Built for professionals
who take client trust
seriously.

Holdfast is operated by Nexus-Sectech Ltd, a company registered in England and Wales (Company No. 17126982). Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We are registered with the Information Commissioner's Office (ICO) under registration reference ZC120755 as a data controller.

We are a small, focused team. Holdfast is our primary product. We are not a venture-funded company chasing growth at the expense of user trust. The service is built to last — and to keep working when users cannot.

The term "zero-knowledge" is frequently misused in the industry. Here is precisely what it means on Holdfast and what it means for your liability as a solicitor.

Your client's vault is encrypted in their browser using AES-256-GCM before it leaves their device. The encryption key is derived from their passphrase. That passphrase is never transmitted to our servers and never stored by us — not in hashed form, not in any form.

This means: we hold ciphertext. We cannot read it. We cannot be compelled to produce readable contents because we do not possess them. A court order served on Holdfast for vault contents would yield encrypted data that is computationally infeasible to break.

What this means for you. Your firm cannot be held to have stored, transmitted, or had access to client credentials or sensitive personal information. You receive the same encrypted package every other recipient receives. Decryption requires the passphrase — which your client shares with you through a secure offline channel of your choosing (sealed letter, in-person handover, or similar).

Your Firm dashboard shows metadata only. At no point do you have access to vault contents.

You can see: connected clients, their check-in status (Active, Due soon, Overdue, Triggered), last check-in date, next check-in due date, check-in frequency, and number of recipients.

You cannot see: vault contents, individual entries, recipient identities beyond count, passphrase, or any encrypted data.

When a client's vault is delivered — triggered by missed check-ins — you receive an operational notification confirming the delivery has occurred. You do not receive the vault contents themselves; those are sent only to the recipients the client has explicitly named.

You are automatically added as a protected recipient the moment a client accepts your invitation. They cannot remove you. This ensures the firm relationship is always visible in the client's vault — but on delivery, you receive an operational notification only, not the vault contents.

Scope of delivery. The client's vault is delivered to the recipients they have explicitly named. Your firm relationship governs operational oversight — check-in monitoring, delivery alerts, dashboard visibility — not content access.

When you invite clients to connect their vault to your Firm account, you act as an independent data controller in respect of the client connection records stored on your dashboard. Holdfast acts as a processor of that data on your behalf.

What this means practically: you should disclose to clients, as part of your standard engagement or estate planning documentation, that you are connecting their Holdfast vault to your firm account and that you will be added as a recipient. Most solicitors do this naturally as part of a letter of engagement or will-drafting instruction.

GDPR Article 28 — Data Processing Agreement. If your firm or its compliance officer requires a formal Data Processing Agreement (DPA) before adopting Holdfast, we will provide one. Contact us at [email protected] with the subject line "DPA Enquiry".

Regulatory bodies. If you are regulated by the Solicitors Regulation Authority (SRA), Law Society, or another body, we recommend confirming that your use of Holdfast aligns with your regulatory obligations around client data. The zero-knowledge architecture means your firm never holds client credentials — a material distinction for most regulatory frameworks.

This is a reasonable question for any solicitor conducting due diligence on a service they intend to recommend to clients. Here is our honest answer.

Vault data is durable. Because vaults are zero-knowledge encrypted, the ciphertext is portable. In the event of service closure, we commit to providing all users with a data export of their encrypted vault before the service is terminated, with a minimum of 90 days' notice.

The dead man's switch depends on the service. Check-in monitoring and triggered delivery require the service to be running. If Holdfast ceases trading, we would issue a final "service closing" notification to all users and deliver vaults to their nominated recipients at the time of closure, on an opt-in basis.

Your clients' passphrase arrangements are offline. Any passphrase that a client has shared with you through a sealed letter or in-person handover remains valid regardless of Holdfast's operational status. The encrypted data, once delivered, can be decrypted with the passphrase using standard AES-256-GCM tooling independently of any Holdfast system.

Holdfast runs on a stack of established, UK/EU-compliant infrastructure providers. We do not build our own data centres or operate our own mail servers.