Security

How We Protect Your Data

Your family's privacy is important to us. We use end-to-end encryption so that only you and your household members can read your data.

End-to-End Encryption

Sensitive information you store in EstateHelm is encrypted on your device before it reaches our servers.

Your data is encrypted with keys that only your devices can access. We don't have access to your encryption keys.

We store your encrypted data, but we can't read it. Only your registered devices can decrypt it, protected by biometrics when available.

We use AES-256-GCM, a well-established encryption standard used across the industry.

We use WebAuthn with your device's biometric security (Face ID, Touch ID, or Windows Hello) to derive your encryption keys:

Since encryption keys are device-bound, you need a backup way to recover your data:

During setup, you receive a recovery key. Keep it somewhere safe.

Write it down or store it in a password manager. We cannot recover it for you.

Your recovery key lets you set up EstateHelm on a new device if you lose access to your current one.

Your data is protected by multiple layers:

Your Household Data (contacts, documents, etc.)

↓ Encrypted with household keys

Household Keys (General, Financial, Security)

↓ Encrypted with your master key

Your Master Key (AES-256)

↓ Derived from biometric authentication

Face ID / Touch ID / Windows Hello

+ Recovery Key (backup)

We can't read your contacts, financial information, or documents

When you invite family members, they get their own encrypted access

We can't analyze or share your information because we can't see it

Keep your recovery key safe. If you lose your device and your recovery key, we cannot recover your data.

Start using EstateHelm today with our industry-leading encryption.