Holdfast vs Inheriti: honest comparison

01The short verdict

All Inheriti facts on this page were taken from their own published pages (inheriti.com, docs.inheriti.com, docs.safekey.be, safehaven.io, and the official knowledge base) on the date this comparison was written. If anything has moved since, we would rather know than not. Drop us a line.

Choose Inheriti if you are protecting cryptocurrency holdings, you want a self-sovereign architecture with no central operator who could be compromised or wind down, all your beneficiaries are tech-fluent enough to handle hardware tokens or mobile apps, and your threat model gives more weight to operator-side risk than to the friction your beneficiaries will face on the day delivery actually fires.

Choose Holdfast if your beneficiaries include people who have never used a password manager, you want a single-passphrase delivery flow that explains itself on arrival, you want a named operator under UK GDPR with regulatory recourse, or you want a professional solicitor channel as part of the product.

The honest one-line summary: Inheriti is a self-sovereign protocol with hardware. Holdfast is a service operated under UK GDPR with no hardware. Most people who think they want the first actually need the second on the day it fires. Some people genuinely want the first. The rest of this page helps you tell which group you are in.

02How each one is built

This is the section where the two products diverge most sharply, and the divergence isn't subtle. Inheriti and Holdfast take opposite approaches to the same problem, and understanding the difference is the most important thing you can do before choosing.

Inheriti's architecture

Inheriti is built around Shamir-style secret sharing. When you create a Digital Inheritance Plan, your data is encrypted, then mathematically split into multiple encrypted "shares" — fragments where any single one is useless on its own, but a defined threshold (say, three out of five) reconstructs the original. Each share is distributed to a different person: a beneficiary or a designated Merge Authority.

Each shareholder needs somewhere to store their share. Inheriti supports two options:

• SafeKey Pro: a custom hardware device built by SafeTech, with internal storage for encrypted shares. €60 per device on the SafeKey webshop. Each beneficiary needs their own. The plan owner typically buys these and distributes them.
• SafeKey Mobile: an app for iOS and Android that does the same job in software, requiring each beneficiary to install it, register a SafeID account, and protect the on-device storage with a PIN.

Inheriti also uses a Dead Man Switch mechanism backed by a smart contract on a public blockchain. A "validator share" is stored on-chain — currently VeChain, Ethereum, or Optimism, per the plan owner's choice. If the owner fails to respond to check-in prompts within the designated window, the validator share is released, which is the cryptographic precondition for beneficiaries to merge their shares.

When the time comes, beneficiaries (or their designated Merge Authority) bring their SafeKey Pros — or open the SafeKey Mobile app — and merge the shares through inheriti.com. The merge reveals the original encrypted data.

Inheriti is built by SafeTech BV (Witte Patersstraat 4, 1040 Brussels, Belgium), founded in 2017 by Jurgen Schouppe and Andy Demeulemeester. Schouppe was previously a cybersecurity specialist for the EU Parliament. The wider ecosystem includes the Safe Haven Foundation and the SHA token on VeChain, used both for payments and for SHA Node holder discounts.

Holdfast's architecture

Holdfast is built around a single encrypted vault with a single passphrase, delivered to recipients by email when a check-in fails.

When you create a vault, all your data is encrypted client-side with AES-256-GCM. The key is derived from a passphrase you choose, using PBKDF2 with 250,000 iterations of SHA-256 against a per-user salt. The passphrase never leaves your browser. We never see it, we never store it, and we cannot recover it. The encrypted vault blob lives in Supabase Postgres (hosted in Frankfurt). The encryption module sits at github.com/Nexus-sectech/holdfast-crypto and is loaded into the vault page with Subresource Integrity, so the browser refuses to execute it if the file has been altered.

When check-ins stop, Holdfast delivers the encrypted vault and instructions to each recipient by email after a documented escalation. Recipients do not need an account on Holdfast. They do not need a hardware device. They open an email, follow the instructions, and decrypt the vault using the passphrase that you shared with them in life — written on a card, in a sealed envelope, kept with a solicitor.

