How Your Legacy Vault
Actually Works
Every layer explained in plain English — from the moment you create your namespace to the day your family receives exactly what you intended. No jargon. Just clarity.
Start Here
Think of it as a digital Fort Knox — that only opens on your terms.
Legacy Vault Protocol has three layers. Understanding them takes 5 minutes and changes how you think about estate planning forever.
Your Namespace
Your sovereign address
Think of this as your estate's permanent home address on the protocol — like a PO Box that lives on a blockchain and can never be taken from you. Format: yourname.legacy. It's the root identity that everything else is built under.
Your Vault
Encrypted container
Inside your namespace, you create one or more vaults. A vault is an encrypted container that holds your wallet addresses, documents, and asset inventory. Think of it as the actual safe — everything inside is locked with keys only you control.
Your Release Gate
5-condition lock
You configure who gets what, and under what conditions. The vault stays sealed until 5 independent verifications are complete. No single person — not even your executor — can open it alone. This is what makes it fundamentally different from every other system.
Under the Hood
5 technology layers — each one matters.
AES-256-GCM Encryption with HKDF Keys
Your documents are locked before they ever leave your device.
When you upload a document, your browser encrypts it using AES-256-GCM — the same encryption used by the NSA for top secret data. The encryption key is derived using HKDF (a military-grade key stretching function) from a master secret that only you hold. The server receives only the locked blob — it mathematically cannot read your documents. If our servers were hacked tomorrow, every file they got would be useless gibberish.
Technical Stack
AES-256-GCM · HKDF-SHA256 · Per-vault unique keys
Simple Analogy
It's like putting your documents in a safe that you lock yourself before handing to a storage company. They store the safe — but you kept the only key.
Private IPFS — Content-Addressed Storage
Your encrypted files are stored in a system where tampering is mathematically impossible.
After encryption, your files are stored on a private IPFS (InterPlanetary File System) network. IPFS is content-addressed — each file gets a unique fingerprint (CID) based entirely on its contents. If even one byte changes, the CID changes. This means any tampering with your files is instantly detectable. Your family's executor can independently verify every document hasn't been altered since you uploaded it.
Technical Stack
Private IPFS · Swarm key isolation · CID content addressing
Simple Analogy
Think of it like a document having its own unique DNA fingerprint. If anyone changes anything — even a comma — the DNA no longer matches and the fraud is provable.
Private Blockchain + XRPL Anchoring
Every important action is written to an immutable ledger that no one can alter.
Every time you create a vault, upload a document, add an executor, or change a policy — a cryptographic record is written to a private EVM blockchain. Critical document hashes are also anchored to the public XRPL and Stellar blockchains. This creates a tamper-evident, court-ready audit trail. In probate proceedings, your executor can prove exactly what was in your vault, when it was added, and that nothing was changed — with mathematical certainty.
Technical Stack
Private EVM chain · XRPL AccountSet Memo · Stellar MEMO_HASH · SHA-256
Simple Analogy
Every action gets its own permanent timestamp — like a notary seal on every single event, but cryptographic and permanent rather than just a rubber stamp.
W3C Verifiable Credentials + Role-Based Access
Everyone who touches your estate is cryptographically verified before they can act.
The people in your estate (executors, guardians, attorneys, beneficiaries) don't just get an email invitation — they receive W3C Verifiable Credentials, a global standard for cryptographic identity. Your executor must complete identity verification (the same standard banks use for high-value accounts) before any release process can begin. Each role gets exactly the access they need — nothing more.
Technical Stack
W3C DID · VC 2.0 · NIST SP 800-63-4 IAL 2/3 · 6 scoped roles
Simple Analogy
It's like requiring every person who enters the vault room to present a government-issued ID plus a cryptographic signature — and the system checks both automatically.
5-Condition Release Protocol
Your vault opens only when five independent verifications are complete — and not a second sooner.
This is the most important layer. Before your beneficiaries can access anything, five conditions must ALL be satisfied: (1) Executor identity verified, (2) Death certificate uploaded and hashed, (3) Attorney or notary attestation, (4) Guardian quorum (e.g., 2 of 3 guardians approved), (5) Waiting period elapsed without dispute. Every condition is cryptographically recorded on-chain. If any condition is missing or forged — the vault stays locked. This is what prevents fraud, coercion, and premature access.
Technical Stack
Multi-proof release engine · Guardian N-of-M quorum · On-chain condition tracking
Simple Analogy
It's like a bank vault that requires five different keys from five different people, all verified independently, with a mandatory waiting period before it opens. No single person can cheat the system.
Visual Reference
See the architecture at a glance.
The 5 Protection Layers
The 5-Proof Release Gate
All five conditions must be satisfied simultaneously. No exceptions.
Dead Man's Switch Flow
Silence alone never opens the vault — all 5 proofs still required.
Complete Lifecycle
From setup to your family receiving access.
Register your namespace
Claim yourname.legacy — your permanent sovereign estate address. Takes 3 minutes. Anchored on the private chain.
Create your vault and encrypt everything
Upload documents, register wallet addresses, add assets. Everything is encrypted before it leaves your browser. The server never sees plaintext.
Add your team
Designate your executor (who manages the release), guardians (who must approve), beneficiaries (who receive access), and an attorney (who attests).
Configure your release policy
Set the guardian quorum (e.g., 2 of 3 must approve), waiting period (30–365 days), and whether attorney attestation is required.
Set up dead man's switch
Configure periodic check-ins. If you miss three check-ins in a row (customizable), your guardians are notified. The full release process only starts when all 5 conditions are met — not automatically.
Seal your legacy messages
Write personal messages to each beneficiary — letters, video notes, final wishes. Encrypted and sealed until the vault releases.
