Holdfast Firm

Digital estate planning
for solicitors
and estate planners.

Your clients' digital lives are worth more than their physical estates. Holdfast lets you offer digital estate management as a service — without ever seeing inside the vault.

Get started — £399/yr Sign in to dashboard →

Zero-knowledge — you never see contents

No client liability

Clients set up in minutes

Client dashboard Firm

Total

Active

Attention

Margaret Ellis

Last check-in 2 Apr 2026

Active

James Okafor

Next due 8 Apr 2026

Due soon

Invitation sent

client@email.com

Pending

How it works

Four steps.
No liability.

The whole process takes minutes to set up per client. Holdfast handles the technology — you handle the relationship.

Introduce Holdfast during estate planning

During a will, trust, or probate engagement, recommend Holdfast as part of a complete digital estate plan. You invite the client directly from your dashboard.

Client sets up their vault independently

The client creates their own encrypted vault, sets their own passphrase, and nominates recipients — including you. You never see the passphrase or any contents.

You monitor check-in status, nothing else

Your dashboard shows metadata only — whether the client is checking in, how frequently, and whether any action is needed. No credentials, no documents, no liability.

On delivery, you receive access alongside the family

If the client stops checking in, their vault is automatically delivered to all named recipients — including you. You receive a 30-day access link, protected by their passphrase.

Zero-knowledge architecture

You never see inside the vault.
By design.

All vault contents are encrypted client-side before leaving the browser. Your dashboard shows only check-in metadata — never credentials, documents, or personal messages. This is not a policy choice — it is a technical guarantee.

What you get

Built for
professional practice.

Everything a firm needs. Nothing that creates liability.

📋

Multi-client dashboard

See all connected clients in one view. Status, last check-in, next due date, and frequency — at a glance. Alerts surface clients who need attention before problems escalate.

✉

Invitation flow

Send a secure invite directly from your dashboard. Clients receive a personalised email from you — or your firm — with a one-click setup link. No IT setup required on their end.

🔒

Auto-added as recipient

When a client accepts your invite, you are automatically added as a protected recipient on their vault. The client cannot remove you. On delivery, you receive their full encrypted vault — the same package sent to all recipients.

🔔

Escalation visibility

When a client misses a check-in, Holdfast sends them automated escalation emails. Your dashboard flags the status change in real time — so you can follow up directly if needed.

📁

Clients receive Personal plan

Every client you invite receives a full Personal plan at no cost to them. Unlimited entries, up to 4 recipients, weekly or monthly check-in. You cover the subscription — they get the service.

⚖

No liability by architecture

You never store, transmit, or have access to client credentials. Holdfast's zero-knowledge model means your firm cannot be compelled to produce data it was never able to access.

Pricing

One seat.
Unlimited clients.

A single Firm subscription covers your entire client roster. No per-client fees.

Monthly

£39

per month, billed monthly

Unlimited clients
Full client dashboard
Invite & revoke clients
Auto-recipient on all client vaults
Check-in status & alerts
Clients receive Personal plan free
Early adopter rate — guaranteed 36 months

Get started

Annual

£399

per year, billed annually

Save £69 — equivalent to 2 months free

Everything in Monthly
Best value for ongoing practice
Single annual invoice
Early adopter rate — guaranteed 36 months

Get started

Early adopter rate guaranteed for 36 months from start date. After 36 months, moves to standard rate (£799/yr) with 90 days' written notice.

Ready to start?

Your clients' digital estates
deserve the same care as their physical ones.

Set up in minutes. Invite your first client today.

Create your Firm account →

Who We Are

Holdfast is a digital estate management service operated by Nexus SecTech Ltd ("we", "us", "our"), registered in England and Wales. Company No. 17126982. We are registered with the Information Commissioner's Office (ICO) as a data controller.

Contact: hello@nexus-sec.tech

What We Collect

We collect and process the following personal data:

Account data — your name and email address, provided when you create a vault
Recipient data — names and email addresses of people you designate to receive your vault
Encrypted vault data — the contents of your vault, encrypted client-side before transmission. We never have access to the plaintext contents.
Check-in activity — timestamps of your periodic check-ins and missed check-in events
Payment data — billing information processed by Stripe. We do not store card details.
Usage data — basic server logs, IP addresses, and request metadata for security and operational purposes
Analytics data — anonymised page view data collected via Plausible Analytics. No personal identifiers. Never linked to your account.

Zero-Knowledge Architecture

Your vault contents are encrypted in your browser using AES-256-GCM before being sent to our servers. Your passphrase is never transmitted to or stored by us. This means we are technically unable to read, access, or recover the contents of your vault. This is by design.

How We Use Your Data

To operate the Holdfast service and deliver your vault to recipients when triggered
To send check-in reminder, escalation, and delivery notification emails
To process subscription payments via Stripe
To respond to support enquiries
To comply with legal obligations

Legal Basis (UK GDPR)

Contract — processing necessary to deliver the service you have signed up for
Legitimate interests — security logging, fraud prevention, and service improvement
Legal obligation — where required by applicable law

Firm Accounts — Additional Processing

This section applies to solicitors, estate planners, and other professionals using Holdfast Firm.

Client connection data. When you invite a client to connect their vault to your Firm account, we store the client's email address, connection status, and associated metadata (check-in status, delivery status, connected date, nudge history) in your firm dashboard. This data is used solely to provide you with the monitoring service you have contracted for.

Nudge emails. Holdfast sends reminder emails to your clients on your behalf when you use the nudge feature. These emails identify you (or your firm) as the requesting party. Nudges are rate-limited to one per client every 48 hours. You are responsible for ensuring nudge communications are appropriate within the context of your client relationship.