Holdfast is operated by Nexus-Sec Ltd (71-75 Shelton Street, Covent Garden, London), a UK limited company at Companies House (number 17126982), registered with the Information Commissioner's Office, compliant with UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision.

Why this difference matters

Inheriti's architecture is impressive engineering. Shamir's Secret Sharing has been a textbook cryptographic primitive since 1979 and is genuinely good at what it does. Combined with a blockchain validator share and dedicated hardware, you get a system where the operator could be wound up tomorrow and the inheritance still works — provided the beneficiaries can coordinate, find their devices, and follow the merge process.

That last clause is doing most of the work. Inheriti's robustness against operator risk comes at a direct cost: the people on the other end of the delivery must be technically competent and physically organised on a day they are likely to be neither.

Holdfast's architecture is a simpler claim. We hold encrypted blobs we cannot read, alongside delivery instructions and recipient contact details. If we vanished, the encrypted blob would not deliver itself. But we have not vanished. We are a registered UK company with a published closure plan, a documented decryption procedure, and a regulator on the other end if we ever fall short. The trade-off is explicit: Holdfast accepts operational responsibility so the recipient flow on the day of delivery is as easy as opening an email.

Which trade-off is right depends entirely on which side of the system you trust less — operators, or the people you would actually nominate.

03The trigger and delivery flow

The architecture difference translates directly into the experience your recipients have on the day delivery actually fires. This is where Inheriti's design choices become most visible to the people on the other end.

Inheriti's flow

Inheriti's Dead Man Switch is a smart contract on a chosen blockchain. When the owner stops responding to scheduled check-in prompts within the configured timeframe, the validator share is released on-chain. Once released, beneficiaries (or the Merge Authority) can initiate the merge process through inheriti.com.

For the merge to succeed, beneficiaries must:

• Possess their SafeKey Pro device or have SafeKey Mobile installed and unlocked with their PIN
• Each connect their device or app to inheriti.com
• Each enter the email link or login authentication chosen at plan creation
• Reach the merge threshold (the minimum number of shares required, defined when the plan was created)

The merge is coordinated, multi-party, and requires every participating beneficiary to complete their step. If the merge threshold is set at three out of four, three beneficiaries must independently and successfully reach the merge interface within the window.

Activation methods for the merge step (the way the plan owner confirms or denies merge requests in life) are modular and priced separately: login is free, click-a-link is €0.99, SMS is €2.49, phone call is €4.99.

Holdfast's flow

When a check-in is missed:

• Grace period: 7 days, no escalation.
• Escalation: 7 days, during which up to 3 reminder emails are sent through distinct delivery infrastructure so that a single deliverability failure does not silence the whole sequence.
• Delivery: if escalation passes without check-in, the encrypted vault and delivery instructions go to each nominated recipient. Each recipient receives their email independently.
• Retention: 30 days after delivery, the vault is fully purged. A warning email goes out on day 23. On day 30 the encrypted blob, salt, hash and hint are nulled, storage files are deleted, the Stripe subscription is cancelled, and the user row is anonymised.

Each recipient opens their email, follows the instructions, and decrypts the vault with the passphrase shared with them offline. No app to install. No device to find. No coordination with other beneficiaries.

The asymmetry

The most important practical difference between the two flows is how delivery feels from the recipient's perspective.

Inheriti recipient experience: "I have a hardware token (or app) that needs to be brought to a website at a specific moment, coordinated with two other people, all of whom also need to bring their tokens or apps, all of whom must successfully authenticate through a multi-party merge process."

Holdfast recipient experience: "I received an email. I open the envelope I was given a year ago. I type the passphrase into the page. I see the vault."

Inheriti's flow is mathematically elegant and produces a real security guarantee against unilateral access by any single beneficiary. Holdfast's flow is operationally simple and produces a real security guarantee against the operator reading the data, with the trade-off that any single recipient with the passphrase can decrypt unilaterally.

Both are defensible. The right choice depends on whether the threat model worries more about a colluding beneficiary or a confused, grieving non-technical one.

