Every architectural decision Genlocker makes — from key management to death certificate verification — is designed so that no single party, including us, can access your vault without proper authorization.
Your documents are encrypted on your device before upload. We store only ciphertext — data we mathematically cannot decrypt. This is not a policy; it is an architectural guarantee.
Vault unlock requires multiple independent keys combining simultaneously: a system-generated key AND one or more beneficiary-held keys. No single party can open your vault alone.
Access is released only upon verified official death certificate — not an email timeout, not self-reporting. A human reviews every submission. Fraud is actively caught.
Data at rest is protected with AES-256-GCM — the same standard used by the US government for classified information. All data in transit uses TLS 1.3.
Every access event — uploads, permission changes, verification steps, unlock attempts — is recorded in an append-only audit log. Nothing can be erased retroactively.
We're actively pursuing SOC 2 Type II certification. Until then, our security controls are designed to meet or exceed those requirements. We publish our progress transparently.
For the security engineers in the room.
| Property | Implementation |
|---|---|
| Encryption at rest | AES-256-GCM |
| Encryption in transit | TLS 1.3 (minimum) |
| Key derivation | PBKDF2-HMAC-SHA256, 600,000 iterations |
| Secret sharing | Shamir's Secret Sharing (threshold cryptography) |
| Authentication | Password + TOTP (RFC 6238) or passkey (FIDO2) |
| Password storage | Argon2id (not stored — used for key derivation only) |
| Data hosting | AWS (US regions only), SOC 2 compliant infrastructure |
| Backups | Encrypted, geographically redundant, daily snapshots |
| Penetration testing | Annual third-party pen test (reports published) |
| Vulnerability disclosure | Responsible disclosure program via security@genlocker.com |
| Death certificate verification | Human review + SSDMF cross-reference + fraud detection |
This is the most critical security process in Genlocker. We've designed it to be rigorous enough to prevent fraud, and fast enough to not burden a grieving family.
A beneficiary logs in and submits a certified copy of the official death certificate via our secure upload portal. All submissions are encrypted in transit.
A trained team member examines the certificate: issuing state or county, official seal, certificate number, registrar signature, and key data fields (name, date of birth, date of death).
We cross-reference submitted details against the Social Security Death Master File (via a third-party API) as a secondary automated check.
Automated fraud detection checks the document for signs of digital alteration, inconsistent fonts, or metadata anomalies. High-value vaults require notarized submissions.
Upon approval, our system releases its portion of the vault key. Combined with the beneficiary's held key, this unlocks the vault according to pre-set access rules.
Each beneficiary receives only the documents designated for them. Access events are logged. The vault owner's audit trail is permanently preserved.
We take security reports seriously and respond to them quickly. If you discover a potential vulnerability, please contact us before disclosing publicly.
security@genlocker.com