Questions about trust, security, and sustainability.
No. Encryption and decryption happen entirely in your browser using the Web Crypto API. The server only ever receives and stores ciphertext — encrypted blobs that are meaningless without your private key. That key never leaves your device during setup and is never transmitted to, stored on, or accessible by any IfGone system. Without physical possession of your metal plate or printed QR code, nobody — including us — can decrypt your vault.
No. IfGone is not a legal document and has no legal standing as a will or testament. It is a secure digital vault for storing information your loved ones may need after you're gone. For those who already have a will, IfGone can store a digital copy alongside a note indicating where the signed original is kept — your solicitor's office, a safe deposit box, or another secure location. For those without a will, IfGone provides a non-enforceable way to express wishes and document intentions, but this should not be confused with the legal protection a proper will provides. We strongly encourage everyone to create a formal will with a qualified legal professional.
IfGone charges a single one-time payment of £99 when you create your vault. There are no recurring fees, no annual charges, and no premium tiers. The business model is deliberately simple: a single payment covers the lifetime cost of storing your encrypted data. Because the service stores only opaque encrypted blobs — no indexing, no search, no processing — the per-user hosting cost is extremely low. We don't need to fund a growing team of support staff or maintain complex infrastructure.
Each vault has 10 encrypted slots, and each slot holds up to 10 MB — 100 MB total across your vault. Plain text compresses extremely well: 10 MB is roughly 10 million characters, which is enough for thousands of passwords, dozens of lengthy documents, or hundreds of pages of instructions. For binary files like PDFs or images, you have the full 10 MB per slot. Most users find that a few text-based slots cover everything their executors would need.
Plain text will almost always be readable. File formats change, the applications needed to open them get retired, and the hardware to read them becomes unavailable. Think about cassette tapes — 30 years ago they were everywhere, and today finding a player is nearly impossible. The same happens with digital formats: WordPerfect files, Flash content, and proprietary databases from just a decade or two ago are often difficult or impossible to open. Plain text has no such dependency. It works on every device, in every operating system, and will continue to work for decades without any special software. When the information in your vault matters most — when your executors need it — simplicity and reliability are more important than formatting.
The main running costs are server hosting, encrypted blob storage, SSL certificates, and domain registration. These are minimal by design: the architecture avoids databases, search indexes, and compute-heavy operations. The server receives ciphertext, stores it, and serves it back — nothing more. Because costs per user are so low, the one-time payment from each user comfortably covers their lifetime storage. Revenue from new users funds ongoing infrastructure for all. As long as people need to protect their families' access to critical information, the service sustains itself.
During vault setup, your browser generates a QR code containing your encrypted private key and produces a printable PDF. You can print this at home and store it securely — a printed QR in a fireproof safe is excellent protection. Alternatively, we offer metal plates etched with your QR code, produced in-house with no third-party printing service, external facility, or intermediary that could intercept or retain a copy of your key material. Producing plates internally is a deliberate security decision: it closes the one gap where outsourcing would introduce trust.
Your private key exists in exactly two places: temporarily in your browser's memory during the initial setup, and permanently encoded in the QR code on your physical token (metal plate or printed QR). The key is never saved to disk, never sent to the server, never written to any database, and never passed through any third-party system. Once your browser session ends after setup, the private key exists nowhere in digital form — only on your physical token. By manufacturing plates in-house and generating QR codes entirely in your browser, we eliminate the risk that an external provider could intercept, log, or retain a copy. The token is the key. If it's destroyed, the data is gone forever — and that's by design.
We cannot decrypt your data — not for you, not for us, not for anyone. Your private key is never transmitted to our servers and is never stored in any form we can access. All we hold is ciphertext: encrypted blobs that are mathematically impossible to reverse without the private key on your physical token. We also do not require your real name or address to create a vault. If you order a metal plate, we need a delivery address — but once you confirm receipt, that address is anonymised and only a record of the transaction remains for accounting purposes. The only information we could provide to authorities through proper legal channels is limited to slot labels, data sizes, and last-updated dates. We have no access to the contents of your vault, no copy of your private key, and no ability to decrypt anything — by design.
IfGone currently runs on AWS, which provides multi-region redundancy, automated failover, and the kind of infrastructure resilience that only operates at global scale. This gives your data a level of durability and availability that would be impractical to replicate independently. As IfGone grows, the plan is to acquire property and establish self-hosted secondary infrastructure that could take over hosting if AWS were ever compromised, suffered a prolonged outage, or became unavailable for any reason. The long-term goal is hardware under our direct control, powered by locally maintained renewable energy sources — reducing dependence on any single cloud provider while keeping running costs close to zero. This isn't about replacing AWS, but about ensuring there is always a fallback path that doesn't rely on any external party.