whatnow

Your message,
delivered if you can't.

Store a private message for people you trust. If you stop checking in, they receive it.

Open the app

Most people have accounts, assets, and wishes that no one else knows how to find. Passwords live in one person's head. Instructions never get written down. When something unexpected happens, families are left guessing.

Existing solutions ask you to trust a third party with your plaintext, share credentials insecurely, or involve a lawyer. whatnow is self-deployable, end-to-end encrypted, and requires no intermediary to read your message.

How it works

  1. 01

    Write your message

    Type instructions, account details, or whatever matters. The text never leaves your browser unencrypted — it is sealed with AES-256-GCM before upload.

  2. 02

    Add beneficiaries

    Choose who should receive the vault. Each recipient gets their own encrypted copy of the vault key — locked with a passphrase, RSA public key, or PGP key they control. They are emailed when the vault is sealed.

  3. 03

    Keep the switch alive

    Send a proof-of-life ping at whatever cadence suits you. Set a trigger threshold of 7 to 90 days. The switch resets every time you ping. Miss the window and the vault triggers.

  4. 04

    Recipients decrypt in their browser

    When the switch triggers, each beneficiary is notified and can decrypt the vault locally using only what they already hold. The server never sees the plaintext.

Features

End-to-end encryption

AES-GCM-256 in the browser. The server stores ciphertext only — it cannot read your message even if compelled to.

Passkey authentication

No password to forget or leak. Your device biometric or security key is the only thing that opens the vault console.

Flexible key handoff

Give each recipient a key via shared passphrase, RSA public key, or PGP key. Mix methods across recipients.

Configurable threshold

Set the trigger window to 7, 14, 30, 60, or 90 days. Change it any time without resealing the vault.

Email notifications

Beneficiaries are notified via Resend when the vault is sealed, so they know to expect a follow-up if the switch ever triggers.

One vault per account

No inbox of stale versions. Each save replaces the last. Simple, auditable storage on Cloudflare R2.

Proof-of-life heartbeat

A rolling 12-week ping chart shows your history at a glance.

No intermediary trust

Deploy to your own Cloudflare account. No SaaS company holds your secrets or your recipients' contact list.

Built on