Independently audited. Not just independently claimed.
Your family trusts you with their most sensitive information — wills, healthcare directives, financial credentials. We're committed to protecting it with the highest standards in the industry. If a provider can't produce their SOC 2 report, ask why.
- SOC 2 Type II certified
- 256-bit AES encryption
- Zero-knowledge architecture
SOC 2 Type II
Independently audited & certified
HIPAA Aligned
Health information privacy standards
GDPR Compliant
Full EU data protection compliance
256-bit AES
Military-grade encryption at rest
Security Built Into Every Layer
We don't bolt security on as an afterthought. It is engineered into the platform from the ground up.
End-to-End Encryption
Every file and document you store is encrypted with 256-bit AES before it is written to disk. Data is also encrypted in transit using TLS 1.3 — the same standard used by banks. Your vault content is double-encrypted: once at the application layer and again at the storage layer.
Zero-Knowledge Architecture
Your vault content is encrypted with keys derived from your credentials. Custodium Vault employees cannot read, access, or view your stored documents — ever. Even in the event of a data breach at our infrastructure level, your content remains unreadable.
SOC 2 Type II Certified
Our security controls are independently audited by a third-party CPA firm every year. SOC 2 Type II is the gold standard for cloud security — it verifies not just that our policies exist, but that we follow them consistently over time. Ask any provider that claims to be secure: can they produce their report?
Geo-Redundant Infrastructure
Your data is stored in data centres located in the United States, with automatic geo-redundant backups. If a server goes down, your vault remains accessible. We maintain 99.9% uptime and use enterprise-grade cloud infrastructure with continuous monitoring.
Multi-Factor Authentication
We require and support multi-factor authentication (MFA) on all accounts. Every login attempt is verified, session tokens are rotated regularly, and suspicious activity triggers immediate alerts. You are notified any time someone accesses your vault.
Penetration Testing & Audits
We commission independent security researchers to conduct penetration testing at least annually. Vulnerabilities are triaged and remediated on a strict timeline. We also perform internal security reviews, dependency scanning, and code analysis on every release.
The Questions You Should Be Asking Every Provider
We believe in radical transparency. Here are the hard questions — and our honest answers.
Who can see my vault content?
Only you — and only the trusted contacts you explicitly authorise, with only the permissions you grant. Custodium Vault employees cannot access your stored documents.
Where is my data stored?
By default, your data is stored on servers in the United States. We do not transfer personal data across jurisdictions without your knowledge.
What happens if I delete my account?
Your vault content and personal data are permanently deleted from our production systems within 30 days and from encrypted backups within 90 days.
How do you handle a security incident?
We have a formal incident response plan. If a breach affecting your data occurs, we will notify you within 72 hours, explain what happened, and detail the steps we are taking to remediate it.
Can I request your SOC 2 report?
Yes. Registered account holders and enterprise customers can request a copy of our most recent SOC 2 Type II report by emailing hello@custodiumvault.com.
Your Legacy Deserves Bank-Level Protection
Every document, every credential, every wish — protected by the same standards used by financial institutions.
- SOC 2 Type II certified
- 256-bit AES encryption
- Cancel anytime