Built for professionals
who take client trust
seriously.

Holdfast is operated by Nexus SecTech Ltd, a company registered in England and Wales. We are registered with the Information Commissioner's Office (ICO) as a data controller.

We are a small, focused team. Holdfast is our primary product. We are not a venture-funded company chasing growth at the expense of user trust. The service is built to last — and to keep working when users cannot.

The term "zero-knowledge" is frequently misused in the industry. Here is precisely what it means on Holdfast and what it means for your liability as a solicitor.

Your client's vault is encrypted in their browser using AES-256-GCM before it leaves their device. The encryption key is derived from their passphrase. That passphrase is never transmitted to our servers and never stored by us — not in hashed form, not in any form.

This means: we hold ciphertext. We cannot read it. We cannot be compelled to produce readable contents because we do not possess them. A court order served on Holdfast for vault contents would yield encrypted data that is computationally infeasible to break.

What this means for you. Your firm cannot be held to have stored, transmitted, or had access to client credentials or sensitive personal information. You receive the same encrypted package every other recipient receives. Decryption requires the passphrase — which your client shares with you through a secure offline channel of your choosing (sealed letter, in-person handover, or similar).

Your Firm dashboard shows metadata only. At no point do you have access to vault contents.

You can see: connected clients, their check-in status (Active, Due soon, Overdue, Triggered), last check-in date, next check-in due date, check-in frequency, and number of recipients.

You cannot see: vault contents, individual entries, recipient identities beyond count, passphrase, or any encrypted data.

When a client's vault is delivered — triggered by missed check-ins — you receive the same encrypted package sent to every other recipient. You open it using the passphrase your client shared with you. Holdfast does not facilitate passphrase exchange. That remains a professional responsibility handled outside the platform.

You are automatically added as a protected recipient the moment a client accepts your invitation. They cannot remove you. This ensures that if a delivery is triggered, your firm receives access regardless of any changes a client makes after the connection is established.

Scope of delivery. On delivery, you receive the client's full encrypted vault — the same package sent to every other recipient. Holdfast does not currently support per-entry recipient filtering; all recipients receive all entries. Clients should be advised of this when setting up their vault, and encouraged to structure their entries accordingly. Selective delivery per recipient is on the product roadmap.

When you invite clients to connect their vault to your Firm account, you act as an independent data controller in respect of the client connection records stored on your dashboard. Holdfast acts as a processor of that data on your behalf.

What this means practically: you should disclose to clients, as part of your standard engagement or estate planning documentation, that you are connecting their Holdfast vault to your firm account and that you will be added as a recipient. Most solicitors do this naturally as part of a letter of engagement or will-drafting instruction.

GDPR Article 28 — Data Processing Agreement. If your firm or its compliance officer requires a formal Data Processing Agreement (DPA) before adopting Holdfast, we will provide one. Contact us at hello@nexus-sec.tech with the subject line "DPA Enquiry".

Regulatory bodies. If you are regulated by the Solicitors Regulation Authority (SRA), Law Society, or another body, we recommend confirming that your use of Holdfast aligns with your regulatory obligations around client data. The zero-knowledge architecture means your firm never holds client credentials — a material distinction for most regulatory frameworks.

This is a reasonable question for any solicitor conducting due diligence on a service they intend to recommend to clients. Here is our honest answer.

Vault data is durable. Because vaults are zero-knowledge encrypted, the ciphertext is portable. In the event of service closure, we commit to providing all users with a data export of their encrypted vault before the service is terminated, with a minimum of 90 days' notice.

The dead man's switch depends on the service. Check-in monitoring and triggered delivery require the service to be running. If Holdfast ceases trading, we would issue a final "service closing" notification to all users and deliver vaults to their nominated recipients at the time of closure, on an opt-in basis.

Your clients' passphrase arrangements are offline. Any passphrase that a client has shared with you through a sealed letter or in-person handover remains valid regardless of Holdfast's operational status. The encrypted data, once delivered, can be decrypted with the passphrase using standard AES-256-GCM tooling independently of any Holdfast system.

Holdfast runs on a stack of established, UK/EU-compliant infrastructure providers. We do not build our own data centres or operate our own mail servers.