LivingWill
Help center

Security and privacy · 4 min

Your Encryption

A plain-language explanation of how LivingWill encrypts your content on your own device so that the company stores only data it cannot read.

The single most important thing to understand about LivingWill is this: your private content is encrypted on your own device before it ever reaches us, so what we store is data we cannot read. This article explains how that works, without requiring you to be technical.

What "encrypted on your device" means

When you write a will, record a video, or save a vault item, your device scrambles it into unreadable data before sending it to us. The scrambling uses a key that lives only with you. We receive and store the scrambled version. We do not receive a readable copy and then promise not to look. We never have a readable copy at all.

This design has a name in the security world: client-side encryption, sometimes called end-to-end. The practical meaning is simple. The company operating the service is not in a position to read your content, even if it wanted to, even if compelled, even if its systems were breached.

Where the key comes from

Your encryption key is derived from your passphrase. Your passphrase is run through a deliberately slow process called Argon2id key derivation. Two things matter here:

  • It is slow on purpose. Slowness makes it extremely costly for an attacker to guess passphrases by brute force, while being barely noticeable to you when you log in.
  • It happens with your secret, not ours. The key traces back to something only you know. We never store your passphrase in a form we can read, and we do not store the resulting key.

The envelope: AES-256-GCM

Your actual content is locked with a strong, widely trusted method (AES-256-GCM). In plain terms, this is a well-established encryption standard that both scrambles your data and detects tampering, so altered data does not silently pass as genuine. You do not need to manage any of this; it happens automatically when you save.

Why we built it this way

Most services could technically read your data and rely on policy promises not to. For estate planning, that is not good enough. The things you store here, final letters, private documents, videos for your children, are some of the most sensitive content a person ever creates. The only credible guarantee of privacy is architectural: make it so the company cannot read it, rather than promising it will not.

This is also why we cannot reset your passphrase or recover content without your recovery phrase. The same property that locks attackers and even our own staff out also means the responsibility for your keys is genuinely yours.

What this means for you

  • Your content is private by design, not just by policy. That is the strongest form of privacy available.
  • Your passphrase and recovery phrase are essential. Because we hold no key, those secrets are the only way in. Protect them as described in your recovery phrase.
  • Even a breach of LivingWill does not expose your content. Attackers reaching our storage would find scrambled data without the keys to read it.

For the boundaries of what this protects, and the few things we can technically see, read what we can and cannot see.