Most encryption protects your data from outsiders. Zero-knowledge protects it from everyone — including the company that stores it.
Encrypted for your trustees, not for us
When you save a Zero-Knowledge (ZK) secret in Testamently, it is encrypted so that only your designated trustees can ever decrypt it. Not us. Not an attacker who breaches our servers. Not even you, after you save it.
Why "write-only" is a feature, not a bug
ZK secrets cannot be read back by you once saved. That surprises people — but it is intentional. Some things should only ever be opened once you are gone:
- A final letter to your family
- An account you never want readable in the meantime
- Instructions that should stay sealed until the trigger fires
How it works under the hood
Each ZK secret's data key is wrapped to your trustees' personal public keys at the moment you save it. When the vault triggers, only they hold the private key needed to unwrap and decrypt it — in their own browser, never on our servers.
When to use it
For everyday items, Regular or Premium protection is the right balance of security and convenience. For the few things that are truly final, Zero-Knowledge is the strongest promise we can make. Assign two or more trustees to a ZK secret as a safety net.