Now, there have been cases of seniors being conned into signing away power of attorney. If this is detected, how can the owner change the authorization?

And if used by seniors (I am one, OK) how can they remember the password/questions other than a password manager app (which requires a password) or printing them out and saving in a lockbox? And then there’s access to the key …

Anyway, granting access seems to be the entire point of this, and I didn’t see it addressed “job one” on a quick run through the website. Then again, I’m a senior …

We don’t use any "secret" internet triggers or remote unlock mechanisms, which are often vulnerable, difficult to test, or dependent on the existence of external infrastructure long after the user has passed. Instead, EchoVaults is fully offline and built on a human-first model of trust, clarity, and layered security.

Here’s how access works after death, step-by-step:

-1. Persistent Lock Screen Instruction (You Set This) During setup, EchoVaults lets you write a permanent message that stays visible on your phone’s lock screen.

This message should guide whoever finds your phone — for example:

“If I’m no longer around, please contact [Name]. They know how to access EchoVaults. Use the codeword: ‘River’.”

This is how your intent survives you, in a form any first responder or family member can understand without needing to unlock anything yet.

-2. They Must Unlock Your Phone (First Layer of Defense) EchoVaults doesn’t bypass or weaken your device’s native security.

The person you trust must already know your phone passcode. We don’t encourage storing or sharing this casually — but if you’re planning for emergencies or death, this is the only real-world viable method.

On both iOS and Android, over 90% of phone theft attempts fail precisely because this passcode layer is so difficult to break. In most jurisdictions, even Apple themselves can’t unlock a phone without a court order — and sometimes, not even then.

-3. EchoVaults: Status Check + Identity Challenge (Second Layer) Once the phone is unlocked and EchoVaults is opened:

The app prompts: “Are you the original user?” or “Has the user passed away?”

If the responder selects “User has passed away”, they’re presented with a 5-question identity challenge, created by you during setup.

These are not generic security questions — they are deeply personal ones only someone close to you can answer (e.g. “What nickname did my mom call me?” or “Where did I hide my emergency note in 2023?”).

You can optionally give this trusted person an encrypted PDF containing these questions and answers in advance, stored safely offline or physically printed.

-4. Access Level and Delayed Vault Reveal Once the correct answers are given:

The trusted person gains access only to the vaults you've marked as “Basic” — typically containing general guidance, will instructions, or useful information for your family.

For vaults marked “Sensitive”, access is delayed based on the wait period you choose — this could be 24 hours, or even weeks, months, or years.

For vaults marked as "Ultra-Sensitive" no one can see this except you, even when trusted person correctly answers your security questions, the vaults in this privacy level will never be visible to them.

After that wait period passes (and only if you don’t cancel the unlock, in case of false positive or mistaken access), the app reveals the sensitive vault.

The delay serves as a grace window: If you’re still alive and access was accidental, you can cancel it. If you’ve truly passed away, it proceeds in a dignified, secure, and planned way.

-Security Model EchoVaults was built with the following principles:

100% offline: No cloud, no syncing, no tracking, no server dependency. Your data stays on your device.

Tamper-resistant encryption: AES-256-GCM with PBKDF2 key derivation, same used in secure password managers and military-grade systems.

Human-readable recovery: All instructions are visible, understandable, and usable by your family or loved ones without technical knowledge.

This is how EchoVaults answers the hardest question: “If I’m gone, how will the people I love access what I left behind — and only them?” Without compromising on privacy, encryption, or simplicity.