Why LegaKeep Is Safer Than the Alternatives
We will probably be hacked one day. What matters is what happens after.
We will probably be hacked one day
This is the reality no one says out loud in the digital vault industry. France's tax authority was hacked. Banks have been hacked. Telecom operators, hospitals, city halls - all hacked. Hacking is not a security failure. It is a constant of our era.
What distinguishes a serious service from a careless one is not hack prevention - it's what the hacker gets when they succeed.
With most services: your documents in plain text. With LegaKeep: digital noise, mathematically impossible to read without your passphrase.
The 5 trust pillars
1. Zero-knowledge encryption
Your passphrase is transformed into an encryption key on your device using the Argon2id algorithm. This key protects every document with AES-256-GCM. Our servers never receive your key, never store it, can never reconstruct it. This is a technical impossibility, not a commercial promise.
2. Verifiable source code
We will publish the encryption module's source code so security experts worldwide can verify it. No other French digital vault does this. Others ask you to trust their institution. We offer you mathematical proof.
3. Certifications
We are pursuing ISO 27001 (information security), then NF Z42-020 (French legal standard for digital vaults). These are the same standards held by market leaders. But a certification tells you our processes are sound. Our published code tells you our math is sound. We rely on both.
4. Data portability
Your documents are yours. Export is free, always, no conditions. You can download your entire vault as a ZIP or authorize your notaire to receive a copy. If LegaKeep closes tomorrow, your documents remain accessible.
No other French digital vault clearly communicates what happens to your data if they disappear.
5. Emergency access
Configured before the crisis, not after. Your trusted contact accesses the documents you chose, with a safety delay and dispute rights. In case of death, no forms to fill out, no administrative delays. Other services require a death certificate and manual verification with no guaranteed timeline.
Why the giants don't do what we do
The most common question: "If zero-knowledge encryption is so effective, why don't the bigger services use it?"
Because they can't. Their technical model forbids it.
An HR vault that automatically receives your payslips from your employer must be able to write to your vault without your key. This rules out zero-knowledge encryption by design.
A cloud storage service that indexes your files for search must be able to read their contents. Zero-knowledge encryption would make search impossible.
A notary vault where the profession acts as trusted custodian must have access to documents to fulfill their legal mandate.
These services are not careless. They made an architectural choice that excludes zero-knowledge. To add it, they would need to rebuild their product from scratch - and break their business model in the process.
LegaKeep was designed differently from the start. Document classification happens on your device, not on our servers. This foundational choice is what makes zero-knowledge encryption possible.
Comparison
| HR Payslip Vault | Succession Service | Notary Vault | LegaKeep | |
|---|---|---|---|---|
| Encryption | AES-256, server key | "Full encryption" | Not disclosed | AES-256-GCM, client key |
| Key holder | The service | The service | The profession | You only |
| Emergency access | Manual, bureaucratic | Post-mortem only | Post-mortem only | Pre-configured, cryptographic |
| Family vault | No | No | No | Yes - 5 roles |
| Data export | Partial | Not disclosed | Not disclosed | Full ZIP, free |
| Source code | No | No | No | Publication planned |
Competitor names are intentionally omitted. Characteristics are verifiable on the official websites of the services concerned.
Let's be honest
Here is what LegaKeep doesn't have yet:
- Certifications: in preparation. ISO 27001 first, NF Z42-020 second.
- Large user base: we are in beta. Our first users are testing us in real conditions.
- Institutional backing: no major postal service, no notary federation. We build credibility through technical transparency, not brand authority.
This honesty is intentional. A service that hides its weaknesses is not worthy of your most important documents. A service that acknowledges them and progressively addresses them - that is.
From Stéphane Eloit, founder of LegaKeep
When I designed LegaKeep, I faced an architectural choice. Standard encryption - where the server holds the key - is simpler to build. It enables convenient features: full-text search, automatic employer integrations, server-side classification.
I chose the other path. Zero-knowledge encryption is harder to build. Classification must happen on the user's device. Some features become impossible. But in exchange, we can say something no competitor can: we technically cannot read your documents.
For a vault that stores wills, life insurance policies, property deeds, and medical records, this guarantee is the only one that matters. Not the company's size. Not the number of certifications. The mathematical certainty that even we cannot betray your trust.
Protect your documents with France's only zero-knowledge family vault:
Organize my documents for free →