New here? Create the account first, then the vault opens for setup. Extra passkeys can be added later from the sidebar.
whatnow
Vault
checking
passkey
start
browser
Proof-of-life heartbeat chart
Proof-of-life
· pings by week
Trigger sequence
Tap a segment to adjust timing, lifeline contacts, or read about release.
Trigger threshold
If no ping is received within this window the warning window starts.
Warning window
After the threshold passes you get one reminder email per day for this many days. If you still don't ping, the vault triggers and beneficiaries are notified.
Lifeline contacts
Lifeline is an optional check-in backup: if you miss a ping after your warning window, we can email a trusted contact (no account needed — they confirm from the message). Stored with your account; delivery logic is still rolling out.
Tip: choose someone who checks this inbox regularly.
Contact 1
Contact 2
How Me + 2 works (veto)
Both contacts get the same question. This is a veto setup, not unanimous release:
- If anyone confirms you’re okay, the check-in clock resets.
- If no one confirms within the wait window, the flow continues as if no backup existed.
Release
This is the final segment on the bar above. If the clock runs out, the vault is marked triggered; each named beneficiary gets a link to download ciphertext and decrypt it locally with the key you prepared for them—nothing is handed out before that moment.
-
-
Your device signs a challenge–response — no password vault for us to leak.
-
Check the connection, add the people who should receive the note, then seal the message before it leaves this browser.
Advanced actions
- Last ping
- none
- Vault
- none
Vault message
Readable only in this browser until you seal it. Edit alongside recipients below, then encrypt and save when you are ready.
The service keeps a single sealed vault per account, not a history. After you save, older sealed copies are removed—copy anything you need before overwriting.
Beneficiaries
Add one recipient at a time. Choose how their copy of the vault key is sealed.
You will be asked for the actual passphrase when you seal the vault — not now. Share the passphrase with the beneficiary out-of-band (phone call, Signal, etc.).
How to generate (OpenSSL)
-
Generate
private
key
openssl genrsa -out beneficiary-private.pem 2048 -
Export
public
key
(paste
here)
openssl rsa -in beneficiary-private.pem -pubout
The private key never leaves the beneficiary's machine.
The beneficiary exports their public key with:
gpg --armor --export [email protected]Seal vault
One action: encrypt what you typed, upload ciphertext, and refresh the recipient key map on the server.
Passphrases for password-protected recipients
Enter the passphrase you shared with each person. They stay in your browser only.
Saving replaces your current sealed vault: the previous ciphertext is deleted from storage. There is no inbox of past versions in this UI.
Read vault
Decrypt the sealed vault in your browser. Nothing is sent to the server.
The private key never leaves your browser.
Decrypted content
Behind the scenes
A rough map of how things connect, plus a timestamped log —including HTTP round-trips —when you want to see what the page actually did.