Digital estate vault comparison: Holdfast, Cipherwill, Inheriti, DGLegacy, GoodTrust, Everplans

01What this page is

Digital estate vaults solve a narrow but real problem: the credentials, signposting, documents, and messages someone you trust will need if you can no longer hand them over yourself. The category is small, and the products inside it differ on dimensions that matter more than the marketing usually admits.

This page sits one level above our six head-to-head comparisons. Where those pages go deep on one competitor at a time, this one lines all six up against the same questions so you can see the category as a category. The axes that actually distinguish these products are architecture (where the encryption key lives and what the operator can technically read), trigger model (how the system knows to deliver, and how long that takes), recipient flow (what your nominee has to do on the day delivery fires), jurisdiction (which regulator stands behind the operator), and pricing model (one-time, subscription, partner-subsidised, or bundled with legal documents).

Holdfast runs this page. We have written it in good faith: where a competitor is genuinely the better choice for a particular use case, the page says so plainly. Three of the products listed here (Cipherwill, Inheriti, and DGLegacy) are operators we respect. Two (GoodTrust, Everplans) serve materially different markets to us and the comparison is more about scope than rivalry. None of the cells below carry ticks, crosses, or traffic lights. Every cell is prose, because the truth in this category does not fit inside a checkmark.

If you are reading this as a buyer, the table is the entry point. The per-product cards below it are the narrative bridge. The depth lives on the individual comparison pages linked at the bottom of each card. If you are an operator listed here and you find a factual error, write to us at [email protected] and we will correct it.

02Encryption and architecture

The first question to ask of any vault is who can technically decrypt it. All six products use AES-256 for the core encryption. What differs is who holds the key.

Encryption and architecture across six digital estate vaults
Criterion	Holdfast	Cipherwill	Inheriti	DGLegacy	GoodTrust	Everplans
Encryption model	Client-side AES-256-GCM. Key derived in the browser via PBKDF2 with 250,000 iterations of SHA-256 against a per-user salt.	AES-256 with elliptic-curve key encapsulation and "Time Capsule Encryption" for timed release. Post-quantum CRYSTALS-Kyber referenced in their cryptography footer.	Encrypted data is mathematically split into Shamir-style shares. A configurable threshold (e.g. three of five) reconstructs the original. A validator share is anchored to a public blockchain.	AES-256 at rest in EU data centres. Multi-factor authentication and biometric mobile login. Described as zero-knowledge by the operator.	"Bank-level 256-bit encryption" with multi-factor authentication. Not described as zero-knowledge: keys are managed within GoodTrust's infrastructure rather than derived from a user-held passphrase.	AES-256 at rest with uniquely derived per-user keys following NIST SP 800-132. TLS with 2048-bit certificates and perfect forward secrecy. SOC 2 Type II audited and HIPAA-compliant.
