Guardian Vault
A check-in timer controls all entries. Miss it, and your protocol executes.
Digital time capsule · Secure vault · Forever letters
A secure vault for your most important words — delivered on your terms, or erased forever.
Afterword gives you three powerful modes: Guardian Vault protects entries behind a check-in timer, Time Capsule delivers them on a date you choose, and Forever Letters sends a recurring message every year on the same date. End-to-end encrypted, with an optional zero-knowledge mode where even the server cannot decrypt.
Three modes, one vault
Guardian Vault (timer), Time Capsule (date), or Forever Letters (annual).
Send or erase on expiry
Choose delivery or deletion for each item.
Zero-knowledge option
Self-managed keys — the server never sees your data key.
AES-256-GCM encryption
HMAC integrity seal
Dual key envelope
Android-first release
Protocol preview
Hold to check in
Modes
Guardian Vault, Time Capsule, or Forever Letters.
Outcome
Send, erase, or deliver annually — automatically.
Access
view.afterword-app.com unlocks sent items only.
Private by design
Afterword never sees your plaintext or security keys.
Built for high stakes
Everything a premium digital vault should deliver.
Your protocol controls the message lifecycle, while encryption and tamper seals keep the vault untouchable.
Time Capsule
Schedule each entry for a specific date. No timer, no check-ins required.
Forever Letters
Send a recurring message every year on the same date. Your words live on. Pro & Lifetime.
Zero-knowledge mode
Self-managed encryption keys. The server never sees your data key.
Secure Erase
Erase vault items instead of sending when required.
Recipient-safe viewer
Unlock sent items with a private key in the browser, no login required.
Automated warnings
Pro users receive a final email warning before execution.
Audio vault
Pro users get 1 minute, Lifetime members get 10 minutes of encrypted audio.
Tamper protection
HMAC integrity seals detect any modification to entries, recipients, or keys.
Security model
Built so even the admin cannot peek.
Your device encrypts every message, recipient, and audio file before upload. The server only stores ciphertext and integrity seals. Here is exactly how it works.
AES-256-GCM encryption
Every vault entry is encrypted with a unique 256-bit key using AES-GCM (Galois/Counter Mode). This is the same standard used by banks and governments. Keys are generated exclusively on your device.
Dual key envelope
Each data key is wrapped twice: once with your device secret (stored in secure hardware) and once with a server secret. Both halves are required to recover the key. Neither party alone can decrypt your data.
Encrypted recipients
Recipient email addresses are encrypted on your device before upload. This prevents anyone — including Afterword engineers — from swapping, reading, or redirecting your entries.
Zero-knowledge option
Enable self-managed keys per entry. The server envelope stores an empty value. Only your device holds the decryption key. You share it with your beneficiary out-of-band.
Audio locked as noise
Voice notes are encrypted with AES-256-GCM on your device before upload. On the server, they are indistinguishable from random noise. Stored in a private, access-controlled bucket with no public URL.
Browser-only decryption
Recipients decrypt entries entirely in their browser using the Web Crypto API. The security key is provided in the delivery email (or shared manually for ZK entries). No data is sent back to Afterword servers during decryption.
Deep dive
How tampering protection & encryption work.
Users have asked how we protect against tampering, how data is stored on the server, and what proof exists that we cannot read your entries. Here is the full technical explanation.
What happens when you save an entry
1. Your device generates a random 256-bit AES-GCM key (the data key).
2. Your message and recipient email are encrypted with this data key.
3. The data key itself is wrapped in a dual envelope:
one half encrypted with your device secret (stored in Android Keystore / iOS Keychain),
one half encrypted with the server secret (an environment variable the server holds).
4. An HMAC integrity seal is computed over the recipient ciphertext, data key envelope, and entry metadata.
5. Only ciphertext, the sealed envelope, and the HMAC tag are uploaded. The plaintext never leaves your device.
What happens when an entry is delivered
1. The server reads the encrypted entry and the dual key envelope.
2. It decrypts only its half of the key envelope using the server secret. This produces the security key.
3. The security key and a viewer link are emailed to the recipient.
4. The recipient opens view.afterword-app.com, pastes the security key, and the browser
decrypts the entry using the Web Crypto API. No data is sent back to the server.
5. For zero-knowledge entries, step 2 is skipped entirely — the server envelope is empty.
The sender must share the security key manually.
How HMAC integrity protection works
Every vault entry includes an HMAC-SHA256 tag computed on your device.
The HMAC covers the encrypted recipient email, the encrypted data key, and entry metadata.
The HMAC key is derived from your device secret.
What this proves: If anyone modifies any sealed field on the server
(a rogue admin, a database breach, or a compromised API), the HMAC will not match
when verified during delivery.
Critical design choice: HMAC mismatches are advisory only.
A mismatch is logged but never blocks delivery. This prevents a
denial-of-service attack where an attacker corrupts the HMAC to stop your entries
from being sent. Your entries are always delivered, even if tampered with — the
mismatch audit trail proves the tampering occurred.
What the server can and cannot see
The server stores:
• Ciphertext (encrypted message, encrypted recipient, encrypted audio)
• Dual key envelope (device-encrypted half + server-encrypted half)
• HMAC integrity tag
• Metadata (timestamps, entry status, scheduled dates)
The server can never:
• Read your message plaintext (requires your device key to unwrap the data key)
• Read recipient email addresses (encrypted with the data key)
• Swap recipients (changing the ciphertext would be detected by the HMAC seal)
• Decrypt zero-knowledge entries (the server envelope is empty)
• Recover data after account deletion (all rows are permanently erased)
The server can:
• Decrypt its half of the key envelope during delivery (this produces the security key for the recipient)
• See entry metadata (status, dates, tier) necessary for protocol execution
• See your email address (for authentication and account management)
Protocol flow
Three modes, one vault. Choose how your entries are delivered.
