How it works Security Pricing After death FAQ Get Your AngelPass
Security & trust

Your files never leave
your home.

AngelPass is built on a single, unbreakable principle: we never hold your documents. We hold only one thing โ€” the password that unlocks your drive. But even that cannot be released alone. Your authentication code is held independently by our partner solicitor firm, and both are required before anything can be released. Neither party can act without the other.

๐Ÿ“‹ICO Registered
๐Ÿ›ก๏ธCyber Essentials Certified
โš–๏ธSolicitor Partnered
โ˜๏ธAWS Secure Cloud Vault
๐Ÿ”’GDPR Compliant
The foundation

We never see your documents. Ever.

Your will, your bank details, your insurance policies โ€” all of it lives on a physical USB drive that stays in your home. In a drawer, a safe, wherever you keep important things.

AngelPass never receives a copy of those files. We have no server containing your personal documents. In the event of a data breach of our systems, your documents are completely untouched โ€” because they were never with us in the first place.

The only thing we hold is the password that protects your USB drive. And even that is never stored whole.

"The files are yours. They stay with you. We are simply the trusted guardian of the key."

Where everything lives

๐Ÿ 
Your USB drive โ€” in your home All your documents, encrypted and password-protected. We never see these.
โ˜๏ธ
Your USB password โ€” AngelPass Held in encrypted cloud storage via AWS Secrets Manager. Every access attempt is logged and audited.
๐Ÿ”‘
Your authentication code โ€” our partner solicitors Held independently by an SRA-regulated firm in their own secure vault. AngelPass cannot access it.
๐Ÿ“ฎ
Your physical code card โ€” with you Issued to you by post at setup. You pass it to whoever you trust to act after your death.
๐Ÿ”“
Password released only on verified death Code confirmed by solicitors. Password released by AngelPass. Both parties required. No exceptions.
Two custodians. No single point of failure.

Two independent parties. Both required.

Releasing your USB password requires two completely separate elements held by two completely independent parties. Neither can act alone.

โ˜๏ธ

AngelPass โ€” USB Password

AWS Secrets Manager

Your USB password is held in AWS Secrets Manager โ€” Amazon Web Services' enterprise secrets management platform, used by HMRC, NHS Digital, and major UK financial institutions. Every access attempt is logged and audited. AngelPass staff cannot retrieve it without a verified death claim.

๐Ÿ”
โš–๏ธ

Solicitor Partner โ€” Authentication Code

Our partner solicitor firm

Your authentication code is held independently by an SRA-regulated solicitor firm in their own secure vault โ€” entirely outside AngelPass's control. They operate under professional legal obligations and carry professional indemnity insurance. On a verified death claim, they confirm the code before the password is released. If AngelPass ever ceased trading, they retain the codes and can process all outstanding claims.

How release works

Authentication code confirmed. Password released. Both required.

๐Ÿ”‘ Authentication code presented
โ†’
๐Ÿ“„ Death certificate verified
โ†’
๐Ÿชช Identity confirmed
โ†’
๐Ÿ”“ Password released

AngelPass holds the password. The solicitor holds the authentication code. Both are required โ€” and crucially, the solicitor is an independent, SRA-regulated firm with its own professional obligations and oversight. Even if AngelPass staff could technically access the password, they cannot release it without the solicitor independently confirming the authentication code is genuine. That confirmation requires a verified death claim and the solicitor's own due diligence. This is not just a technical control โ€” it is a legal and professional one, which makes it resistant to internal fraud, social engineering, and unauthorised pressure in a way that pure cryptography alone cannot achieve.

Resilience built in

What if something goes wrong?

We have thought carefully about every edge case. Here is how the system holds up under pressure.

Scenario one

AngelPass is hacked

A malicious actor gains access to our systems and retrieves the USB password stored in our cloud vault.

What happens

They have the USB password. But the release process requires the authentication code held independently by our partner solicitor firm โ€” which the attacker does not have and cannot access. Without the code, the password cannot be legitimately released to anyone. Your drive remains locked. Your documents are safe.

Scenario two

AngelPass closes down

The business ceases trading โ€” whether through insolvency, acquisition, or any other reason.

What happens

Our partner solicitors retain the authentication codes under a formal business continuity agreement. They write to all living customers and process all pending death claims in conjunction with the appointed successor.

Scenario three

Someone fakes a death certificate

A fraudulent claimant submits a forged death certificate and attempts to claim the password.

What happens

Our layered verification โ€” authentication code, certified death certificate, digital identity check via Thirdfort, and mandatory waiting period โ€” catches this. A forged certificate alone is not sufficient to release the password.

Scenario four

The nominated person also dies

The person holding the authentication code predeceases the account holder, or dies before making the claim.

What happens

The estate's executor can make a claim with a Grant of Probate and full identity verification, even without the authentication code. This is a higher-verification pathway โ€” slower, but available.

Scenario five

The authentication code is lost

The account holder cannot find their authentication code, or the nominated person cannot find it after the account holder's death.

What happens

During the account holder's lifetime: contact AngelPass, pass identity verification, and we will co-ordinate with the solicitor firm to issue a replacement code by post. An administration charge applies. The original code is immediately superseded.

