Our story

Built for the moment that matters most.

Holdfast started with a family loss, a frightening number, and a question nobody wants to think about — but everyone should.

Encryption
AES-256-GCM
Authenticated encryption, applied client-side. The ciphertext is all we ever see.
Experience
20+
Years of enterprise security experience behind every architectural decision.
Plaintext stored
Zero
Plaintext ever stored on our servers. We hold ciphertext only.
Based & built
UK
ICO registered. UK GDPR compliant. Your data stays here.

Where it began

In 2017 I lost my uncle without warning. His first heart attack was also his last. He was generous, ambitious, full of life — the kind of person strangers warmed to immediately, which meant doors opened for him that stayed closed for others. He had built a comfortable life for his family: a home, a marriage, children, financial interests across several ventures still in motion when he left.

The grief was immediate and devastating. What followed was slower, and in some ways harder to bear.

£4.7m
Estimated value of the estate he left behind
£930k
What his family successfully recovered

The rest was not stolen. It was not disputed in court. It simply could not be found. Accounts nobody knew existed. Investments with no paper trail. Projects and financial interests that had no record his family could reach. The information died with him, and so did the wealth it pointed to. His wife and children are still living with that gap today.

The information died with him, and so did the wealth it pointed to.

The question it raised

At the time I had three-year-old twins. As a cybersecurity professional with more than twenty years of experience, I had accumulated exactly the kind of digital life that is hardest to hand over. Crypto assets. Two-factor authentication keys. Banking apps with passwords that existed only in my head. Pension documents. Life insurance records. Any corporate or institutional correspondence in our household found its way to me by default — I was the go-to person for everything financial and technical.

My wife is not a tech person. That is simply true. If I had gone the way my uncle did, she would not have known where to start. Not because she is not capable, but because none of it was written down anywhere she could reach it.

That thought frightened me in a way I did not expect. So I looked for something that would solve it.

What we built

I could not find a product I trusted, that a non-technical person could use on the receiving end, and that was operated under a legal and regulatory framework I could hold accountable. So I built Holdfast.

Everything stored in your vault is encrypted on your device using AES-256-GCM before it ever reaches our servers. The key is derived from a passphrase only you hold — we never see it, we never store it. We hold ciphertext only. We cannot read what you have written, and we never will. If your check-ins stop, an escalation sequence runs, and then your vault delivers itself to whoever you nominated — without them needing a Holdfast account, without them needing to call anyone, without us being involved in that moment at all.

It is not a will. It is everything a will does not cover.

Holdfast is operated by Nexus-Sectech Ltd, a UK limited company, ICO registered (ZC120755), compliant with UK GDPR. How Holdfast compares to other vaults in the category is on the public record.

Ready to take care of it?

It takes less than 20 minutes to set up your vault. Start free — no card required.

Create your vault
© 2026 Holdfast Co. A Nexus Company. All rights reserved. ICO Registered (ZC120755) · Company No. 17126982 · 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