Where the key lives	Derived in the browser from a user-chosen passphrase that never reaches Holdfast's servers. Not recoverable by us at any point.	Generated from one or more user-held "security factors": a master password, FIDO2 key, YubiKey, on-device biometrics, or a crypto wallet. User-held, not operator-held.	Distributed across beneficiary-held SafeKey Pro hardware devices or SafeKey Mobile app instances, plus an on-chain validator share. No single party holds the whole key.	Operator describes the architecture as zero-knowledge. The precise key-custody details for the asset register are not extensively documented in their public material.	Operator-managed within GoodTrust's infrastructure, protected by access controls.	Per-user keys, but managed within Everplans' infrastructure and reachable to authorised systems. Operational, not cryptographic, separation from administrators.
What the operator can technically read	Nothing. Even with full database access, vault contents remain encrypted to anyone without the user's passphrase.	Nothing on the content path. The operator cannot decrypt without the user's chosen security factors. Layered with beneficiary public-key wrapping for delivery.	Nothing. SafeTech BV holds no decryption capability for the underlying plan; merge requires the threshold of beneficiary-held shares plus the on-chain validator release.	Encrypted at rest. The operator does hold structured metadata about which institutions and asset types a user has catalogued, separately from the encrypted detail.	Technically capable of access in extremis, since keys are operator-managed. Published policy is that staff do not access user content, but the cryptographic property is procedural rather than structural.	Published policy is that administrators have no access to user plan data or uploaded documents, only limited metadata. SOC 2 Type II audits speak to that procedurally. Technical capability of access in extremis exists.
Encryption module transparency	Cryptographic module published at github.com/Nexus-sectech/holdfast-crypto. Loaded into the vault page with Subresource Integrity, so the browser verifies its SHA-256 hash before executing it.	Full frontend codebase published on GitHub. A real and unusual transparency commitment for the category.	The Shamir-share architecture is described in published material. The implementation itself is not publicly documented as open-source.	Not publicly documented as open-source.	Not publicly documented as open-source. Encryption claims are operator-managed, audited internally rather than through published code.	Not open-source. SOC 2 Type II and HIPAA audits substitute as third-party validation of the access-control posture.
Jurisdiction and operator	Nexus-SecTech Ltd, UK limited company (Companies House 17126982), ICO-registered. Operates under UK GDPR, which the EU recognises as providing an equivalent level of protection under its adequacy decision.	Zetapad Technologies, Bengaluru, India. No published UK/EU controller designation, no SCC documentation referenced. Operates under Indian data protection law (DPDP Act 2023).	SafeTech BV, Brussels, Belgium. EU GDPR operator under the Belgian Data Protection Authority (APD).	DGLegacy, Berlin, Germany (HRB 214312 B, Amtsgericht Berlin-Charlottenburg). EU GDPR operator. Compliance partnerships with Cooley LLP and Bird & Bird for cross-jurisdiction questions.	GoodTrust Inc., Palo Alto, California. US operator under US data protection law. No published UK or EU GDPR controller designation or SCC references.	Everplans, headquartered in New York City. Acquired by Precoa (Portland, Oregon) in October 2024. US operator. HIPAA-compliant; no published UK or EU GDPR controller designation.