Solicitor alert emails. When a connected client misses a check-in, has their vault delivered, or disconnects from your firm, we send automated alert notifications to your registered email address. These alerts contain client names and email addresses you already hold as part of the professional relationship.

Data export. Your firm dashboard allows you to export your client table as CSV or PDF. Exported data includes client names, email addresses, check-in status, and vault metadata. Once exported, this data is under your control and subject to your own data protection obligations. We do not retain copies of exported files.

Data controller responsibilities. As a solicitor or professional using Holdfast Firm, you remain the data controller for your client relationship. Holdfast acts as a data processor in respect of client metadata stored on your dashboard. You are responsible for ensuring your clients are aware that you have connected their Holdfast vault to your account and that you will receive their vault upon delivery. We recommend disclosing this as part of your standard client engagement or estate planning documentation.

Firm account data. We collect your representative name, firm name, and billing email in addition to standard account data. This is used to personalise client invitation emails and nudge reminders sent on your behalf, and to administer your subscription.

Data Processing Agreement. A formal Data Processing Agreement (DPA) under Article 28 UK GDPR is available at holdfast-co.uk/firm/legal/dpa. For questions or to request a countersigned copy, email hello@nexus-sec.tech.

Third-Party Services

Supabase — database hosting (EU region). Stores encrypted vault data, recipient details, and account metadata.
Resend — transactional email delivery for check-in reminders and vault delivery notifications
Stripe — payment processing. Stripe's own privacy policy applies to payment data.
Vercel — application hosting and serverless infrastructure
Plausible Analytics — privacy-friendly, cookieless analytics. No personal data. No cookies. GDPR compliant.
Google LLC (Google Workspace) — waitlist lead capture. Email addresses submitted via the Holdfast waitlist form are stored in Google Sheets with EU data residency. Google's Data Processing Amendment is in force. See workspace.google.com/terms/dpa.

We do not sell your data to third parties. We do not use your data for advertising.

Data Retention

Account and vault data are retained for as long as your account is active
Vault data is never deleted due to payment lapse — only editing is restricted
Client connection records are retained until the firm account is closed or the connection is revoked
You may request deletion of your account and all associated data at any time by contacting us
Delivery tokens expire after 30 days of issue

Your Rights

Under UK GDPR you have the right to access, correct, erase, restrict, port, or object to the processing of your personal data, and to lodge a complaint with the ICO at ico.org.uk. Contact us at hello@nexus-sec.tech to exercise any of these rights.

Cookies & Analytics

Holdfast does not use tracking or advertising cookies. We use localStorage solely to store session preferences and theme settings. Plausible Analytics is cookieless and collects no personal data.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The effective date above will be updated accordingly.

Agreement

By creating a Holdfast Firm account or using the Firm dashboard, you agree to these Terms of Service. These terms are governed by the laws of England and Wales and supplement the standard Holdfast Terms applicable to all users.

The Service

Holdfast Firm provides solicitors, estate planners, and other professionals with a metadata-only dashboard to monitor the vault status of connected clients. You never have access to vault contents. Your clients retain sole control of their vault passphrase and encrypted data.

Your Firm Account

You must be acting in a professional capacity to use Holdfast Firm
You are responsible for the accuracy of your firm name and representative details
You must not share your Firm dashboard access credentials with unauthorised persons
You must be at least 18 years old and authorised to enter into this agreement on behalf of your firm

Client Invitations

You may invite clients to connect their Holdfast vault to your firm account. By sending an invitation, you confirm that:

You have an existing professional relationship with the invitee
You have informed them (or will inform them) that you will be added as a protected recipient on their vault and will receive their full encrypted vault on delivery
You have appropriate authority within your professional engagement to make this arrangement

Holdfast imposes a soft limit of 25 connected clients per Firm account. Contact us if your practice requires a higher limit.

Your Role as Data Controller

In respect of client data displayed on your dashboard, you act as an independent data controller. You are responsible for ensuring your use of client data complies with UK GDPR and your professional obligations, including those set by your regulatory body. Holdfast is a processor of that data on your behalf.

Zero-Knowledge Limitation

Holdfast Firm provides metadata visibility only. You will never have access to vault contents, client passphrases, or encrypted data. On vault delivery, you receive the same encrypted vault package as any other recipient. You are responsible for ensuring your client has shared their passphrase with you through a secure offline channel.

Subscription and Payment

Firm subscriptions are billed via Stripe on a monthly or annual basis
Subscriptions renew automatically unless cancelled before the renewal date
Cancellation reverts your account to free tier — existing client connections remain visible but new invitations are restricted
We do not offer refunds for partial billing periods except where required by law
We reserve the right to modify pricing with 30 days' notice to existing subscribers

Limitation of Liability

To the fullest extent permitted by law, Holdfast and Nexus SecTech Ltd shall not be liable for any indirect, incidental, or consequential damages arising from your use of the Firm service. Our total liability in any calendar year shall not exceed the amounts paid by you to us in that period. We are not liable for the consequences of vault delivery triggered by a client's missed check-ins.

Professional Responsibility

Holdfast Firm is a tool to support your professional practice. It does not constitute legal advice, does not create a legal document, and does not replace a formal will or estate plan. You remain solely responsible for the professional services you provide to your clients.

Changes to These Terms

We may update these terms from time to time. Material changes will be communicated by email at least 14 days before taking effect.

Contact

hello@nexus-sec.tech · Nexus SecTech Ltd · Company No. 17126982 · England & Wales

Digital estate planningfor solicitorsand estate planners.

Four steps.No liability.

You never see inside the vault.By design.

Built forprofessional practice.

One seat.Unlimited clients.

Your clients' digital estatesdeserve the same care as their physical ones.