Security model
Legacy Toolkit is designed around a local encrypted vault, optional encrypted cloud sync, and explicit section-level sharing. The goal is simple: your private legacy planning data should stay readable to you, protected by default, and shared only when you choose.
Local-first vault
The primary vault lives on the device and is designed to remain useful offline. Device unlock, biometric access, and PIN controls sit in front of everyday use, while the vault keeps practical records such as financial notes, identity documents, medical contacts, family instructions, and digital account references together.
Local-first does not mean the device is invincible. A compromised operating system account, unlocked device, or weak recovery path can still put local data at risk, so device security remains part of the model.
Encryption and sync
Cloud sync is optional. When enabled, the app prepares encrypted profile data before upload, so the server stores encrypted blobs, sync metadata, and sharing envelopes rather than becoming the source of truth for vault plaintext.
The technical model uses AES-256-GCM for authenticated section encryption, random nonces for section payloads, and local key wrapping tied to the device credential boundary.
Sharing
Sharing is scoped by section. A trusted person can receive selected context without receiving the whole vault, and recipient envelopes protect the section keys needed for that access. Activity history helps show when shared access has been used.
This is intended for controlled handoff of practical information, not public file sharing. You choose what is shared, who receives it, and when the surrounding plan should be reviewed.
Limits
- Cloud sync and sharing may expose account, timing, and operational metadata even when content is encrypted.
- Recovery paths, passwords, email accounts, and trusted-contact choices still need careful upkeep.
- Legacy Toolkit organizes practical records; it does not replace legal, financial, medical, or security advice.