DeadVault

• 

  Main Page

• 

  email verification

• 

  sms 2fa

• 

  2fa

• 

  claim alerts

• 

  qr code 2fa

• 

  Claims

Inspiration

DeadVault was inspired by a problem that almost everyone will face eventually, but very few people are prepared for: what happens to your digital life when you die or become incapacitated? People store sensitive documents, account information, legal records, financial files, and personal memories online, yet there is rarely a secure and structured way to pass those assets on.

We wanted to build something that solved a real problem instead of making another novelty app. The idea of a secure digital inheritance vault stood out because it combined meaningful impact with strong technical depth. It gave us the chance to work on authentication, secure storage, verification, audit logging, and cloud infrastructure in one project.

What it does

DeadVault is a secure digital legacy platform that lets users store important files and decide who should receive them if they pass away.

A vault owner can upload files, assign recipients to specific files, and designate an executer who is responsible for initiating a claim. The executer receives a unique claim link and, when needed, submits a physician's note along with a medical license number. The system verifies the claim, logs the event, and then releases the appropriate files to the intended recipients using secure signed download links.

In short, DeadVault acts like a dead man's switch for your digital life, with identity verification and controlled file release built into the workflow.

How we built it

We built DeadVault using Next.js for the frontend and full-stack application flow, with Tailwind CSS for styling. For authentication and user management, we used Firebase Auth, including support for stronger account security through two-factor authentication. For data storage and application state, we used Firestore, and for file storage we used Google Cloud Storage.

We created a dashboard where users can:

• upload important files
• assign file recipients
• add executers
• view an audit log of sensitive activity
• manage profile and security settings

We also built a public claim flow where an executer can open a unique link, upload a physician's note, enter a license number, and submit a release claim. On the backend side, API routes handle file uploads, recipient creation, audit logging, claim validation, and release logic. Once a claim is verified, the app generates signed file URLs and sends them to the designated recipients by email using Resend.

Conceptually, the release logic follows:

$$ \text{Vault Release} = \text{Valid Claim Token} + \text{Physician Note} + \text{Verified License} $$

That formula helped guide our security model throughout the build.

Challenges we ran into

One of the biggest challenges was balancing security with hackathon speed. We were building a product that deals with death claims, sensitive files, and identity verification, so we could not treat it like a basic CRUD app. Even small design choices had security implications.

Another challenge was designing access for the executer. Since that person is not a standard logged-in user, we had to create a workflow that was secure but still simple enough for a real-world emergency scenario. The unique-link claim system solved that, but it required careful token handling and a clean user experience.

We also had to think through how file release should happen. Sending files directly by email would be messy and limited, so we chose signed URLs instead. That introduced its own questions around expiration, delivery, and access control. On top of that, coordinating the data structure across uploads, recipients, executers, claims, and audit logs required a lot of consistency to keep the whole system working end-to-end.

Accomplishments that we're proud of

We are proud that DeadVault is not just an idea page or a mockup. We built a working end-to-end flow that feels like a real product.

Some accomplishments we are especially proud of:

• building a full vault workflow from upload to verified release
• creating separate roles for file recipients and executers
• implementing a physician verification step instead of relying on a simple form submission
• adding audit logging so sensitive events are visible and traceable
• supporting two-factor authentication to improve account security
• integrating email delivery for claim links and released file access
• designing the project around a real-world problem with meaningful use cases

We are also proud that the project goes beyond being a trend-based hackathon app. It addresses a serious gap in digital legacy planning and shows how cloud tools can be used to solve it responsibly.

What we learned

We learned that security-focused product design is as much about system thinking as it is about coding. The hardest part was not building pages or forms, but deciding how trust should flow through the system.

We learned how important it is to define data contracts early when multiple people are building different parts of the application. We also learned that authentication, authorization, and verification each solve different problems, and all three matter in a product like this.

From a technical perspective, we gained experience connecting frontend flows to cloud-backed services, handling secure file storage, generating signed URLs, structuring audit logs, and building verification-aware UX. More than anything, we learned that building for real-life edge cases forces you to think much more carefully about both the user and the system.

What's next for DeadVault

There is a lot we would want to improve if we continued developing DeadVault.

Our next steps would be:

• implement full production-grade encryption flow with Google Cloud KMS across all uploaded files
• add stronger verification integrations with real physician registry APIs
• introduce timed holding periods and manual override workflows before final release
• improve recipient and executer permission controls
• add reminder systems for owner check-ins and inactivity monitoring
• support better vault organization, more file types, and mobile-first polish
• strengthen Firestore security rules and append-only protections for audit logs
• deploy the full system on Google Cloud Run for a more complete production architecture

Our long-term vision for DeadVault is to become a secure, trustworthy platform for digital inheritance, giving people a way to protect their files today while making sure the right people can access them tomorrow.

Built With

• firebase-admin-sdk
• firebase-auth
• firestore
• google-cloud
• javascript
• next.js
• node.js
• otpauth
• qrcode
• react
• resend
• tailwind-css
• typescript