AngelPass is built on a single, unbreakable principle: we never hold your documents. We hold only one thing โ the password that unlocks your drive. But even that cannot be released alone. Your authentication code is held independently by our partner solicitor firm, and both are required before anything can be released. Neither party can act without the other.
Your will, your bank details, your insurance policies โ all of it lives on a physical USB drive that stays in your home. In a drawer, a safe, wherever you keep important things.
AngelPass never receives a copy of those files. We have no server containing your personal documents. In the event of a data breach of our systems, your documents are completely untouched โ because they were never with us in the first place.
The only thing we hold is the password that protects your USB drive. And even that is never stored whole.
"The files are yours. They stay with you. We are simply the trusted guardian of the key."
Where everything lives
Releasing your USB password requires two completely separate elements held by two completely independent parties. Neither can act alone.
AngelPass โ USB Password
Your USB password is held in AWS Secrets Manager โ Amazon Web Services' enterprise secrets management platform, used by HMRC, NHS Digital, and major UK financial institutions. Every access attempt is logged and audited. AngelPass staff cannot retrieve it without a verified death claim.
Solicitor Partner โ Authentication Code
Your authentication code is held independently by an SRA-regulated solicitor firm in their own secure vault โ entirely outside AngelPass's control. They operate under professional legal obligations and carry professional indemnity insurance. On a verified death claim, they confirm the code before the password is released. If AngelPass ever ceased trading, they retain the codes and can process all outstanding claims.
How release works
AngelPass holds the password. The solicitor holds the authentication code. Both are required โ and crucially, the solicitor is an independent, SRA-regulated firm with its own professional obligations and oversight. Even if AngelPass staff could technically access the password, they cannot release it without the solicitor independently confirming the authentication code is genuine. That confirmation requires a verified death claim and the solicitor's own due diligence. This is not just a technical control โ it is a legal and professional one, which makes it resistant to internal fraud, social engineering, and unauthorised pressure in a way that pure cryptography alone cannot achieve.
We have thought carefully about every edge case. Here is how the system holds up under pressure.
Scenario one
A malicious actor gains access to our systems and retrieves the USB password stored in our cloud vault.
What happens
They have the USB password. But the release process requires the authentication code held independently by our partner solicitor firm โ which the attacker does not have and cannot access. Without the code, the password cannot be legitimately released to anyone. Your drive remains locked. Your documents are safe.
Scenario two
The business ceases trading โ whether through insolvency, acquisition, or any other reason.
What happens
Our partner solicitors retain the authentication codes under a formal business continuity agreement. They write to all living customers and process all pending death claims in conjunction with the appointed successor.
Scenario three
A fraudulent claimant submits a forged death certificate and attempts to claim the password.
What happens
Our layered verification โ authentication code, certified death certificate, digital identity check via Thirdfort, and mandatory waiting period โ catches this. A forged certificate alone is not sufficient to release the password.
Scenario four
The person holding the authentication code predeceases the account holder, or dies before making the claim.
What happens
The estate's executor can make a claim with a Grant of Probate and full identity verification, even without the authentication code. This is a higher-verification pathway โ slower, but available.
Scenario five
The account holder cannot find their authentication code, or the nominated person cannot find it after the account holder's death.
What happens
During the account holder's lifetime: contact AngelPass, pass identity verification, and we will co-ordinate with the solicitor firm to issue a replacement code by post. An administration charge applies. The original code is immediately superseded.
After death: the claimant can make a claim via our alternative pathway, which requires a Grant of Probate plus full identity verification. This takes longer but ensures your family is never permanently locked out.
Scenario six
A subscription stops being paid โ either forgotten, or because the account holder has died.
What happens
We apply a 12-month grace period before any irreversible action. A lapsed subscription never automatically destroys a password. A pending death claim is always processed regardless of subscription status.
We operate in a space where people trust us with something deeply sensitive. These are not badges โ they are obligations we take seriously.
We are registered with the Information Commissioner's Office, the UK's independent data protection authority. We operate under full GDPR compliance โ including lawful basis for processing, data subject rights, and a formal Data Protection Impact Assessment covering our escrow service.
Registration No. C1969537Cyber Essentials is a UK government-backed certification scheme, independently assessed and verified. It confirms our systems meet the baseline security controls required to defend against the most common cyber attacks. Not self-certified โ externally audited.
Independently verifiedOur partner solicitor firm is regulated by the Solicitors Regulation Authority and carries professional indemnity insurance. Their involvement in the custody model means there is a regulated professional body with legal obligations in the chain โ not just AngelPass alone.
SRA regulated partnerAll death claim identity checks are processed through Thirdfort โ the same digital identity verification platform used by leading UK solicitor firms and estate agents. Photo ID, biometric checks, and proof of address, all handled to AML-compliant standards.
AML compliantThe death claim process is the most sensitive moment in the entire service. We have built a layered system of checks designed to catch fraud without making a terrible time even harder for genuine families.
Every layer serves a purpose. Every step is proportionate. And every claim is handled by a human being, not an automated system.
The unique code the deceased gave to their nominated person. The first and most important filter โ without it, the process does not begin.
An original or certified copy, verified digitally via Thirdfort or submitted by recorded post. Cross-referenced against our account records.
Government-issued photo ID and proof of address, processed via Thirdfort's AML-compliant digital verification โ the same standard used by solicitors and banks.
10โ14 working days (5 days on Premium). Time to complete checks, spot inconsistencies, and allow any dispute to be raised before the password is released.
On Premium and Family plans, our partner solicitor firm independently countersigns the release. A second set of professional eyes on every claim.
The USB password is released via encrypted secure message only โ never by email alone, never over the phone. Only to the verified nominated person.
No. Your USB password is held in AWS Secrets Manager, which requires multi-factor authentication and logs every access attempt. However, holding the password alone is not enough โ the authentication code held by our partner solicitor firm is also required before any release can be authorised. A rogue AngelPass employee would need to simultaneously compromise an independent, SRA-regulated solicitor firm. By design, no single person can do this.
Your USB drive uses AES-256 encryption โ the same standard used by HMRC and the Ministry of Defence. The password stored in our custody are encrypted at rest using AWS KMS (Key Management Service) and in transit using TLS 1.3. We do not use any proprietary or unverified encryption โ only industry-standard, independently validated algorithms.
On cancellation, we write to you confirming the cancellation and asking whether you wish us to destroy your password or return them to you directly. If we receive no response, we maintain a 12-month grace period before taking any irreversible action. We will never destroy a password without a clear instruction or the full grace period elapsing. You retain your USB drive and its contents regardless.
Yes โ under GDPR, you have the right to request a copy of all personal data we hold about you (a Subject Access Request). We hold your name, contact details, subscription information, the details of your nominated person(s), and the encrypted password . We do not hold copies of any documents stored on your USB drive. We will respond to all Subject Access Requests within 30 days.
We are required by GDPR to notify the ICO within 72 hours of becoming aware of any personal data breach, and to notify affected customers without undue delay where the breach is likely to result in a risk to their rights and freedoms. We will always be transparent about any incident. To date, we have had no reportable data breaches.
Yes. The USB drive is encrypted with AES-256 and protected by a password that only AngelPass (via split custody) can release. Without that password, the contents of the drive are unreadable โ even with specialist forensic equipment. The drive can be stored openly without concern, though we recommend keeping it somewhere safe as a matter of good practice.
Built for the moment your family needs it. Designed so nothing can go wrong.
ICO registered ยท Cyber Essentials certified ยท Solicitor partnered ยท 30-day money back guarantee