Guardian Vault uses a heartbeat timer. Time Capsule schedules each entry for a specific date. Forever Letters delivers annually. All are end-to-end encrypted.
Heartbeat-protected
Set a check-in timer (7–3650 days). If you miss it, all entries execute at once. Press Soul Fire to reset the timer. Push notifications remind you at 66% and 33%.
Scheduled delivery
Pick a future date for each entry. No timer, no check-ins. Each entry is delivered on its scheduled date automatically. 30-day grace then auto-purge.
Recurring annual delivery
Pick a date. Every year on that date, your recipient receives the same encrypted message with a secure viewer link and key. Your words live on, year after year. Pro & Lifetime only.
Secure your vault
Write messages or record audio. Everything encrypts locally. Toggle zero-knowledge for Guardian/Time Capsule entries you want fully private.
Protocol executes
Afterword sends or erases entries exactly as instructed. Guardian and Time Capsule entries stay available for 30 days, then purge. Forever Letters never purge.
Plans
Choose the plan that fits your needs.
Free
$0
- 3 text entries
- 30-day timer
- Guardian Vault & Time Capsule modes
- Zero-knowledge mode
- Scheduled delivery (up to 30 days ahead)
- 3 themes & 3 soul fire styles
- Push notifications
- Recovery phrase backup
Most popular
Pro
$1.99 / mo · $19.99 / yr
- 20 text entries
- Secure Erase mode
- Forever Letters (recurring annual delivery)
- Encrypted audio vault (1 min)
- Custom timer (7–365 days)
- Scheduled delivery (up to 1 year ahead)
- Email expiry warning
- 8 themes & 8 soul fire styles
Lifetime
$49.99 once
- 30 text entries
- Everything in Pro, forever
- Forever Letters (recurring annual delivery)
- Encrypted audio vault (10 min)
- Extended timer (up to 10 years)
- Scheduled delivery (up to 10 years ahead)
- All 10 themes & 10 soul fire styles
Feature
Free
Pro
Lifetime
Text items
3
20
30
Secure Erase
No
Yes
Yes
Forever Letters
No
Yes
Yes
Guardian Vault timer
30 days
7–365 days
7–3650 days
Time Capsule schedule
30 days ahead
1 year ahead
10 years ahead
Zero-knowledge mode
Yes
Yes
Yes
Email warning
No
Yes
Yes
Audio vault
No
1 min bank
10 min bank
Themes
3
8
10
Soul Fire styles
3
8
10
Recovery phrase
Yes
Yes
Yes
FAQ
Clear answers, premium support.
Can Afterword read my messages?
No. Encryption happens on-device using AES-256-GCM and keys never leave your device. The server only stores ciphertext. With zero-knowledge mode, even the server cannot decrypt your data key.
What are the three modes?
Guardian Vault uses a check-in timer for all entries — miss it and everything executes. Time Capsule lets you schedule each entry for a specific date. Forever Letters sends a recurring message every year on the same date. Guardian and Time Capsule work on all plans; Forever Letters requires Pro or Lifetime.
How does tampering protection work?
Every entry includes an HMAC-SHA256 integrity seal computed on your device. The seal covers the encrypted recipient, encrypted data key, and metadata. If anyone modifies a sealed field on the server, the HMAC will not match. Mismatches are logged but never block delivery — this prevents denial-of-service attacks where an attacker could corrupt the seal to stop your entries from being sent.
How is my data encrypted?
Each entry gets a unique AES-256-GCM key. That key is wrapped in a dual envelope — one half encrypted with your device secret, one half with the server secret. On delivery, the server decrypts only its half and sends the resulting security key to your recipient. The recipient decrypts in their browser. Neither party alone can access your data.
What is zero-knowledge mode?
A per-entry toggle that keeps the encryption key only on your device. The server envelope is empty. Even we cannot decrypt. You manually share the key with your beneficiary. Available on Guardian Vault and Time Capsule entries.
How does Forever Letters work?
Pick a date and write a message or record audio. Every year on that date, your recipient gets the same encrypted message with a viewer link and security key. Forever Letters run independently of your Guardian or Time Capsule settings. You can view, edit, or delete a Forever Letter anytime.
What if I miss a check-in?
In Guardian Vault mode, the protocol executes. Sent items stay visible for 30 days, then purge. Time Capsule and Forever Letters do not require check-ins — they deliver automatically on their scheduled dates.
How do beneficiaries access items?
They open view.afterword-app.com and enter the security key from the delivery email. Decryption happens entirely in their browser using the Web Crypto API. For zero-knowledge entries, the sender shares the key separately.
How many entries can I create?
Free: 3 entries. Pro: 20 entries. Lifetime: 30 entries. Slots are recovered after sent entries are purged (30 days after delivery).
Can I switch between modes?
Yes, in Account Settings. You must clear all active Guardian/Time Capsule entries before switching. Forever Letters are not affected by mode switching — they work independently.
What happens when I downgrade?
Text entries are preserved but you cannot create new ones over the free limit. Audio entries, Forever Letters, and entries scheduled beyond 30 days are adjusted or removed automatically. Themes and Soul Fire styles reset to free defaults.
What happens if I delete my account?
All vault entries, Forever Letters, encryption keys, key backups, and profile data are permanently destroyed. This is immediate and irreversible. Your subscription is lost and cannot be restored.
Premium by design
Protect the words that cannot wait.
Afterword is Android-first and built for real life. Start with free, upgrade when you need complete control.
Ready to build your vault?
Join Afterword and secure your messages in minutes.