03Trigger and delivery

The day a vault fires is the day the design choices made years earlier become visible to the recipient. The shape of that day is set here.

Trigger and delivery models across six digital estate vaults
Criterion	Holdfast	Cipherwill	Inheriti	DGLegacy	GoodTrust	Everplans
Trigger model	Missed check-in. Default monthly, weekly available on Family and Firm tiers. A check-in is a single click on a tokenised email link or a dashboard login. Users can extend the window indefinitely via the pause function.	Missed login. Default trigger window 3 months, configurable to weekly, monthly, quarterly, semi-annually, or annually.	Smart-contract dead man's switch. Validator share released on-chain when the owner stops responding to check-in prompts within the configured timeframe.	Multi-signal HeartBeat protocol. Social media activity, biometric app login, periodic email confirmation, and phone-call escalation on premium tiers all count as alive-signals.	Scheduled email check-ins on a user-configured cadence. Trusted Contacts can also be granted immediate (pre-trigger) access to specific items.	Deputy-initiated. A Deputy logs into the platform and uses the "Report as Deceased" function. The user then has a configurable wait period of up to 30 days to respond before access unlocks.
Grace and escalation	7-day grace period, then 7-day escalation window with up to 3 reminder emails sent through distinct delivery infrastructure. Roughly six to eight weeks from last check-in to delivery on the default monthly cadence.	Reminders at day 3, 30, and 90 after the trigger. Execution at day 100. Beneficiary access ends and the account is deleted at day 200. Roughly seven months end-to-end on the default cadence.	Window configured per plan. Validator-share release on-chain is the cryptographic precondition for beneficiaries to initiate the merge process. Specific reminder cadence not extensively documented publicly.	Cadence configured by the user. Because multiple signals must fail in parallel before a fatal event is declared, the false-positive profile is lower than for any single-signal product. Specific intervals not publicly specified.	User-configurable cadence on the check-in emails. Specific grace and reminder intervals not extensively documented in their public material.	Up to 30 days configurable wait between Deputy report and access unlock. Household plans require both members to be reported and confirmed before after-death sections unlock.
Recipient access requirement	No platform account, no app, no hardware. Recipients open an email and use the delivery passphrase shared offline (text, card, sealed envelope, kept with a solicitor) to decrypt.	Beneficiaries need a Cipherwill account, paired in advance to receive what was assigned to them. Access is via the Cipherwill dashboard.	Each beneficiary needs either a SafeKey Pro hardware device (€60 each) or the SafeKey Mobile app with a registered SafeID account. At delivery, beneficiaries coordinate a merge through inheriti.com to reach the threshold.	Beneficiaries log into DGLegacy (creating an account if they do not have one) to view the assets assigned to them, then deal with the underlying institutions directly to claim.	Trusted Contacts log into GoodTrust to view the documents and Vault items shared with them.	Each Deputy creates a free Everplans Deputy account via email invitation and accesses the shared content within the Everplans platform.
Delivery content	The actual encrypted vault: credentials, recovery phrases, signposting information about asset locations, documents, and private video messages (up to 50MB each on Family tier and above) addressed to individual recipients.	Data segments unlocked to beneficiaries on their Cipherwill dashboard. Content scope is broad, but access is mediated through the platform UI.	The original encrypted plan, revealed after the merge threshold is met. What is inside is whatever the plan owner chose to encrypt.	Notifications about what assets exist, where they are, and how to claim them. The beneficiary then deals with the underlying institutions. Not direct delivery of credentials.	Estate documents (will or trust, directives), Digital Vault items shared with the contact, and any scheduled email or video messages.	The checklist content the user assigned to each Deputy: documents, structured fields, and personal content, accessed within the platform.
Post-delivery retention	30 days after delivery, the vault is fully purged. A warning email goes to recipients on day 23. On day 30 the encrypted blob, salt, hash, and hint are nulled, storage files deleted, subscription cancelled, and the user row anonymised.	Beneficiary access for 100 days after execution. The user's account and data are then deleted (day 200 from trigger).	Not publicly documented as a defined post-merge retention window in their consumer-facing material.	Not publicly documented in detail. Beneficiary access to the asset register persists for the period the family needs to act on the notifications.	Not publicly documented as a fixed post-delivery purge window. Trusted Contact access to shared content persists.	Not publicly documented as a fixed post-unlock purge window. Deputy access to unlocked sections persists.

04Pricing and business model

The pricing models split the category sharply. Subscription, one-time, bundled with legal documents, or subsidised through partner channels. Each model serves a different kind of buyer.

