We protect your legacy. But we can never read it.
Most platforms promise they won't look at your data. Kintity is built so it's physically impossible for us to do so. Here is the complete journey of how we secure, monitor, and seamlessly transfer your legacy to your loved ones.
The “X-Ray” View
Type a secret below. Watch how your device scrambles it into unbreakable ciphertext before it ever travels to our servers.
The Golden Rule of Kintity
Your device locks the data. Your device holds the key. We act strictly as the delivery truck and the warehouse. If a hacker breaches our database, they only get meaningless mathematical noise.
You control the triggers.
Once your data is locked, you must tell our system when and how to deliver the keys to your beneficiaries. We call this the Release Policy Matrix.
The Inactivity Trigger
Often called a "Dead Man's Switch." If you do not log in or verify you are active for a configured period (e.g. 60 days), the system assumes you are incapacitated and initiates the release process.
Document Verification
Your beneficiary requests access and uploads legal proof (like a Death Certificate). Our administrators verify the document's authenticity before the automated system proceeds.
The Incubation Delay
Regardless of the trigger, you can set a mandatory waiting period (e.g. 7 days). If a trigger fires by mistake, you receive urgent alerts giving you time to cancel the release.
How beneficiaries get access.
If we don't know the password, how do your loved ones actually open the vault when the time comes? It's an automated cryptographic handover.
The Trigger Fires
Your configured rules are met (e.g. prolonged inactivity). The Incubation Delay period finishes without you canceling it.
The Trigger Fires
Your configured rules are met (e.g. prolonged inactivity). The Incubation Delay period finishes without you canceling it.
Secure Notification
Our system sends an SMS and Email to the beneficiary contact details you provided. This is why we keep their phone number unencrypted, while keeping the vault contents fully locked.
Secure Notification
Our system sends an SMS and Email to the beneficiary contact details you provided. This is why we keep their phone number unencrypted, while keeping the vault contents fully locked.
Beneficiary Verification
The beneficiary clicks the claim link. They must prove their identity using a Passkey (FaceID / Fingerprint) or by answering the security question you established for them earlier.
Beneficiary Verification
The beneficiary clicks the claim link. They must prove their identity using a Passkey (FaceID / Fingerprint) or by answering the security question you established for them earlier.
Local Decryption
Once verified, our servers release the scrambled data and the Wrapped Key to their device. Their device unwraps the key and decrypts the files locally. We never see the files during the hand-off.
Local Decryption
Once verified, our servers release the scrambled data and the Wrapped Key to their device. Their device unwraps the key and decrypts the files locally. We never see the files during the hand-off.
Answering the tough questions.
Where are my actual files stored?
We use enterprise-grade storage providers. They only store locked, scrambled boxes. Those providers cannot read your files.
Why use Passkeys instead of passwords?
Passwords can be guessed, phished, or stolen. Passkeys use your device's native security checks to confirm the person accessing the vault is physically holding the authorized device.
If I lose my phone, can support recover my files?
No. This is our privacy guarantee in practice. Because we never hold your key, our support team physically cannot unlock your vault. During setup we provide emergency recovery kits so you are never permanently locked out.
If you're zero-knowledge, how do you notify my beneficiary?
We separate the data. Vault contents (documents, notes, credentials) are encrypted. The Trigger Rules and Beneficiary contact details are kept in standard form so our automated system knows who to alert when conditions are met.