Skip to main content
NESWNESENWSW10°20°30°40°50°60°70°80°ZénithPlansphère de l'Horizon de ParisLatitude 48° 52′ N · A.D. MDCXCGravure sur CuivreOBSERVATOIRE ROYAL DE PARISCarte du Ciel ÉtoiléSuivant les Observations de M. Flamsteed
Ancient Wisdom · Modern Mathematics

New to crypto?We've got you.

Three principles. No jargon. The same mathematics that maps the heavens protects your legacy.

BTCETHSOLBNBXRPUSDTDOGESHIBPEPEWIFBONKKASADAAVAXDOTLINKUNIARBBTCETHSOLBNBXRPUSDTDOGESHIBPEPEWIFBONKKASADAAVAXDOTLINKUNIARB
Zero-Knowledge Guarantee

“We never see your keys.”

Your seed phrases encrypt inside your browser before anything leaves your device. VaultPass stores only unreadable ciphertext. No back door. No decryption endpoint. In normal operation we never access your plaintext.

🔐
CRYPTOGRAPHY

Zero-Knowledge Encryption

Your password never leaves your device. Not once. Not during setup. Not ever.

When you add your seed phrase to the vault editor, it is encrypted inside your browserusing the Web Crypto API before anything is sent to our servers. We receive only a block of scrambled data (ciphertext). To deliver your vault to your heir when the dead man's switch fires, we hold the encrypted heir and sentinel shards and combine them then — never before.

💻
Your Device
Your password
Seed phrases
Wallet keys
Encrypted only
🔒
VaultPass
Encrypted blob ✓
Salt & IV ✓
Heir email ✓
After trigger
👤
Your Heir
Gets encrypted file
Enters password
Sees your wallets
Technical Parameters
AlgorithmAES-256-GCM
Vault keyRandom 256-bit · Shamir 2-of-3
IV96-bit random, unique per encrypt
LocationBrowser — Web Crypto API
Why Trust Us Over a Centralized Service?

Zero-Knowledge vs. Centralized Storage

A centralized password manager encrypts your data on their server, which means they hold the key. We encrypt on your device before the data ever moves. The distinction is the difference between trusting a company and trusting mathematics.

QUESTION
✓ VAULTPASS
✗ CENTRALIZED
Who can read your vault?
Only you (and your heir)
The company + any breach actor
Data breach impact?
Encrypted noise — useless
Your secrets are exposed
Can a court subpoena your data?
No. We have nothing to give
Yes — they hold the keys
Where does encryption happen?
Your browser, before upload
Their server, after upload
What if the company shuts down?
Your local shard still works
Data gone or sold

LastPass (2022), Norton LifeLock (2023), and RockYou2024 are examples where centralized key custody resulted in mass exposure. Zero-knowledge architecture makes that category of breach structurally impossible.

PROTOCOL

The Trinity Shard Protocol

Your vault is divided into three. Any two fragments can reconstruct the original. One alone reveals nothing.

Using Shamir's Secret Sharing (a 2-of-3 threshold scheme), your encrypted vault is split the moment you finish setup. The mathematics guarantees that holding just one shard is informationally useless — equivalent to holding nothing at all.

🔐YOUR VAULTSHAMIR SPLIT · 2-OF-3 THRESHOLD1OWNERShard 1 / 3Always with you2HEIRShard 2 / 3Time-locked3GUARDIANShard 3 / 3Cold storageUNLOCKSHARD 1 + SHARD 2 → FULL RECONSTRUCTION
Technical Parameters
SchemeShamir's Secret Sharing
Threshold2-of-3 (any two shards = full access)
Single shard aloneZero information revealed
Shard sizeEqual — no shard is privileged
🛰
INHERITANCE

The Inheritance Mechanism

No lawyer. No court. No lost crypto. Automated, private, and irreversible only when truly necessary.

🔐01

You lock your crypto instructions in a vault

Write which wallets you own, lock it with a password only you know. VaultPass never sees your password or your crypto.

📅02

You check in regularly — like pressing a button

Once a week or month, tap I'm here. Your vault stays locked. Takes 5 seconds.

👤03

You choose who receives it if you can’t check in

Pick a trusted person, add their email. They receive nothing until it’s needed. No snooping while you’re alive.

📬04

After missed reminders, they receive your vault

Three warning emails before the switch fires. Only a sustained, unresponsive period triggers heir notification.

🏛
ARCHITECTURE

How It All Fits Together

From your first keystroke to your heir's secure access — the complete lifecycle.

YOUR DEVICEVAULTPASSYOUR HEIREnter Vaultseed phrase+ passwordAES-256-GCMbrowser encryptWeb Crypto APIShamir Split2-of-3 shardsin browserStore Blobciphertext onlyno key storedHeartbeatsentinel watchesfor check-insGuardianshard 3cold storageon triggerHeir Receivesencrypted file+ shard 2Reconstructshards 2+3→ decrypt
Your device — all encryption happens here
VaultPass — stores ciphertext, monitors heartbeat
Guardian node — holds shard 3 in cold storage
Your heir — receives vault after trigger
Lexicon

Words you'll hear us use

🔒
Hardware Wallets

Using a Ledger, Trezor, or Coldcard?

VaultPass works perfectly with hardware wallets. Store your 24-word recovery phrase — not the device itself. Your heir uses it to restore access to any compatible wallet software.

Ledger
Trezor
Coldcard
Keystone
Foundation

Your family deserves access.
Set it up in 2 minutes.

Secure My Legacy →

No credit card required · Takes 2 minutes · Cancel anytime

How it works

The Protocol

01

Client-Side Encryption

Your seed phrase is encrypted with AES-256-GCM directly on your device. The raw key never leaves your browser — VaultPass receives only opaque ciphertext.

02

Sentinel Sharding

Your ciphertext is split across the VaultPass Sentinel Network. No single node holds a complete copy — reconstruction requires a quorum of shards.

03

Timed Release Switch

Miss your check-in window and VaultPass triggers an heir notification. A 7-day cancellation grace period ensures no accidental releases ever occur.

Cryptographic Vault

Data swallowed whole. Inaccessible to the outside.

Your credentials are pulled into a zero-knowledge local environment. Once encrypted using AES-256-GCM, the data becomes mathematically impossible for us — or anyone else — to extract without your exact seed phrase.

Read the security protocol