Soult — Digital Legacy Vault for Assets, Memories & Family Stories | India
lock Secure Legacy Storage

Your digital legacy vault.
Protected honestly.
No overclaiming.

You're trusting Soult with your Will, family memories, medical wishes, and financial legacy. The least we owe you is a completely straight answer about exactly how your digital legacy vault is protected — today, not in a future we're still building.

See How We Protect Your Data View Our Security Roadmap
info

A note on zero-knowledge encryption

Many platforms in our space claim zero-knowledge encryption. We think that term is important enough to use only when it's completely true. Soult is not a zero-knowledge platform today. We are building toward that architecture as a firm engineering commitment — because we believe it is the right standard for a product like ours. Until we ship it, we won't claim it. What we offer today is strong, industry-standard protection, described accurately below.

What We Do Today

Every layer of protection,
explained plainly

enhanced_encryption
check_circle Live Today

AES-256 Encryption at Rest

All data stored on Soult's servers is encrypted using AES-256 — the same encryption standard used by the Reserve Bank of India, UIDAI, and major banking institutions worldwide. Your documents, memories, and records are never stored as readable plain text on our servers.

public
check_circle Live Today

TLS Encryption in Transit

Every piece of data moving between your device and our servers travels over TLS 1.3 — the current gold standard for secure data transmission. This protects your data from interception at every step of the journey.

location_on
check_circle Live Today

100% Indian Data Residency

Your data never leaves India. All Soult infrastructure runs on servers located in Indian data centres, fully compliant with the Digital Personal Data Protection Act (DPDP Act, 2023). No data is processed, stored, or backed up on servers outside India.

key
check_circle Live Today

Multi-Factor Authentication (MFA)

Every Soult account can be secured with multi-factor authentication via OTP or an authenticator app. We strongly recommend enabling MFA — and we prompt you to do so during setup. Access without a second factor is intentionally difficult.

receipt_long
check_circle Live Today

Full Audit Trail & Access Logs

Every access event — login, document view, edit, share, or executor trigger — is timestamped and logged in your personal security dashboard. You can see exactly who accessed what, from which device, and when. Unusual access patterns trigger automatic alerts.

admin_panel_settings
check_circle Live Today

Role-Based Internal Access Controls

The vast majority of Soult employees — including most engineers — have no access to user data. Those with any system access are bound by strict confidentiality agreements, operate under the principle of least privilege, and have every action logged. We maintain an internal access register that is reviewed quarterly.

account_balance
check_circle Live Today

Data Continuity & Export Guarantee

All data is stored in open, non-proprietary formats. You can request a full export of your vault at any time — your documents, media, and structured records in standard formats you can open without Soult. Your data is yours, always. Lifetime plan holders additionally benefit from third-party escrow backup under an independent custodianship agreement.

Access Transparency

Who can see what — honestly

We believe you should know exactly who can access which parts of your vault, under what circumstances. No vague reassurances.

Who Your vault contents Metadata & logs Circumstances
You check Full access check Full access Always, with authentication
Your nominees / executor visibility Scoped access visibility Executor audit only Only after you grant access or executor flow is triggered
Soult engineers code Technically possible terminal System logs only Role-limited, logged, only for support or legal obligation
Soult support staff block No access visibility Account metadata only Cannot see vault contents at all
Third parties / advertisers block Never block Never We do not sell, share or monetise your data
Law enforcement gavel Only if legally compelled gavel Only if legally compelled We will notify you before complying unless legally prohibited

The "Soult engineers — technically possible" row is why we are building zero-knowledge architecture. We want to make even this row say "Never."

Our Security Roadmap

Where we're going,
and when

We publish this roadmap publicly because we believe accountability requires specificity. These are commitments, not marketing.

AES-256 encryption at rest & TLS 1.3 in transit  

Shipped at launch. All data encrypted in storage and transmission.

Indian data residency & DPDP Act compliance  

All infrastructure on Indian servers. Consent framework fully implemented.