Pricing and business models across six digital estate vaults
Criterion	Holdfast	Cipherwill	Inheriti	DGLegacy	GoodTrust	Everplans
Free tier	Free forever. 5 entries, 1 recipient, monthly check-in.	Free forever. Limited data segments, up to 5 beneficiaries, email-only communications.	No free tier. The product is built around per-plan one-time fees.	Silver tier is free. 3 protected assets, 10 passwords, 1 beneficiary per asset, unlimited trustees.	No comparable free tier for the vault. The Estate+ bundle is the entry point.	Freemium tier limited to 3 items.
Paid entry-level	Personal: £5/month or £45/year. Unlimited entries, 3 recipients, choice of weekly, fortnightly, or monthly check-in.	Premium: $40/year (list $60). All segments, unlimited beneficiaries, 1GB file storage, SMS and phone notifications, live chat support.	Modular one-time pricing. Setup €39.99, €2.49 per beneficiary, €2.49 per blockchain share, plus €60 per SafeKey Pro device. A typical three-beneficiary plan with hardware totals roughly €232 one-time.	Gold: $5.99/month, $83.90/year, or $120 one-time. Unlimited assets, beneficiaries, trustees, and passwords. Phone confirmation on the HeartBeat protocol.	Estate+ at $149 for the first year (includes will or trust, four directives, Digital Vault, family plan, unlimited updates). Then $39/year membership to keep editing.	Premium: $99.99/year. Full access to all sections, document upload, deputy designation.
Family or multi-user	Family: £9/month or £79/year. Two independent partner vaults on one plan (each fully private), 5 recipients per vault, video messages up to 50MB each.	Not publicly documented as a distinct family or partner tier. Premium covers one user with unlimited beneficiaries.	Not applicable. Each Inheritance Plan stands alone; multiple plans can be purchased independently.	Not publicly documented as a distinct partner-vault tier. Platinum is the higher-feature tier ($9.99/month, $107.99/year, or $180 one-time).	Estate+ includes a family plan as standard: each adult family member can create their own complete plan at no additional cost.	Household Everplans for two members, with after-death sections unlocking only when both members have been reported and confirmed.
Business or firm tier	Firm: £39/month or £399/year. Built for professional firms in legal and financial services (UK solicitors and IFAs and their international counterparts). White-label delivery, CSV bulk client invite, dedicated dashboard, soft cap of 20 clients with tiered overage above (£20-£30 per client per year).	No B2B tier of comparable scope publicly documented.	Business products exist, but no equivalent solicitor or advisor channel tier in their published material.	Platinum tier bundles legal support for beneficiaries via Cooley LLP and Bird & Bird partnerships. A different model: institutional law firms acting as a referral and support layer.	Partner-channel distribution rather than a firm tier. Subsidised access through AOL Premium, Beneficiary Advance, employer benefits, and insurance providers.	Everplans Professional: B2B tier for US financial advisors. Co-branding, household-level client management, and CRM integrations with Redtail and Orion. Pricing by quote.
Money-back or cooling-off	14-day cooling-off period on any paid tier under the UK Consumer Contracts Regulations.	Not publicly documented.	Not publicly documented. The one-time payment model carries different expectations than a subscription.	90-day money-back guarantee on paid plans.	Not publicly documented.	Not publicly documented.
Billing model	GBP, recurring monthly or annual. Stripe-processed.	USD, recurring annual on Premium.	EUR, modular one-time per plan and per add-on. Activation methods priced separately (login free, click-link €0.99, SMS €2.49, phone call €4.99).	USD, monthly or annual subscription, with one-time lifetime options on Gold ($120) and Platinum ($180).	USD, $149 first-year fee then $39/year membership for ongoing updates. Partner channels can subsidise or include access.	USD, annual. Partner subsidies (VSP, MOAA, Blue365, employer benefits) can bring effective per-user cost to roughly $27/year.

05Where each product is strongest

A single row, one sentence per product. This is the credibility row. Every product including Holdfast gets a genuine statement of where it is the better fit, written without irony.

Where each product is strongest
Product	Where it is strongest
Holdfast	UK jurisdiction with named accountability, true zero-knowledge architecture with an openly published encryption module under Subresource Integrity, and a Firm tier purpose-built for professional firms in legal and financial services. The recipient flow needs no account, no app, and no platform login on the day delivery fires.
Cipherwill	The lowest paid price in this set at $40/year, the most open client (full frontend on GitHub), and the broadest set of "security factor" options including FIDO2 keys, YubiKeys, biometrics, and crypto wallets. A natural fit for technical users protecting cryptocurrency and online accounts.
Inheriti	Self-sovereign architecture that survives the operator vanishing. Mathematical access control via Shamir-style sharing means no single beneficiary can decrypt unilaterally, which suits disputed estates, business co-founders, and crypto-native inheritance where hardware tokens and multi-signature are already the norm.
DGLegacy	Asset cataloguing as the primary mental model. The multi-signal HeartBeat protocol (social activity, biometric login, email, phone) is genuinely more robust against false positives than any single-signal check-in. Bundled legal support via Cooley LLP and Bird & Bird partnerships at the Platinum tier is unmatched in this set.
GoodTrust	The cheapest comprehensive US estate-planning bundle in this set. $149 covers attorney-crafted will or trust, four directives, Digital Vault, and the family plan, all valid in 50 US states. The separate WGSD service handles post-mortem account closure across 100+ sites, and the partner network (AOL Premium, employer benefits) materially reduces effective cost.
Everplans	The most refined checklist-driven onboarding in the category, refined over more than a decade. SOC 2 Type II audited and HIPAA-compliant for medical content, with an established US financial advisor channel through Redtail and Orion CRM integrations. The most mature US partner-subsidy network.

