How We Protect Your Data

Your vault holds your family's most sensitive information. Here's exactly what we do to keep it safe — no vague promises, just the specifics.

We designed security into the foundation — it's not a feature we added later. Every layer described below is live and active today in your vault. We also tell you honestly what's coming next so you know exactly where we stand.

What's Protecting Your Vault Right Now

Six layers of security — all live, all active, all included.

Live

End-to-End Encryption

Every document and data field is encrypted at rest and in transit using industry-standard TLS and AES-256 encryption — the same standards used by banks and healthcare systems.

Live

Two-Factor Authentication

Built in from day one — not bolted on as an afterthought. Enable TOTP-based 2FA to require a second verification step every time you log in.

Live

Recovery Codes

Lose access to your authenticator? Recovery codes let you regain account access without compromising security. Generate them once, store them safely.

Live

Role-Based Access Control

Owners, co-trustees, managers, and beneficiaries each see only what they need. Granular permissions ensure no one has more access than their role requires.

Live

Emergency Access Protocol

Designate trusted individuals who can request vault access under predefined conditions. Requests are logged, time-delayed, and require verification — no backdoors.

Live

Full Audit Trail

Every vault action — logins, document views, edits, beneficiary changes — is logged with timestamps and user identity. Nothing happens in your vault without a record.

What We Don't Do

Transparency matters. Here's what we want you to know:

  • We never sell, share, or monetize your data — period.
  • We don’t have a “master key” to view your documents. Encryption means even our team cannot read your files.
  • We don’t store your passwords in plain text. All credentials are cryptographically hashed.
  • We won’t email you asking for your password or 2FA codes. If someone does, it’s not us.
  • We don’t claim blockchain security that isn’t built yet. We tell you what’s live and what’s on the roadmap.

A Legal Structure Behind the Technology

Legacy on Chain is organized as a Wyoming DAO LLC (Filing ID 2026-001918748). This isn't just a tech company with a privacy policy — it's a legally recognized entity under Wyoming's pioneering DAO legislation, providing a framework for transparent governance, member protections, and accountability that most startups don't have.

What's Coming Next

These features are on the roadmap. We'll be transparent about their status as development progresses.

Roadmap

Blockchain-Anchored Audit Trail

Periodic cryptographic hashes of your audit log will be anchored to a public blockchain, creating a tamper-proof, independently verifiable history that no one — including us — can alter after the fact.

Roadmap

Smart Contract Succession

Succession rules defined today in your vault will be enforceable by audited smart contracts — removing human error and delays from the wealth transfer process.

Roadmap

Decentralized Governance

As a Wyoming DAO LLC, our structure is designed for eventual on-chain governance. Multi-signature approvals and proposal voting will move from simulated to blockchain-native.

Security Tips for Vault Owners

Practical steps to keep your vault secure — especially if a device is lost, stolen, or compromised.

What If I Lose My Phone?

Your phone being stolen does not give anyone access to your vault. They'd still need your email, password, and your authenticator code. 2FA actually protects you here.

To regain access:

  1. Log in with your email + password
  2. Click “Lost your phone? Use a recovery code”
  3. Enter one of the recovery codes you saved during 2FA setup
  4. Once logged in, go to Settings → disable 2FA → set it up again on your new device
  5. Generate fresh recovery codes and store them safely

Recovery Codes — Your Backup Key

When you enable 2FA, Legacy on Chain prompts you to generate 10 one-time recovery codes. These are your lifeline if you can't access your authenticator.

Print them and keep in a fireproof safe
Store alongside important documents
Don't store them on the same phone as your authenticator
Each code works once — regenerate when running low

Private Keys vs. Your Vault Login

Legacy on Chain tracks and documents your assets — it doesn't hold custody of crypto private keys. These are two separate things:

🔐 Vault Login

Email + Password + 2FA. Protected by recovery codes. Managed here in Legacy on Chain.

🔑 Crypto Private Keys

Keys to your actual wallets. Use a hardware wallet (Ledger, Trezor). Store seed phrases offline in a safe.

Emergency Access for Trusted Contacts

In a worst-case scenario, your designated emergency contacts can request temporary read-only vault access. There's a waiting period, you're notified by email, and you can approve or deny the request. If you don't respond, access is granted automatically after the waiting period. It's a safety net for your family.

Questions About Security?

We're happy to walk you through our security practices in detail. Reach out anytime.

Contact UsView Disclaimers