04Jurisdiction and compliance

Both Inheriti and Holdfast are GDPR-compliant operators based in the EU/UK. This is one of the few comparisons in our set where the jurisdictional comparison is essentially a wash on regulatory posture.

Inheriti is built by SafeTech BV at Witte Patersstraat 4, 1040 Brussels, Belgium. As a Belgian company, SafeTech BV operates under EU GDPR, with the Belgian Data Protection Authority as the regulator. The founders' background includes EU Parliament cybersecurity work, which suggests genuine awareness of regulatory expectations.

Holdfast is operated by Nexus-Sec Ltd, a UK limited company registered with the Information Commissioner's Office. Holdfast is compliant with UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision. Users worldwide are welcome; data is processed to UK/EU standards regardless of where the user is based. For users in jurisdictions with their own data protection regimes (CCPA in California, LGPD in Brazil, the Australian Privacy Principles, PIPEDA in Canada, and others), our baseline exceeds most jurisdictions' default protections, but we do not currently implement jurisdiction-specific flows like a CCPA "Do Not Sell" toggle as a first-class feature. We do not sell data in any case, and we say so plainly in our privacy policy.

The practical differences come down to architecture rather than regulation:

• What the operator can technically access. Inheriti distributes encrypted shares across beneficiary-controlled devices and blockchain storage; SafeTech BV cannot decrypt your plan even if compelled. Holdfast holds the encrypted blob centrally; the passphrase is offline-shared and we cannot decrypt it even if compelled. Different architectures, equivalent zero-knowledge result.
• What a regulator can do for you. Both companies are reachable through their respective DPAs (Belgian APD for Inheriti, UK ICO for Holdfast). Subject access requests, erasure rights, and rectification all work as expected on both sides.
• What survives operator closure. Inheriti's architecture survives SafeTech vanishing more cleanly: the shares are on devices and on-chain, and the merge process is documented. Holdfast's closure plan commits to 90-day notice, an export tool, and a documented decryption procedure, but it depends on the company executing that plan. A reasonable person could prefer either approach.

If your concern is "I want a GDPR-compliant operator with regulatory recourse," both products clear that bar. The choice between them is not about jurisdiction.

05Pricing

Inheriti and Holdfast use fundamentally different pricing models: one-time modular versus recurring subscription. Both publish their pricing transparently, and we have taken the figures below from each product's own page on the date of writing.

Inheriti uses modular one-time pricing with no subscriptions:

• Inheritance Plan setup fee: €39.99 (includes Merge Authority, Merge Authority share, Cold Shares for SafeKey Pro storage).
• Per beneficiary: €2.49 each.
• Per recovery share (blockchain-stored): €2.49 each.
• Mobile share (per beneficiary using SafeKey Mobile): €0.99 each.
• Activation method (login): included.
• Activation method (click a link): €0.99.
• Activation method (SMS): €2.49.
• Activation method (phone call): €4.99.
• SafeKey Pro hardware device: €60.00 each, per beneficiary.

For a plan with three beneficiaries using SafeKey Pro devices and SMS activation: setup €39.99 + 3 beneficiaries €7.47 + 1 recovery share €2.49 + SMS activation €2.49 + 3 SafeKey Pro devices €180.00 = roughly €232 one-time.

Holdfast uses recurring subscription pricing:

• Free: £0 forever. 5 entries, 1 recipient, monthly check-in.
• Personal: £5 per month or £45 per year. Unlimited entries, 3 recipients, choice of weekly, fortnightly, or monthly check-in.
• Family: £9 per month or £79 per year. Two independent vaults on one plan, 5 recipients per vault, video messages up to 50MB each.
• Firm: £39 per month or £399 per year. Solicitor B2B tier with white-label delivery, soft cap of 20 clients included, tiered overage above that, dedicated dashboard, client invitation flow.

The honest comparison: Inheriti is roughly £200 once, Holdfast is roughly £45 to £80 per year. Crossover happens at year four or five. The interesting question isn't which is cheaper at five years, it's whether the recurring relationship is part of the value or a cost.