06The six products in one paragraph each

Tables compress. These are the same six products in prose, with a line on who each one fits best, and a link to the head-to-head comparison page where the depth lives.

Holdfast

holdfast-co.uk

UK-based zero-knowledge digital estate vault and dead man's switch. Encrypted client-side with AES-256-GCM under a passphrase that never reaches our servers. Recipients receive the vault by email and decrypt with a passphrase you shared with them in life. Operated by Nexus-SecTech Ltd under UK GDPR.

Choose this if you want a UK operator with named accountability, a recipient flow that works for people who have never used a digital legacy product, or a Firm tier built for professional firms in legal and financial services.

View Holdfast

Cipherwill

cipherwill.com

India-operated digital legacy platform with the most open client in the category (full frontend on GitHub) and the broadest set of security-factor options: master password, FIDO2, YubiKey, biometrics, or crypto wallet. Beneficiaries access through a Cipherwill account on the platform.

Choose this if you are technically fluent, your assets are mostly crypto and online accounts, and you want the lowest paid tier in this set at $40/year.

Holdfast vs Cipherwill

Inheriti

inheriti.com

Belgian-operated digital inheritance platform built on Shamir-style secret sharing. Encrypted shares are distributed across beneficiary-held SafeKey Pro hardware devices or SafeKey Mobile apps, with a validator share anchored to a public blockchain. Self-sovereign by design.

Choose this if your inheritance is primarily cryptocurrency, your beneficiaries are comfortable with hardware tokens, and you value mathematical access control above operational simplicity.

Holdfast vs Inheriti

DGLegacy

dglegacy.com

Berlin-operated digital legacy platform built around asset cataloguing. The HeartBeat protocol combines social media activity, biometric login, email confirmation, and phone-call escalation to confirm life. Platinum tier bundles international legal support via Cooley LLP and Bird & Bird.

Choose this if the central problem is your family not knowing what assets exist, you value redundant fatal-event detection, or you want bundled international legal support for beneficiaries.

Holdfast vs DGLegacy

GoodTrust

mygoodtrust.com

US-operated estate-planning suite. $149 one-time for the Estate+ bundle covers attorney-crafted will or trust, four directives, Digital Vault, and a family plan, valid in all 50 US states. A separate WGSD service handles post-mortem account closures across 100+ sites.

Choose this if you are in the US, you do not yet have a will, and you want a comprehensive bundle including legal documents and the digital vault at a single price point.

Holdfast vs GoodTrust

Everplans

everplans.com

US-operated digital vault with the most refined checklist-driven onboarding in the category. SOC 2 Type II audited, HIPAA-compliant, with established financial-advisor CRM integrations via Redtail and Orion. Acquired by Precoa (preneed funeral lead generation) in October 2024.

Choose this if you are in the US, you want HIPAA-compliant medical storage, you value checklist-driven onboarding, or you have access through a partner subsidy that materially reduces cost.

Holdfast vs Everplans

07A note on what this page is and isn't

Any comparison page reflects a moment in time. Products change. Pricing pages get rewritten. Companies are acquired. Security claims are revised, sometimes for good reasons. We have written every cell on this page from the operator's own published material, verified on the date below. If you are reading this six months from now and something here is out of date, that is on us to fix and we would rather know than not.

If you are one of the operators listed on this page and you find a factual error, write to us at [email protected] with the correction and the source link, and we will update the page promptly. We have no interest in misrepresenting anyone in the category, including the products that are arguably our closest competition.

If you are a prospective buyer, the most useful thing this page can do is point you to the head-to-head comparison that matters for your situation. The links on each product card lead to the depth. If none of them quite fits, the comparison hub lists every page we have published in this category. Holdfast is operated by Nexus-SecTech Ltd, a UK company registered with Companies House (17126982) and the ICO (ZC120755).

Last reviewed: 19 May 2026