MFA & role-based internal access controls  

Multi-factor authentication available for all accounts. Internal access strictly scoped.

Independent security audit — In Progress

We are currently undergoing our first third-party security audit. Results will be published in full, including any findings and our remediation plan.

SOC 2 Type I certification — In Progress

Formal process underway. SOC 2 Type I is the industry benchmark for data security practices for SaaS platforms handling sensitive information.

Client-side encryption for documents — Planned (2025)

Sensitive documents — Wills, medical directives — will be encrypted on your device before upload. A meaningful step toward zero-knowledge for the highest-sensitivity data.

Zero-Knowledge Architecture — Planned (2026)

Full zero-knowledge encryption across the entire vault: your key, your data, with Soult unable to access any of it. This is our most technically complex commitment and we are building it properly, not quickly.

Our Principles

The commitments that
don't change with the roadmap

We will never sell your data

Your vault contents, your usage patterns, your family relationships — none of it is ever shared with advertisers, data brokers, or third parties for commercial purposes. This is a founding principle, not a policy that can be reversed by a future product team.

We will publish security incidents

If there is ever a breach, attempted or successful, that could affect user data, we will publish a full incident report within 72 hours. You will be notified directly, told exactly what was at risk, and given clear guidance. No PR-managed silence.

We will notify before complying with legal orders

If we ever receive a legal order to disclose user data, we will notify the affected user before complying unless legally prohibited from doing so. We will also publish aggregate transparency reports about government data requests.

Your data survives us

If Soult shuts down for any reason, you receive a full, encrypted export of your vault in open formats before any shutdown date. For Lifetime plan holders, escrow provisions ensure data custody is transferred to an independent trustee — not deleted.

Still have security questions?

Our FAQ has a dedicated security section with honest answers to the hardest questions — including "can Soult read my data?"

security
Architecture & Security

Vault-grade protection.
Built for India.

Soult operates on a simple premise: strict data separation combined with operational resilience. We combine secure cloud infrastructure with rigorous access controls, continuous auditing, and localized data storage to ensure your legacy remains unbroken.

Advanced digital security and encryption concept
Start Your Vault Read Whitepaper arrow_forward
enhanced_encryptionAES-256 Encryption
location_onAWS Mumbai & Hyderabad
balanceDPDP Act Aligned
keyAWS KMS Key Control
The Design Philosophy

Governance-driven security.
Designed for real life.

Soult does not claim Signal-style end-to-end encryption. Why? Because a digital life vault requires secure, structured account recovery, multi-device usability, and carefully gated executor workflows. True E2EE would mean a lost password destroys your family's legacy permanently.

Instead, Soult uses a governance-driven architecture. This approach follows strict data separation and limited access principles while remaining deeply aligned with the realities of the Indian digital landscape.

Governance-driven security and encrypted lock
policy
Data Localization & DPDP Act 2023

Hosting exclusively within designated AWS India regions ensures data residency compliance. Our AES-256 encryption, strictly controlled access, and immutable audit logs completely align with India’s Digital Personal Data Protection Act.

phonelink_lock
Handling High Device Churn

Indian users frequently change phones and SIM cards. Our architecture balances robust vault protection with structured recovery workflows, reducing the risk of permanent lockouts while preventing unauthorized access.

account_balance
Financial & Legacy Sensitivity

Given that Soult stores financial inventories and legacy instructions, KMS-based key separation and role-gated executor workflows provide the exact safeguards required for highly sensitive personal data.

Under the Hood

How the vault
is engineered.

Whether you are seeking peace of mind or reviewing our technical stack, our commitment remains the same: practical, honest, and explainable security.