For Inheriti, the one-time payment is the headline benefit: pay once, the plan exists in perpetuity (subject to blockchain longevity and beneficiary device retention). For Holdfast, the recurring subscription is what funds the active monitoring, the deliverability infrastructure, the support channel, and the ongoing commitment to maintain the platform. Neither is wrong; they reflect different operating models.

One thing worth being honest about: Inheriti's pricing optics — "no forced subscriptions" — implicitly contrast with subscription products like Holdfast. The framing is fair from their side. The counter-framing from ours is that a digital legacy product is a long-duration commitment, and a recurring relationship gives both parties more ways to keep that commitment alive than a one-time payment from years ago.

06Where Inheriti is genuinely better

Three things are worth saying clearly and not burying.

Self-sovereign architecture. Inheriti's design genuinely removes the operator from the critical path. Encrypted shares live on beneficiary devices and on public blockchains. SafeTech could disappear and the inheritance plan would still work, provided beneficiaries kept their devices and the merge process documentation. Holdfast's centralised model cannot match that property, and we are honest that we cannot.

Mathematical robustness against single-beneficiary risk. Because shares must be merged to reconstruct the data, no single beneficiary can unilaterally access the vault contents. For inheritance scenarios involving multiple parties who do not fully trust each other — disputed estates, complex family situations, business co-founders — that quorum requirement is a real feature.

Crypto-native fit. If your inheritance is primarily cryptocurrency, you are already part of an ecosystem where hardware tokens, multi-signature schemes, and blockchain anchoring are familiar. Inheriti's whole architecture is built around that world view. Holdfast supports crypto entries but does not require the recipient to be at home in the ecosystem.

07Where Holdfast is built differently

Three things we have done deliberately that Inheriti has not.

Recipients need no hardware, no app, no account. Holdfast vaults deliver themselves on email plus an offline-shared passphrase. The recipient does not sign up. The vault explains itself on arrival. For inheritance scenarios where the recipient is a 78-year-old surviving spouse, a non-technical adult child, or anyone unfamiliar with hardware tokens, this is the thing that most often matters on the day delivery actually fires.

No multi-party coordination at the moment of access. Each Holdfast recipient receives their own email and can decrypt independently with the passphrase shared in life. There is no merge threshold to meet, no other beneficiary to chase, no shared interface to authenticate through. For estates where speed and simplicity matter more than mathematical access control, this is decisive.

A solicitor-facing tier. The Holdfast Firm tier is built for professional firms offering digital legacy planning to clients as part of their service — UK solicitors and IFAs, and their international counterparts in legal and financial services. White-label delivery, CSV bulk client invite, a per-firm dashboard, and a soft-cap-plus-overage pricing model are all aimed at making this a viable channel for professional firms rather than a side offering. Inheriti has business products but no comparable B2B-solicitor tier.

08Honest summary

Choose Inheriti if you are protecting cryptocurrency holdings, your beneficiaries are technically fluent and physically organised, you want a self-sovereign architecture where the operator cannot be coerced, and you value mathematical access control over operational simplicity. Their cryptographic design is sound, their ecosystem is mature, and their pricing model genuinely is one-time.

Choose Holdfast if you want delivery to work for recipients who have never used a hardware token or installed a niche app, you want an operator compliant with UK GDPR which the EU recognises as providing an equivalent level of protection under its adequacy decision, or you want a solicitor channel as part of the product. The Family tier at £79 a year covers two partner vaults independently, and the Firm tier opens an entire B2B route to professional services that Inheriti does not address.

If you are still on the fence, the most useful thing you can do is set up a Free Holdfast account and walk through the recipient flow with someone you would actually nominate, then read the Inheriti merge documentation and ask yourself whether the same person could complete it under stress. The product that lets your nominee finish the test without asking you for help is the product to choose.

Last verified against published Inheriti pages on the date this comparison was written. If Inheriti has changed materially since and any fact above is out of date, please let us know at [email protected] and we will correct it.