your vault even if compelled, even if breached. GoodTrust's encryption is operator-managed ("bank-level 256-bit") with strong access controls, but with the technical capability of access in extremis. For users who want the strongest cryptographic guarantee that the operator cannot read their data under any circumstance, this is a meaningful difference. The choice is between trusting the operator's procedural commitments (GoodTrust's model) and trusting the cryptography itself regardless of operator intent (Holdfast's model).

Recipients receive contents directly, with no platform account. Holdfast recipients open an email and decrypt with a passphrase you shared in life. What they see is whatever you put in the vault: credentials, signposting information about asset locations, documents, and private video messages addressed to them on the Family tier and above. No platform login, no waiting for an Executive Assistant. GoodTrust Trusted Contacts log into GoodTrust's platform to view shared documents.

A Firm tier built around UK and international professional firms in legal and financial services. The Holdfast Firm tier is built for professional firms offering digital legacy planning to clients as part of their service — UK solicitors and IFAs, and their international counterparts in legal and financial services. White-label delivery, CSV bulk client invite, a per-firm dashboard, and a soft-cap-plus-overage pricing model are aimed at making this a viable channel for professional firms rather than a side offering. GoodTrust serves a similar professional audience through different mechanisms — partner-channel distribution and B2B integrations with insurance, financial, and benefits providers. The two B2B offerings overlap in intent but serve materially different professional ecosystems.

08Honest summary

Choose GoodTrust if you are in the US and need an integrated estate planning suite — will or trust, four directives, Digital Vault — at a single $149 price point that includes the entire family. If you do not have a will yet and you are a US resident, GoodTrust is one of the most affordable ways to get one and have a coordinated Digital Vault layer at the same time. If you have access to GoodTrust through AOL Premium, Beneficiary Advance, your employer's benefits package, or an insurance provider partnership, the effective cost is even lower. Their estate-document tooling is real, the LegalTech Breakthrough Award is a meaningful third-party signal, and the WGSD post-mortem service is a useful additional offering.

Choose Holdfast if your legal estate planning is already handled by a qualified professional — a UK solicitor, an estate attorney in your jurisdiction, a notary in a civil-law country, or an IFA with estate-planning capability — and what you need is the encrypted vault layer that complements rather than replaces existing legal work. Choose Holdfast if you want client-side encryption with a passphrase the operator cannot access, if you want recipients to receive the actual encrypted contents directly without creating a platform account, if you want an operator compliant with UK GDPR which the EU recognises as providing an equivalent level of protection under its adequacy decision, or if you want a B2B tier built specifically for professional firms in legal and financial services across the UK and international markets.

If you are still on the fence, the most useful thing you can do is ask yourself: do I have a current will and estate plan, drafted by a qualified professional in my jurisdiction? If yes, GoodTrust's legal-document tooling is largely redundant for you and Holdfast's vault is likely a better fit. If no, and you are a US resident, GoodTrust's bundled approach is genuinely useful — and you can always add Holdfast for the vault layer if you decide you want the stricter cryptographic guarantees on certain content. The two products are not in zero-sum competition for most users; they sit at different points in the digital legacy stack.

Last verified against published GoodTrust pages on the date this comparison was written. If GoodTrust has changed materially since and any fact above is out of date, please let us know at [email protected] and we will correct it.