Security Overview

• Symmetric encryption: AES-256-GCM. All vault data — documents, notes, media metadata, beneficiary records, and Last Goodbye content — is encrypted with AES-256-GCM before leaving your device. GCM mode provides both confidentiality and integrity (authenticated encryption), so any tampering with ciphertext is detected on decryption.
• Key derivation: PBKDF2-SHA256 with a minimum of 310,000 iterations and a random 128-bit salt. Your vault passphrase is never transmitted to our servers. The derived key is used only locally to encrypt your vault master key.
• Key wrapping: Your vault master key is wrapped with your derived passphrase key using AES-256-GCM and stored server-side in encrypted form. Without your passphrase, the server-stored blob is computationally infeasible to decrypt.
• Media files: Video and document files are encrypted with per-file AES-256-GCM keys before upload to Backblaze B2. The per-file keys are themselves encrypted with your vault master key.

• Passed Plan employees cannot read your vault, even with full database access.
• A breach of our servers exposes only ciphertext, which is useless without your passphrase.
• Government requests for vault contents cannot be fulfilled because we do not hold the plaintext or the keys.
• If you lose your vault passphrase and have not configured recovery keys, your vault data is permanently inaccessible. We cannot recover it for you.

Account authentication (login) uses Supabase Auth with bcrypt-hashed passwords. This is distinct from your vault passphrase: your account password grants access to the Passed Plan application; your vault passphrase decrypts your vault contents. They may be different values and serve different security purposes.

MFA is required for all paid plan subscribers and is strongly recommended for free accounts.

• Supported method: TOTP (Time-based One-Time Passwords) via any standards-compliant authenticator app (e.g., 1Password, Authy, Google Authenticator, Apple Passwords).
• SMS-based MFA is not supported. SMS is vulnerable to SIM-swapping attacks. Given the sensitive nature of estate data, we do not offer SMS as an MFA channel — only TOTP.
• Recovery codes are provided during MFA setup. Store them in a separate secure location (not your Passed Plan vault).

Access tokens expire after 1 hour. Refresh tokens expire after 7 days of inactivity. All active sessions can be viewed and revoked from the Security section of account Settings. Signing in from a new device triggers an email notification.

Trusted contacts must submit a death certificate through our integration with VitalChek, the leading provider of vital records verification. VitalChek cross-checks the submitted certificate against official vital records databases to confirm authenticity.

The trusted contact must complete a Know Your Customer (KYC) identity check via Persona, including government-issued photo ID verification and a liveness check. This ensures the person requesting access is who they claim to be.

After both verification steps pass, a mandatory 72-hour waiting period begins. During this window:

• The account holder's registered email and phone number receive immediate notification of the access request.
• Any person with access to the account holder's devices can halt the process using the I'm Alive feature (see Section 4).
• The trusted contact cannot access the vault until the window closes.

The 72-hour window is non-negotiable and cannot be shortened, even with expedited payment or legal orders. It exists to protect living users from fraudulent access attempts.

Every step of the death-verification and access process is recorded in an immutable, append-only audit log with cryptographic integrity protection. These records are retained for 7 years and can be provided to law enforcement or courts in the event of a dispute.

The Passed Plan application is hosted on Vercel's global edge network with automatic TLS termination (TLS 1.3, with TLS 1.2 as fallback). All traffic is encrypted in transit. HSTS (HTTP Strict Transport Security) with a 1-year max-age and preload is enforced.

User account data and encrypted vault metadata are stored in Supabase, which is SOC 2 Type II certified. Supabase data is encrypted at rest using AES-256 (infrastructure level, separate from our application-level encryption). Database access is restricted via Row-Level Security (RLS) policies: each user can only query their own rows.

Encrypted vault files (documents, videos, media) are stored in Backblaze B2. Files are encrypted at the application layer before upload (see Section 1) and are additionally encrypted at rest by Backblaze. Access to B2 buckets is restricted to signed, time-limited URLs generated server-side.

API keys, database credentials, and other secrets are managed through Vercel's encrypted environment variable system and are never committed to source code. Secrets are rotated on a regular schedule and immediately upon any suspected compromise.

We use automated dependency scanning (Dependabot and Snyk) to detect and patch vulnerable dependencies. Our CI/CD pipeline includes SAST (static application security testing) checks on every pull request. Third-party dependencies are pinned to verified versions.