How does PingVaults protect my digital assets?

Your asset clues are encrypted in your browser using AES-256-GCM. The encryption key is derived from your personal question answers via PBKDF2. The server only ever receives ciphertext and can never read your data.

What is an Inactivity Switch?

An inactivity switch is an automatic trigger mechanism. The system sends periodic check-in emails. If you stop responding, it automatically delivers decryption hints to your pre-configured emergency contacts, ensuring your digital estate is passed on.

Can I access my data if PingVaults shuts down?

Yes. All encrypted data is permanently stored on the Arweave blockchain, accessible forever via TxID. We also provide a standalone offline HTML decryptor that works without any network connection or account.

Is PingVaults open source?

The encryption core (PBKDF2 key derivation, AES-256-GCM encryption, offline decryptor) is fully open source under MIT license. Anyone can audit it. The business logic is proprietary, but the server only holds ciphertext it can never decrypt.

How is PingVaults different from a password manager?

Password managers protect credentials you use daily. PingVaults is designed for when you can no longer act — it auto-delivers decryption hints to your emergency contact after prolonged inactivity. Password managers lack inactivity triggers, permanent on-chain storage, and zero-knowledge architecture.

How an Offline Decryptor Improves Recovery Safety

Name: PingVaults
Author: PingVaults

The platform dependency problem

Every digital tool you rely on today could disappear tomorrow. Companies shut down. Servers go offline. Domains expire. APIs change. If your recovery plan depends on a specific app, website, or service being available at the exact moment your family needs it, you've introduced a single point of failure into the most critical part of your estate plan.

This is the platform dependency problem, and it affects nearly every inheritance and recovery tool on the market. Password managers require their servers. Cloud vaults require your account. Even encrypted files require the right software version to open them.

The question every estate planner should ask is: "If this company disappears in 10 years, can my family still recover my assets?"

For most tools, the answer is no.

What is an offline decryptor?

An offline decryptor is a single, self-contained HTML file that can decrypt your vault data without any server, internet connection, software installation, or account login.

It works by embedding all the cryptographic logic directly into the file itself, using WebCrypto — a standard browser API available in every modern browser. The file contains no external dependencies. No CDN links. No API calls. No tracking. Just HTML, JavaScript, and the WebCrypto API that every browser already supports.

In practical terms: your heir opens the HTML file in any browser, pastes in the required information, answers the security questions, and the vault is decrypted — entirely on their local machine.

No server ever sees the data. No network request is ever made. The decryption happens in the browser's memory and nowhere else.

Why this matters for estate planning

Estate planning operates on a fundamentally different timescale than daily security. You're not planning for next week. You're planning for a future where:

The original platform may not exist. Startups fail. Even large companies discontinue products. If your vault provider shuts down in 2035, your family needs a way to recover without it.
Your heirs may not have your credentials. They won't be able to log into your account, reset your password, or contact support. The recovery path must work without any account.
Technology will change. Operating systems, browsers, and encryption libraries evolve. A recovery tool must use standards stable enough to work across decades — like the WebCrypto API, which is a W3C standard implemented by every major browser.
Simplicity reduces failure. The more steps, software, or technical knowledge required, the higher the chance your heir gives up or makes a mistake. A single HTML file is about as simple as it gets.

An offline decryptor addresses all of these concerns by removing every dependency except the one thing guaranteed to exist in the future: a web browser.

How it works technically

The offline decryption process follows a straightforward sequence:

1. Your heir receives the decryptor file. This HTML file is delivered alongside the vault notification — either as an attachment or a download link. It can also be stored on a USB drive, printed as a QR code, or saved anywhere durable.

2. They open it in any browser. No installation needed. No internet needed. They simply double-click the file or drag it into a browser window.

3. They paste in the vault reference data. This includes the transaction ID (TxID) that points to where the encrypted vault payload is stored on-chain, plus any associated metadata. In some implementations, the encrypted payload itself can be pasted directly.

4. They answer the security questions. The answers to the knowledge-based questions you configured serve as the decryption key material. The decryptor derives the encryption key from these answers using a key derivation function (like PBKDF2 or Argon2), then uses AES-GCM via the WebCrypto API to decrypt the payload.

5. The vault contents are displayed locally. Everything happens in the browser tab. No data leaves the machine. The decrypted content is shown on screen, and the user can copy or save it.

The entire process is zero-knowledge by design — the HTML file never phones home, never logs anything, and never transmits data. It's cryptographically equivalent to running a local decryption script, but without requiring any command-line knowledge.

Platform-independent survivability

This concept — platform-independent survivability — is the gold standard for any serious digital estate plan. It means your recovery mechanism survives independently of:

The platform that created it
The internet infrastructure that delivered it
The operating system it was designed on
The account that configured it

Traditional approaches fail this test. A password manager's emergency access feature requires the password manager's servers. A cloud-based vault requires the cloud provider. Even a simple encrypted ZIP file requires the recipient to know which encryption algorithm was used and have compatible software.

An offline decryptor passes this test because it carries its own logic. It's the digital equivalent of a self-contained lockbox — everything needed to open it is part of the box itself (plus the key, which lives in your heir's memory as answers to personal questions).

What to look for in an offline decryptor

Not all offline recovery tools are created equal. When evaluating one, check for:

No external dependencies. Open the HTML file with your internet disconnected. If it doesn't work, it's not truly offline.
Standard cryptography. It should use WebCrypto (a W3C standard), not a custom or third-party crypto library that might become unavailable.
Transparent source. You should be able to read the JavaScript source code directly in the HTML file. No obfuscation. No minified mystery code.
Zero network activity. Open your browser's developer tools and check the Network tab. There should be zero requests. Ever.
Works across browsers. Test it in Chrome, Firefox, Safari, and Edge. If it only works in one browser, it's fragile.
Human-readable instructions. The file should include clear instructions for a non-technical person. Your heir shouldn't need to be a developer.

The bottom line

An offline decryptor is not a convenience feature. It's an architectural guarantee that your recovery plan cannot be held hostage by any company, server, or service.

When you're protecting assets that may need to be recovered years or decades from now, by people who may not be technically sophisticated, the simplicity and independence of a standalone HTML file is not just nice to have — it's essential.

It's the difference between a recovery plan that works today and one that works whenever it's needed.

PingVaults includes an offline decryptor with every vault — a standalone HTML file your heirs can use to recover your vault without any server or account. Create your vault →