Executor submits a release claim
Your designated executor files a claim. This does not open the vault — it begins the verification process.
Identity verification
The executor completes identity verification (IAL 2 — equivalent to bank account opening). A cryptographic Verifiable Credential is issued and recorded on-chain.
Death certificate uploaded
A certified copy of the death certificate is uploaded, SHA-256 hashed, and anchored to the private chain and XRPL. This is Condition 2.
Attorney attests
A licensed attorney or notary reviews the legal authority and signs a cryptographic attestation. Recorded on-chain. Condition 3.
Guardian quorum approves
Each guardian receives a request. They independently verify the claim and sign their approval on-chain. Once the quorum threshold is reached (e.g., 2 of 3), Condition 4 is satisfied.
Waiting period begins
A mandatory dispute window opens (default: 30 days). During this period, any beneficiary can contest the release. This mirrors probate court requirements.
All 5 conditions met — vault releases
The protocol evaluates all conditions simultaneously. Only when all five are satisfied does the administrator authorize release. Access grants are issued to each beneficiary with their specific scope.
Beneficiaries receive scoped access
Each beneficiary receives exactly what you designated — nothing more, nothing less. Cryptographically enforced. Your estate attorney gets legal documents. Your child gets their specific inheritance items. An auditor gets only hashes.
Legacy messages delivered
Your sealed messages are released to each recipient. Letters, video notes, final wishes — delivered exactly as you intended.
Full audit trail preserved
The complete chain of events remains publicly verifiable forever. Every action, every condition, every approval — immutably logged. Court-ready. Probate-ready.
The People In Your Estate
6 roles. Each one has a specific job.
Owner
Full control while alive
You. Creates and manages the vault, adds all content, configures the release policy. Only the owner has master key access. Vault is completely under your control during your lifetime.
Can do:
- Add/remove any content
- Change the release policy
- Add or remove team members
- Configure dead man's switch
Executor
Manages the release process
The person (often an attorney or trusted family member) who initiates and manages the vault release. They must verify their identity before any action. They cannot access vault contents until all 5 conditions are met.
Can do:
- Submit release claim
- Upload death certificate
- Coordinate guardians
- Receive asset inventory after release
Guardian
Approves the release — cannot act alone
Independent parties (attorneys, trusted friends, institutions) who must co-sign the release. Their job is to prevent coercion and fraud. A quorum is required — no single guardian can approve or block alone.
Can do:
- Review and approve release claim
- Can raise a dispute
- Never sees vault contents
- Signs cryptographic attestation
Attorney
Attests legal authority
A licensed attorney or notary who confirms the executor has proper legal authority. Their attestation is cryptographically recorded on-chain. This is a required condition in most vault configurations.
Can do:
- Attest executor authority
- Access legal document package
- Review estate map
- Issue signed attestation
Beneficiary
Receives exactly what you designated
People or entities who inherit specific vault contents after release. Each beneficiary gets a cryptographically scoped access grant — only to the items you allocated to them. No beneficiary can see another's allocation.
Can do:
- Receive allocated assets after release
- View only their designated items
- Access legacy messages addressed to them
- Can dispute during waiting period
Auditor
Verifies integrity — no private data
Courts, accountants, or designated oversight parties who can verify the vault's audit trail without seeing any private content. They receive only hashes, timestamps, and event records — mathematically sufficient to verify nothing was tampered with.
Can do:
- Verify audit trail hashes
- Check event timestamps
- Confirm chain anchors
- Never accesses documents or balances
Common Questions
What people ask before they register.
What happens if Legacy Vault Protocol shuts down?+
Your encrypted documents are stored on IPFS — a distributed network that continues to function without our servers. The smart contracts on the private chain are open source and can be run by anyone. Your data is not hostage to our business. This is by design.
Can I include seed phrases and private keys?+
No — and that's a feature, not a limitation. Seed phrases should never be stored digitally, period. Instead, you register your public wallet addresses (which prove you own the wallets without exposing keys), and separately document where your seed phrases are stored physically. Your executor gets the location instructions, not the keys themselves.
What if my executor dies before me?+
You can designate a primary and backup executor. The system supports a full succession chain for all roles. You should review and update your vault annually — or when life circumstances change.
Does this replace my will?+
No. Legacy Vault Protocol complements — but does not replace — a properly executed will or trust. Actual legal authority to transfer assets at death depends on applicable estate law and court processes. Our system provides the digital infrastructure; your attorney provides the legal authority. See our Document Intelligence system for AI-drafted templates that your attorney can review.
What does my family actually receive at release?+
Each beneficiary receives a scoped decryption key for only their designated items. They can access exactly what you allocated — the specific documents, wallet references, and asset inventory entries you marked as theirs. The vault owner's full inventory is only accessible to the executor and attorney.
How long does the release process take?+
With a well-configured vault, typically 30–60 days. The biggest variable is the waiting period (which you set — default is 30 days) and how quickly your executor and guardians can complete their steps. In practice, if your team is prepared, the entire process can complete in under 45 days.
Is this only for wealthy people?+
No — it's especially critical if you have crypto assets, digital business interests, or any assets that exist only digitally. The $68 trillion great wealth transfer is happening at every income level. If you have a crypto wallet, a brokerage account, or an online business, you need this.
What does RUFADAA mean and why does it matter?+
RUFADAA (Revised Uniform Fiduciary Access to Digital Assets Act) is the law in most US states that governs whether fiduciaries (executors, trustees) can legally access your digital accounts after death. Legacy Vault Protocol is built around RUFADAA compliance — our executor authority flows are designed to give your executor the legal basis to act. Without this alignment, your executor could be legally blocked from accessing even your email.
Ready to build your sovereign estate?
Takes 20 minutes to set up. Lasts forever. Your family will thank you.