How Secure Is My Vault?

How Secure Is My IronClad Family Vault?

Your vault is built with the same mindset we use for our own families: assume attackers are creative, assume people are busy, and design for both. IronClad Family was envisioned, designed, and built by cybersecurity experts from the ground up — using security standards that surpass many banks, credit card companies, and even most departments of the federal government.

?  Zero-Knowledge Encryption — The Feature No Competitor Can Match

IronClad Family is the only company of our kind that uses End-to-End Zero-Knowledge Encryption. This means we never have access to your information — not our engineers, not our support team, not anyone at IronClad Family. The best way to never reveal a secret is to never know the secret. We designed our entire system around that principle.

Most platforms encrypt your data in transit but decrypt it on their servers — meaning their staff can technically read your files. IronClad Family works completely differently:

• Your documents are encrypted in transit and at rest.
• Decryption keys are tied to your account credentials and recipient passphrases — not our servers.
• Only you and the recipients you authorize can ever unlock your content.
• Even if IronClad Family’s servers were ever compromised, your files would remain completely unreadable.

The Highest Independent Security Scores

IronClad Family consistently scores higher than every other civilian website in third-party, independent security ratings. In fact, only the CIA and FBI rank higher in security than we do.

We don’t just claim to know security — we have spent three decades in the security industry and hold worldwide-recognized security certifications to prove it. Our platform is independently verified by Trust Guard and Norton SafeWeb, scanned daily for active threats.

Ongoing Security Checks & Monitoring

Security is not a one-time event. Our systems are continuously monitored and tested:

• Daily security scans — our site is scanned every day for vulnerabilities and misconfigurations.
• OWASP Top 10 testing — we test all the way down to our source code against the global gold standard for web application security, covering broken authentication, sensitive data exposure, broken access control, and more.
• Rolling data integrity checks — cryptographic hashing before and after every upload, download, and transfer ensures your data is never corrupted and always exactly as you stored it.
• Infrastructure monitoring — all systems and third-party services are monitored and patched promptly.

Geographically Dispersed Backup Sites

Your data is backed up across multiple “hot sites” spread throughout the United States, always ready to take over instantly if anything happens to the primary site. A hurricane, tornado, or earthquake in one region cannot affect the other sites. Your family’s documents are always available, always protected, and always exactly as you stored them.

Compliant with All Major Security Standards

We don’t pick one compliance standard. We comply with all of them:

• HIPAA — Health Insurance Portability and Accountability Act
• GDPR — Europe’s General Data Protection Regulation
• CCPA — California Consumer Privacy Protection Act
• CCRA — California Consumer Rights Act
• ADPPA — American Data Privacy Protection Act (future compliant)

We stay ahead of proposed legislation so your family is never left behind.

Your Data, Your Control

Security is not just what we do on our end. You remain in full control at all times:

• You decide who your recipients are (up to 4 per vault, unlimited vaults).
• You decide which folders or documents each person can see.
• You decide when access is granted — by date, by event, or manually.
• You decide whether to share a preview before delivery, and whether recipients see file names only or full content.
• Once delivered, your vault is permanently locked — no one can alter your wishes.