Trust & security
Your family will one day rely on this. We build like it.
This page is maintained by My Life's Vault. It explains the controls that are live in the platform today and how we keep important actions auditable — so you can decide with eyes open.
Platform
Platform & infrastructure controls
The controls below describe how the platform is built and operated today. We are not SOC 2 Type II or ISO 27001 certified as yet, and we do not claim to be. We have designed and operate My Life's Vault against many of the security, privacy and operational principles that underpin these frameworks, including the GDPR regulatory framework. Rather than asking members, partners or advisors to rely on badges or marketing claims, we publish the controls and practices that are actually in place so you can judge our approach for yourself.
TLS 1.2+ everywhere, HSTS enforced
All traffic is served over modern TLS with HSTS. No sensitive data ever travels in URL query strings, error pages or analytics events.
Encryption at rest & private storage
Managed Postgres and object storage encrypt data at rest. Document and media buckets are private; downloads use short-lived signed URLs, never public links.
Row-level security on every member table
Each member-data table enforces row-level security scoped to the authenticated user. The privileged service role is restricted to verified server functions and signed webhooks — never the browser.
Per-tenant isolation, no ad-hoc access
Workspaces are isolated by region and tenant. Production member data is not accessed for ad-hoc analytics; staff touch it only for named maintenance migrations or incident response.
Application
Application security practices
Strict typing, linting & dependency scanning
Strict TypeScript, ESLint and dependency scanning run in CI. Security scanner output is reviewed before each publish.
Server-side auth & re-authentication gates
Authentication is enforced server-side, not by hiding UI. Sensitive actions — handover, exports, email or phone change, account deletion — require re-authentication, configurable in Settings → Security.
MFA & breached-password checks
Email + password sign-in checks against the HIBP breached-password list. Google sign-in and MFA challenges are available, and an auto-lock can be enabled on the device.
Signed webhooks & validated inputs
Every inbound webhook is signature-verified before processing. Every server function validates its input with a schema — we don't trust the client.
Personal information
How we handle your personal information
We treat the vault's contents — names, dates, family relationships, beneficiaries, health and care preferences, will and estate content, financial references, and identity documents you choose to upload — as sensitive personal information from the moment they're captured.
Collect only what's in front of you
We capture only the field the member is filling in. Nothing is pre-filled from external profiling, ad networks or data brokers. We do not OCR uploaded identity documents into searchable fields by default.
ARIA refuses high-risk secrets
ARIA will not ask for and will not store passwords, full card or account numbers, CVV, PIN, full national-ID numbers (SSN, NRIC, Emirates ID, passport), MFA codes, recovery seed phrases or private keys. If they're pasted in, ARIA asks the member to remove them.
Stored in your region, scoped to you
Member data lives in the regional workspace's database with encryption at rest and row-level security scoped to your account. Sensitive free-text fields use field-level encryption where designed for it.
Not sold, not advertised against, not used for AI training
Your personal information is never sold, never used for advertising, and never used to train external AI models. Advisor and beneficiary portals see only the slice you've explicitly configured for them.
Special-category data handled with extra care
Health information, religious preferences (including Faraid / shariah choices) and family-structure data are treated as special-category data — extra access scoping, used only to serve your own plan.
Deletion, export & legal-hold
You can export your vault and audit log at any time, and request deletion via privacy@mylifesvault.com. Signed wills are kept under legal-hold; partner-provisioned seats follow a 60-day offboarding window before purge.
Designed against
How the platform is designed against the GDPR
GDPR is a regulation, not a certification — no product can claim to be 'GDPR certified.' What we can show is how the platform is designed against its principles, with equivalents under UAE PDPL, Singapore PDPA and US state privacy laws.
Lawfulness, fairness & transparency
We explain in plain language what each section of the vault is for, why we need a field, and who can see it. Lawful bases (contract, legitimate interests, consent) are never bundled together.
Purpose limitation & data minimisation
Vault data is used to serve your plan and the people you've nominated — not for unrelated analytics, profiling or marketing. We don't ask for fields we don't need.
Accuracy & storage limitation
Members can correct any record at any time. Signed wills are immutable by design; corrections produce a new witnessed version. Backups follow the managed database's retention.
International transfers follow your region
Data residency follows the regional workspace you signed into. Sub-processor categories and the current list are available from the concierge as part of the DPA.
Data-subject rights honoured end-to-end
Access, rectification, restriction, objection, portability and deletion are supported. Self-service export covers vault data and the audit log; concierge handles the rest within statutory timeframes.
