I can't see any way that I can save information on your service and have it inaccessible to the admins, especially if the note will be sent as a PDF to the registered recipients.
So I really can't put anything sensitive in the note, including things like passwords or bank codes. That rather limits the usefulness.
The note is stored encrypted using AES 256-bit keys. The only time it's decrypted without your credentials is when you don't login during the check-in period.
I also want to make it end-to-end encrypted (still looking into it) but that has a UX problem. If the recipients need a key to decrypt it, a new problem of keeping the key safe and not forget about it also appears. And if we keep the key on our server then it also kills the whole point of e2e.
I'd love to know any change I can make to make your more confident in it?
Your family may need a lot more than just your passwords.
There are a few things you may need to do at the county level, like filling out forms and paying fees so that your state can be executed quickly without additional costs and headaches for your relatives.
A tool that could help you navigate this process depending on where you live and what kind of assets you have would be a lot more helpful IMO.
Providing access to digital accounts is really not that difficult.
I use Google's Inactive Account Manager to give two groups of relatives access to two different accounts where they can download files containing all the user accounts they need.
I'll fix the privacy policy right away. Thank you for pointing it out.
The note data is encrypted at-rest. The encryption keys are kept separate. Which means even if the whole database gets leaked/hacked, the note details won't be readable.
I plan to pursue SOC 2 certification, to give users peace of mind regarding snooping, etc., if I get some signs of product-market-fit.
So sketchy. Who is the team behind this? A data leak would be catastrophic and what's preventing the admins from accessing your info. I think I'll just stick with Gmail which gives access to my account after 3 months of no activity.
The user should provide a password, that is only useful if the service emails the recipients with a link to hosted page that will decrypt the data client side.
But if the recipient forgets the password? They won't be able to reset it, in most case either, because the reset link goes to the original email which the recipient may not have access to.
So I really can't put anything sensitive in the note, including things like passwords or bank codes. That rather limits the usefulness.
The note is stored encrypted using AES 256-bit keys. The only time it's decrypted without your credentials is when you don't login during the check-in period.
I also want to make it end-to-end encrypted (still looking into it) but that has a UX problem. If the recipients need a key to decrypt it, a new problem of keeping the key safe and not forget about it also appears. And if we keep the key on our server then it also kills the whole point of e2e.
I'd love to know any change I can make to make your more confident in it?
There are a few things you may need to do at the county level, like filling out forms and paying fees so that your state can be executed quickly without additional costs and headaches for your relatives.
A tool that could help you navigate this process depending on where you live and what kind of assets you have would be a lot more helpful IMO.
Providing access to digital accounts is really not that difficult.
I use Google's Inactive Account Manager to give two groups of relatives access to two different accounts where they can download files containing all the user accounts they need.
To answer this, you have written a privacy policy, which mentions the word "encryption" exactly 0 times.
https://backupdiary.com/privacy
I'll fix the privacy policy right away. Thank you for pointing it out.
The note data is encrypted at-rest. The encryption keys are kept separate. Which means even if the whole database gets leaked/hacked, the note details won't be readable.
I plan to pursue SOC 2 certification, to give users peace of mind regarding snooping, etc., if I get some signs of product-market-fit.
https://moin.im
https://twitter.com/moinism
https://github.com/moinism
The note is stored in the DB after its encrypted. What do you suggest I change to make it more secure?
But if the recipient forgets the password? They won't be able to reset it, in most case either, because the reset link goes to the original email which the recipient may not have access to.