whatnow

Your message,
delivered if you can't.

A private letter for the people you trust. If you stop checking in, they receive it — encrypted end-to-end, with no human in the middle.

Open the app See it work ↓

See it for yourself. Right now.

Type anything on the left. The right is the only thing that ever leaves your computer.

What you write

What the server stores

This is real. That's AES‑256 — the same encryption banks and governments use — running in your browser, right now. The gibberish on the right is all the server ever sees.

Passwords live in one person's head. Wishes never get written down. When something unexpected happens, families are left guessing — and the existing alternatives ask you to trust a stranger with your plaintext, or involve a lawyer.

whatnow is end-to-end encrypted and needs no intermediary to read your message — because no intermediary can.

How it works

A sealed envelope.
The envelope is math.

Five small steps. The first three are yours. The last two only happen if you go quiet.

  1. 1. You write what matters.

    Passwords, account numbers, where the keys are — or just "I love you, here's what to do." Anything your people would need if you weren't around. Nothing is uploaded in plaintext.

    Where the random key lives (AES‑GCM)

    Your browser quietly generates a fresh, random 256‑bit key — a number with 78 digits in front of it. It uses that key to scramble your message with AES‑GCM. The plaintext never leaves the page; only the scrambled blob is uploaded.

  2. 2. You name who gets it.

    A spouse, a kid, a lawyer, a best friend. Each one gets a private copy of the key, locked with something only they control.

    One vault key, different lock per person

    For every recipient, the vault key is wrapped using a secret only they hold: a shared passphrase, an RSA public key, or a PGP key. Even if every wrapped copy leaked tomorrow, no one except those exact people could unwrap them.

  3. 3. You check in, on your schedule.

    Once a week, once a month — your call. One tap resets the clock. Keep tapping and nothing ever happens.

    What each ping writes on the server

    You pick a window — say, 30 days. Each ping stamps your account with the current time. A small scheduled job checks every day whether your last ping is still inside the window. If it is, it sits quietly and does nothing.

  4. 4. If you go quiet, we nudge you first.

    Miss the window and the message doesn't fire — you get a 7-day warning, one quiet reminder email a day. On vacation? Phone dead? One click cancels everything.

    Grace mode: activegrace_period

    When the threshold elapses, the system flips your account from active to grace_period and anchors a 7-day countdown. A scheduled job emails you each day with the days remaining and a one-click "I'm here" link. Any ping during this window resets the timer back to zero and clears the warning state. You can change the warning window length (1–14 days) in your settings.

  5. 5. Only then are your people notified.

    If the warning window also passes in silence, each recipient gets a link. They fetch the sealed vault and unwrap it on their own device — passphrase, RSA key, or PGP secret stays with them; we never run decryption for them or see the plaintext letter. What they read is assembled in their browser, same as you wrote it.

    Their keys, their tab — two opaque downloads

    The recipient downloads two things: the scrambled vault, and their personal wrapped copy of the vault key. In their browser they unwrap and decrypt locally — the service only stores and serves ciphertext and wraps; it does not hold their unwrap secret and cannot turn that into plaintext for them.

The heartbeat, in motion

Watch the bar fill up. The black zone is your safe window. The striped zone is the 7-day warning window where we email you daily. Only at the very end do beneficiaries get notified.

last check-in warning starts trigger
30 days until warning

A real timer would run for weeks. This sped-up version takes about 40 seconds.

Two minutes to set up. Years of peace of mind.

Sign in with a passkey, write your message, name your people. That's it — the rest runs itself.

Open the app Re-read how it works

Why you can trust this

The math, not us.

You don't have to trust whatnow the company. You only need to trust AES‑256 — the same encryption protecting top‑secret US government documents. Cracking it without the key is not a credible plan A for attackers.

If we got hacked tomorrow…

…the attacker would walk away with a pile of scrambled bytes. No messages. No passwords. No names of the people you love.

If a court demanded everything…

…we couldn't hand over your message even if we wanted to. We don't have it. Nobody at whatnow has ever seen it. Your browser is the only place it ever existed in plain English.

Packets don't lie.

Open DevTools, watch the Network tab, and look at what actually crosses the wire. You will see opaque blobs — never your plaintext. The ciphertext in the demo above is the shape of every real upload.

Specs at a glance

Flexible key handoff

Each recipient gets their key via shared passphrase, RSA, or PGP. Mix and match.

Configurable thresholds

Pick a 7, 14, 30, 60, or 90-day window — and a 1–14 day warning. Change them anytime.

One vault, always current

Each save replaces the last. No inbox of stale versions. Stored on Cloudflare R2.

Opaque on the wire

Vault bytes match what you see in the demo: random IV, then ciphertext with a 128-bit GCM tag. Corrupt or swap a byte and decrypt() throws before any plaintext exists in memory.

The longer you wait, the longer they're guessing.

Set up a vault now. Edit it whenever life changes. If nothing happens, nothing happens — and your people will never see it.

Open the app Try the demo again ↑

Built on