Shelter’s Security Protocols and Design
Everything you store in Shelter is accessible only to the people you choose – and no one else.
Your legacy, secured
Our security technology ensures only you and your Trusted Contacts can see what you store.
Shelter uses the same technology as your Password Manager. When you add something to your Shelter, it is encrypted before it’s even sent to our server. The only thing that can unlock it is your user account and the Trusted Contacts you’ve invited to access it.
We cannot see your data. Only you and your Trusted Contacts can.
How it Works
1. Your browser encrypts your data using your master password and AES-256 encryption methods.
2. The encrypted data is sent to our server and stored there. It can’t be read by our employees because we don’t know your password.
3. When you log in, your encrypted data is sent back to your web browser.
4. Using your master password, the data is decrypted by your web browser.
Zero-Knowledge Architecture
This is the core of our commitment. We adhere to a zero-knowledge security model, meaning that we can’t see, access, or decrypt your encrypted Shelter items.
Only you have the key — your unique master password — to unlock and decrypt your vault.
Recovery Code
When you register for your Shelter, you are given a one-time Recovery Code. Without this Recovery Code, you cannot reset your master password.
Your master password is never stored on our servers, and we cannot reset it for you.
Mandatory Re-Authentication
For your complete peace of mind, our security protocols are so strict that your session is designed to expire immediately upon closing or refreshing your browser window.
When you reload your browser, you are always prompted to re-enter your master password to decrypt your vault.
Securing Your Trusted Contacts
Your Trusted Contacts have view-only access to your Shelter, and follow the same security protocols as you. Their master password is also never stored on our servers.
When you invite a Trusted Contact:
- You can set when they have access to your Shelter: either once they are confirmed or after a time period you set
- They must accept the invitation to be your Trusted Contact
- You must provide a final confirmation to make them a Trusted Contact
If you invite your Trusted Contact to have immediate access, then they can view your Shelter as soon as they are confirmed.
If you set a time period for their access, then they must request access to your Shelter. If you do not respond to their request within the time period you set – in all likelihood, because you have died or are incapacitated – they are given access to your Shelter.
Frequently Asked Questions (FAQs)
Is Shelter secure?
Shelter’s platform is built upon a zero-knowledge architecture, meaning that we can’t see, access, or decrypt your encrypted Shelter items. You and your Trusted Contacts are the only people who hold the key to decrypt what’s in your Shelter.
How does Shelter’s security work?
Your master password secures everything that you add to your Shelter vault before it gets sent to our servers, and the only thing that can decrypt it is your master password.
What exactly gets stored on Shelter’s servers?
The items in your Shelter vault are stored as encrypted text that can only be decrypted and read by you and your Trusted Contacts.
Can you read the items in my Shelter?
No. The staff at Shelter cannot read the items in your Shelter; only you and your Trusted Contacts have the key to decrypt what you’ve stored. We cannot read what’s in your Shelter.
What happens if Shelter gets hacked?
We are deeply committed to protecting your data. In a worst case scenario where Shelter’s server were hacked, the attacker would only get the encrypted version of your data and it would still be protected by our strong AES-256 encryption, which would be unreadable without knowing your password.
How do I know that Shelter’s architecture is safe?
Shelter uses the same architecture and security best practices as top password managers.
Does Shelter require Multifactor Authentication (MFA)?
Yes. In order to access your Shelter, you will be prompted to enter a code sent to your email or from your chosen Authenticator application.
Can you reset my password for me?
The only way to reset your password is to use your Recovery Code (provided to you when you Register). Our employees cannot reset it for you because they simply don’t have the ability to due to our Zero Knowledge architecture.
How do I reset my password?
You must have your Recovery Code (provided to you when you Register) in order to reset your password.
How do my Trusted Contacts see what’s in my Shelter?
Because you have invited and confirmed them, your Trusted Contacts are able to decrypt and view the items in your Shelter.
What if I don’t want my Trusted Contacts to have immediate access to my Shelter?
When you invite a Trusted Contact, you can require them to request access to your Shelter when they need it, along with a time period for your review. If you do not respond to their access request (likely because you are unable), they will be given access to your Shelter.
If I die, what happens to my Shelter?
Your Shelter can be accessed by your Trusted Contacts. Your Shelter will stay open until your subscription ends, followed by a one year grace period. If your Trusted Contact wants to take over the account to renew it, they can add their credit card and extended the subscription.
Do you delete my information after my subscription ends?
Yes! Even though all of your data is encrypted and we can’t even read it, we still delete it from our servers once your subscription and the grace year period end.