Breach response & accountability
Security incidents are concierge-handled with a 24-hour acknowledgement target and a 72-hour authority-notification target where applicable. Members are notified when their personal information is materially affected.
Operations
Operational practices
Member-initiated, concierge-supported
Handover, exports, deletion and advisor access are member-initiated. A human concierge handles incidents, disclosures and complex requests — not a chatbot.
Point-in-time recovery & restore drills
The managed database supports point-in-time recovery. Restore drills are exercised before major releases so backups are known-good, not assumed-good.
Exportable audit log
Members can export their own audit log as CSV at any time. The log is retained for accountability and to support the executor or advisor if access is ever questioned.
Coordinated disclosure welcomed
Researchers can report findings to security@mylifesvault.com. We acknowledge within one business day and credit responsible disclosure when fixes ship.
Today
How your vault is protected
We treat every record as though a family one day will rely on it during illness, incapacity or loss. The controls below are live in the platform today.
Encrypted in transit and at rest
All traffic is served over TLS. Stored data, files and backups are encrypted at rest by our cloud infrastructure.
Role-based access you control
Every vault record is scoped by ownership and explicit permission. Trusted people see only what you have chosen to share with them, and only at the moment you allow.
One person, one record
Family members, advisors and trusted contacts live in a single People & Relationships registry. Roles and permissions are tracked per person — no duplicate identities, no orphaned access.
Privacy by design
We collect only what is needed to make the vault useful. Sensitive content is never used to train external models, and we never sell or share your data with third parties for marketing.
Auditability
A clear record of everything that matters
When something important happens — a will is signed, an executor accepts, a death is reported — we capture who did what, when, and from where.
Immutable will versions
Once a will is signed it becomes a sealed version. Edits create a new version that must be re-witnessed. Every prior version is preserved for the executor and for the courts.
Witnessed e-signing with audit trail
Each witness signs through a unique link. We capture timestamp and IP, and attach a tamper-evident certificate to the final PDF.
Executor & guardian acceptance
Nominees confirm, decline or ask questions through their own secure link. Their response — and the testator's notification — is logged on the person record.
Vault Pulse history
Every check-in, escalation step and trusted-contact notification is recorded so the family can see exactly what happened and when.
Handover
On your terms, reversible when it should be
The platform supports temporary incapacity, long-term incapacity and death scenarios — with different access rules for each, and the ability to roll back where appropriate.
Temporary access is reversible
Short-term handovers (a hospital stay, travel emergency) can be granted, time-boxed and withdrawn. The vault never discloses more than you intended.
Permanent handover is controlled
Death-event handover only unlocks the scope you defined — beneficiary information, executor instructions, the records each trusted person was meant to receive.
24-hour concierge response
When a death or incapacity is reported, a human concierge acknowledges within 24 hours and guides the next steps. Not a chatbot.
Sub-processors
Categories of sub-processors we rely on
We rely on a small, deliberate set of vendors. The current named list is shared with members on request and forms part of the Data Processing Addendum.
Managed Postgres & object storage
Hosts the regional workspace databases and private file storage with encryption at rest, row-level security and point-in-time recovery.
Transactional email provider
Delivers concierge, witness, executor and notification emails. Sensitive content is redacted from email bodies wherever possible.
AI inference gateway
Routes ARIA's prompts to model providers under contracts that prohibit training on member data. ARIA's guardrails strip secrets before any prompt leaves the platform.
Payments & monitoring
A PCI-handling payments provider processes subscriptions (we never store card details), and a monitoring provider tracks uptime and errors without ingesting member PII.
Working towards
What we're working towards
These are intent, not commitments — no dates, no certification claims. We'll publish updates as items move from planned to in progress to live.
Independent penetration test
Planned. An independent third party will test the published platform; the executive summary will be available under NDA to enterprise partners.
Published sub-processor register
In progress. A public, versioned sub-processor register with change-notification for partners.
SOC 2 readiness assessment
Planned. A readiness assessment against the SOC 2 Trust Services Criteria to prioritise the highest-value controls before any formal audit.
ISO 27001 gap assessment
Planned. A gap assessment against ISO/IEC 27001 to scope our information security management system.
Bug bounty / coordinated disclosure programme
Planned. A formal programme with safe-harbour terms and clear scope, building on the coordinated disclosure channel already open at security@mylifesvault.com.
Questions about how your vault is protected?
Our concierge team responds within one business day. For security disclosures, please mark your email Security.