Security & Privacy at MemoryShield
Your digital legacy deserves enterprise-grade protection. We combine Google Cloud infrastructure, end-to-end encryption, and a multi-step verification process to ensure your vault items are secure today and accessible to the right people tomorrow.
End-to-End Encryption
Your vault items are encrypted with keys only you control. Even we can't read your data.
Two-Factor Authentication
Add an extra layer of security with SMS verification codes on every login.
Google Cloud Infrastructure
Built on Google's enterprise-grade infrastructure with automatic security updates.
Multi-Step Verification
Configurable verification flow with backup contacts and optional legal review before release.
Secure Payments
Payments handled by Paddle with PCI-compliant processing. We never see your card details.
RUFADAA Aligned
Our processes align with digital asset inheritance laws for proper fiduciary access.
Frequently Asked Questions
How do I sign in securely?+
We use Google Firebase Authentication for all identity verification. Your password is never stored on our servers - instead, authentication tokens are signed with Google-managed keys and automatically rotated to prevent session hijacking. You can also sign in with Google OAuth for passwordless authentication.
Can I add multi-factor authentication (MFA)?+
Yes - SMS 2-Factor Authentication is available in your profile settings. Each login will require both your password and a one-time code sent to your phone. We're also working on hardware security key support (WebAuthn/FIDO2) for even stronger protection against SIM-swap attacks.
Is my data encrypted?+
Yes, your data is protected by multiple encryption layers. All traffic uses TLS 1.3 encryption in transit. At rest, your data is encrypted with AES-256 on Google Cloud infrastructure. Sensitive vault items use additional client-side encryption where only you hold the decryption key.
Can MemoryShield staff read my vault contents?+
No. Your vault items are encrypted with keys derived from your password. Our staff cannot access your encrypted data. We've implemented a zero-knowledge architecture where decryption only happens on your device.
How is access controlled?+
We use Firebase Security Rules with a least-privilege model. Users can only access their own data at /users/{uid}/... paths. All other requests are denied by default. Admin access is strictly limited and audited.
How do you handle payments?+
We never touch your card numbers. All payments are processed by Paddle, a Merchant of Record. Webhook signatures are verified using HMAC keys stored in Google Secret Manager before any payment event is processed.
How does the Verification Flow protect my trustees?+
When you miss a Life Check, MemoryShield initiates a multi-step verification process: extended monitoring period, backup contact notification, optional legal document verification (death certificate), and a final waiting period. Only after all active steps complete are your vault items released to verified trustees.
What is the Life Check system?+
Life Check is our automated wellness verification system. It sends periodic check-ins via email. If you don't respond within your configured deadline, MemoryShield begins the verification flow to ensure your digital assets reach your designated trustees when needed.
How are trustees verified?+
Trustees must confirm their identity through a single-use, cryptographically signed invitation link. They cannot access any vault items until the full verification flow completes and their identity is confirmed.
What compliance standards do you follow?+
Our inheritance release process is designed to align with the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA). We maintain audit logs of all access events and provide data export capabilities.