Legacy Toolkit

Resources / Guide 05 / Security guide

Encrypted Document Vault

An encrypted document vault should protect sensitive files while keeping them understandable. Privacy alone is not enough if nobody can tell why a document matters.

Use this when documents are spread across drives, email, paper folders, and cloud accounts.

What this guide covers

This guide is written as a practical reference for New Zealand families organizing private records before they become urgent. It focuses on the details that make a plan understandable to someone who may need to act quickly and carefully.

  • Security and organization need to work together.
  • Documents should support specific records, not live in a mystery folder.
  • Sharing should expose context selectively.

Organize documents around decisions

Estate papers, policies, statements, IDs, healthcare directives, and business records become more useful when they sit beside the profile details they support.

  • Label what a file proves
  • Tie documents to accounts, assets, wishes, or contacts
  • Keep old versions from becoming the apparent source of truth

Prefer local-first encryption

A local encrypted vault keeps the primary copy under your control. Sync can still be useful when encrypted data is prepared before it leaves the device.

  • Protect the device and operating system account
  • Understand what is encrypted before upload
  • Keep independent backups for critical files

Share document context selectively

Families, executors, and advisors may need different records. Section-based sharing helps avoid exposing the full vault just to answer one practical question.

  • Share records by role
  • Review recipient access after responsibility changes
  • Avoid sending private documents through support or email

How this fits in Legacy Toolkit

Use this guide as a working checklist inside the desktop vault. Create or review the relevant profile sections, attach the documents that support each record, add reminders where information can go stale, and share only the sections a trusted person needs for their role.

The goal is not to turn a private life into a public folder. The goal is to keep the plan legible, current, and controlled so the right person can find the right information without receiving the whole vault by default.

  • Profile sections keep the plan readable instead of turning it into a loose notes file.
  • Document attachments keep proof beside the account, asset, policy, or instruction it supports.
  • Trusted access lets you prepare a handoff without exposing the full vault by default.

Vault evaluation checklist

Treat this as a first pass, not a final legal packet. Review the items, fill in what is missing, and return to the plan whenever a provider, account, advisor, family role, or document changes.

  • Local encryption for the primary vault.
  • Documents linked to related accounts, assets, or wishes.
  • Clear labels and review dates.
  • Section-level sharing controls.
  • Offline access for the desktop plan.

Related next steps

Continue with the product, security, or planning page that best matches the next decision.