Read our detailed Security Whitepaper menu_book
Enterprise-grade cloud infrastructure and servers
01

Industry-Standard Encryption & Key Governance

AES-256 TLS AWS KMS

Encryption is our absolute baseline. Your data is secured fiercely at every stage. All device-to-server communication is strictly encrypted in transit. At rest, your files, documents, and records stored in our databases (DynamoDB) and storage buckets (S3) are locked down using globally accepted AES-256 encryption standards.

key
AWS KMS ManagementCryptographic keys are managed via AWS Key Management Service (KMS) with incredibly strict IAM control. Database access does not automatically grant access to encryption keys.
shield
Application-Level ProtectionData is encrypted prior to persistent storage where applicable, designed with limited access principles. Credentials are safely isolated in AWS Secrets Manager.
02

Identity, Auth & Access Control

AWS Cognito JWT Auth PoLP

We verify exactly who is knocking at the door before any data is moved. Powered by AWS Cognito, Soult utilizes robust token/JWT-based authentication alongside strict server-side session controls.

verified_user
Multi-Layer VerificationOTP-based verification for onboarding, combined with an in-app MPIN re-authentication requirement for sensitive actions like viewing vault assets or editing executor settings.
front_hand
Role-Based Access (PoLP)The Principle of Least Privilege is enforced across the board. Users can only access their own vault, and executors are tightly gated behind formal verification processes.
03

Secure Cloud Infrastructure

AWS Mumbai AWS Hyderabad

A vault that goes offline during a crisis is useless. Soult is built with operational continuity in mind. Our primary infrastructure is in AWS Mumbai, with a fully defined backup in AWS Hyderabad, designed for continuity and rapid recovery.

restore
Rapid Recovery TargetsDesigned with a Recovery Point Objective (RPO) of 0–15 mins and a Recovery Time Objective (RTO) of 30–60 mins, ensuring near-immediate continuity if a region fails.
cloud_sync
Component ResilienceWe utilize DynamoDB Global Tables for near real-time replication, Point-in-Time Recovery (PITR), and S3 Cross-Region Replication (CRR) for absolute data survival.
04

Insider Risk & Immutable Audit Logs

CloudTrail Zero Prod Access Immutable

Trust requires verifiable constraints on our own team. We have significantly reduced insider risk by enforcing strict production environment isolation. Our backend engineers are restricted from accessing the production cloud environment.

visibility_off
No Routine Data AccessStrict access controls ensure no routine access to user data. Production access is tightly restricted, and plaintext vault data is protected by layers of audited workflows.
manage_search
Immutable Audit LogsAWS CloudTrail meticulously records API calls to KMS and Secrets Manager into immutable logs—meaning these records cannot be altered or deleted by anyone, even our team. This guarantees absolute transparency and forensic readiness.
money_off
Zero Monetization

Your data is never sold or monetized. We make zero compromises on privacy—your information is used only to provide the service you expect.

pin_drop
Strict Localization

Every piece of data, every encrypted file, and every database record remains strictly within designated AWS regions inside India. It never leaves the borders.

delete_forever
Permanent Deletion

You retain ultimate control. If you choose to close your vault, we adhere to strict, permanent deletion workflows. When it's gone, it is securely and permanently destroyed.

Independently Verified

Not promises.
Certifications.

Our entire infrastructure is managed and audited against the highest international standards. Both certifications below are live and active today.

admin_panel_settings
ISO 27001
Live · Certified

Information Security Management System. The international standard for protecting sensitive information and managing security risks.

verified
ISO 9001
Live · Certified

Quality Management System. Certified processes for consistency, reliability, and continuous improvement across our operations.

The Bottom Line

Security designed for real life.
Never locking your family out.

We built this architecture so you never have to worry about the technical details. You just need to know that your legacy is protected today, and perfectly accessible to the right people tomorrow.

Your digital life, perfectly preserved.

Start Your Vault Read Whitepaper arrow_forward
Available on iOS & Android

Your vault.
Always in your pocket.

Everything you have built, preserved, and passed on — secured in the Soult app. Download in under a minute.

Get it on
Google Play
Live
Download on the
App Store
Beta
support_agent
Soult Assistant
 Online · Here to help
Powered by Soult AI  ·  soultdigital.com