After death: the claimant can make a claim via our alternative pathway, which requires a Grant of Probate plus full identity verification. This takes longer but ensures your family is never permanently locked out.

Scenario six

The subscription lapses

A subscription stops being paid โ€” either forgotten, or because the account holder has died.

What happens

We apply a 12-month grace period before any irreversible action. A lapsed subscription never automatically destroys a password. A pending death claim is always processed regardless of subscription status.

Regulation & certification

Compliance is not optional for us.

We operate in a space where people trust us with something deeply sensitive. These are not badges โ€” they are obligations we take seriously.

๐Ÿ“‹

ICO registered โ€” GDPR compliant

We are registered with the Information Commissioner's Office, the UK's independent data protection authority. We operate under full GDPR compliance โ€” including lawful basis for processing, data subject rights, and a formal Data Protection Impact Assessment covering our escrow service.

Registration No. C1969537
๐Ÿ›ก๏ธ

Cyber Essentials certified

Cyber Essentials is a UK government-backed certification scheme, independently assessed and verified. It confirms our systems meet the baseline security controls required to defend against the most common cyber attacks. Not self-certified โ€” externally audited.

Independently verified
โš–๏ธ

Solicitor-partnered & SRA oversight

Our partner solicitor firm is regulated by the Solicitors Regulation Authority and carries professional indemnity insurance. Their involvement in the custody model means there is a regulated professional body with legal obligations in the chain โ€” not just AngelPass alone.

SRA regulated partner
๐Ÿชช

Identity verification via Thirdfort

All death claim identity checks are processed through Thirdfort โ€” the same digital identity verification platform used by leading UK solicitor firms and estate agents. Photo ID, biometric checks, and proof of address, all handled to AML-compliant standards.

AML compliant
When a claim is made

A layered verification process โ€” not a single document check.

The death claim process is the most sensitive moment in the entire service. We have built a layered system of checks designed to catch fraud without making a terrible time even harder for genuine families.

Every layer serves a purpose. Every step is proportionate. And every claim is handled by a human being, not an automated system.

1

Authentication code

The unique code the deceased gave to their nominated person. The first and most important filter โ€” without it, the process does not begin.

2

Certified death certificate

An original or certified copy, verified digitally via Thirdfort or submitted by recorded post. Cross-referenced against our account records.

3

Claimant identity check

Government-issued photo ID and proof of address, processed via Thirdfort's AML-compliant digital verification โ€” the same standard used by solicitors and banks.

4

Mandatory waiting period

10โ€“14 working days (5 days on Premium). Time to complete checks, spot inconsistencies, and allow any dispute to be raised before the password is released.

5

Solicitor countersignature (Premium)

On Premium and Family plans, our partner solicitor firm independently countersigns the release. A second set of professional eyes on every claim.

6

Encrypted password delivery

The USB password is released via encrypted secure message only โ€” never by email alone, never over the phone. Only to the verified nominated person.

Security questions

Common questions about how we keep you safe

Could a rogue employee at AngelPass access my password? +

No. Your USB password is held in AWS Secrets Manager, which requires multi-factor authentication and logs every access attempt. However, holding the password alone is not enough โ€” the authentication code held by our partner solicitor firm is also required before any release can be authorised. A rogue AngelPass employee would need to simultaneously compromise an independent, SRA-regulated solicitor firm. By design, no single person can do this.

What encryption does AngelPass use? +

Your USB drive uses AES-256 encryption โ€” the same standard used by HMRC and the Ministry of Defence. The password stored in our custody are encrypted at rest using AWS KMS (Key Management Service) and in transit using TLS 1.3. We do not use any proprietary or unverified encryption โ€” only industry-standard, independently validated algorithms.

What happens to my data if I cancel my subscription? +

On cancellation, we write to you confirming the cancellation and asking whether you wish us to destroy your password or return them to you directly. If we receive no response, we maintain a 12-month grace period before taking any irreversible action. We will never destroy a password without a clear instruction or the full grace period elapsing. You retain your USB drive and its contents regardless.

Can I see what data AngelPass holds about me? +

Yes โ€” under GDPR, you have the right to request a copy of all personal data we hold about you (a Subject Access Request). We hold your name, contact details, subscription information, the details of your nominated person(s), and the encrypted password . We do not hold copies of any documents stored on your USB drive. We will respond to all Subject Access Requests within 30 days.

Has AngelPass ever had a data breach? +

We are required by GDPR to notify the ICO within 72 hours of becoming aware of any personal data breach, and to notify affected customers without undue delay where the breach is likely to result in a risk to their rights and freedoms. We will always be transparent about any incident. To date, we have had no reportable data breaches.

Is the USB drive itself secure if someone finds it? +

Yes. The USB drive is encrypted with AES-256 and protected by a password that only AngelPass (via split custody) can release. Without that password, the contents of the drive are unreadable โ€” even with specialist forensic equipment. The drive can be stored openly without concern, though we recommend keeping it somewhere safe as a matter of good practice.

Security that works when it matters most.

Built for the moment your family needs it. Designed so nothing can go wrong.

ICO registered ยท Cyber Essentials certified ยท Solicitor partnered ยท 30-day money back guarantee