Security Architecture

An Overview of Our Commitment to Your Sovereignty

At Hereditas, security is not a feature; it is the bedrock of our existence. Our platform is architected around a single, non-negotiable principle: you, and only you, should have access to your data. This document provides a high-level overview of the technical measures we take to uphold this promise.

The Zero-Knowledge Model

The cornerstone of our security is a Zero-Knowledge architecture. In simple terms, this means we, the service provider, have zero knowledge of the content you store on our platform. This is not a policy choice; it is a cryptographic limitation we have intentionally designed.

  1. Client-Side Encryption: All encryption and decryption of your data happens directly on your device (your computer or phone). Your data is never sent to our servers in an unencrypted state.
  2. Your Password is Your Key: Your master password, which you create and never share with us, is used to generate a powerful encryption key. This key is used to encrypt your data. Since we never see your password, we can never generate your key.
  3. The Consequence: If you forget your password, we cannot recover it. There is no "Forgot Password" link that will give you access to your data. This might seem inconvenient, but it is the ultimate proof that we cannot access your account. If we can't recover it for you, no one else can either.

Encryption Standards

We use only industry-leading, publicly audited encryption algorithms. Our current implementation uses:

  • AES-256: The Advanced Encryption Standard with 256-bit keys is used for encrypting your data at rest. This is the same standard used by governments and financial institutions worldwide.
  • PBKDF2-SHA256: This algorithm is used to derive your encryption key from your password. It adds a "salt" and performs thousands of hashing rounds to make brute-force attacks against your password computationally infeasible.
  • TLS 1.3: All communication between your device and our servers is protected with Transport Layer Security (TLS) 1.3, ensuring your encrypted data is safe in transit.

The Automated Transition Protocol

The secure transfer of your legacy is as critical as its storage. Our transition protocol is designed with multiple layers of security and verification.

  • The "Dead Man's Switch": This is a system that requires you to periodically check in. If you fail to check in after a pre-defined period and after multiple notifications, the system initiates the transition protocol.
  • Guardian Verification: You can designate trusted individuals ("Guardians") who must independently and unanimously confirm a life-ending event before any data is released. This prevents accidental or malicious triggering.
  • Granular Release: The system does not release your entire vault. It releases specific, pre-designated "packages" of information to specific beneficiaries, exactly as you defined. Each package is encrypted with its own key, which is only made available to the designated beneficiary upon successful verification.

Infrastructure and Audits

Our platform is built on world-class, secure cloud infrastructure. We regularly engage independent, third-party security firms to perform comprehensive audits of our code, infrastructure, and cryptographic implementations. Summaries of these audits will be made available to our users to ensure transparency and accountability.

"Trust should be built on proof, not promises."

The Hereditas Engineering Team

Our commitment is to provide you with a fortress for your digital life, where you are the sole architect and keyholder. If you have further questions about our security practices, please do not hesitate to contact us.