Encrypted at rest and in transit
Every document is encrypted before it reaches storage using AES-256-GCM with a unique key. Data in transit is protected by TLS. Even if our storage were compromised, your files remain ciphertext.
Security & Trust
Your most important documents
deserve the strongest protection.
Keepacy™ is built around encryption, access control, and compliance from the ground up — not bolted on as an afterthought.
Encrypted
AES-256 Encrypted
All documents and sensitive fields encrypted with AES-256-GCM at rest.
Protected
Your Vault, Your Control
Only you can access your vault while your account is active. Documents are released to beneficiaries only after verified death certification.
Protected
MFA Protected
Time-based one-time passwords (TOTP) and passkey support for account access.
Compliant
CCPA Compliant
Full data export and deletion rights. We never sell your personal information.
Compliant
RUFADAA Compliant
Digital asset directive support per NY EPTL Article 13-A (RUFADAA). Content and catalogue consent recorded per beneficiary.
Scanned
OWASP Top 10
Continuously scanned against OWASP Top 10 vulnerability categories.
How We Protect Your Data
Security is not a feature we added — it is the foundation everything else is built on.
Only you access your vault
Your documents are protected with strong encryption. Only you can access your vault while your account is active. In the event of your passing, after your beneficiaries have been verified through our death certificate or physician statement review process, Keepacy facilitates secure document release to your designated beneficiaries.
Multi-layer verification before vault release
Before any beneficiary receives access, Keepacy runs a staged, multi-channel escalation over days to confirm you are unreachable. A single missed check-in never triggers a release.
Every access is audited
All login attempts, document views, beneficiary changes, and vault releases are logged with timestamps and preserved for compliance. Beneficiary access audit trails are retained for 7 years.
Encryption Architecture
Three-Layer Key Hierarchy
Your documents are protected by envelope encryption. Each document is encrypted with its own unique key, and multiple layers of key wrapping ensure your data remains secure at rest.
Your Password
Never stored anywhere
PBKDF2 · OWASP-recommended iterations
Key Encryption Key (KEK)
In-memory only, never persisted
AES-256-GCM wrap
Data Encryption Key (DEK)
Unique per document
AES-256-GCM encrypt
Your Documents
Encrypted at rest in cloud storage
For the Technically Curious
Expand any section below to see exactly how Keepacy implements each security control.
Ready to protect what matters?
Start with the free plan. Your documents are encrypted from the moment you upload them.