Frequently Asked Questions

Client-side encryption means your vault data is scrambled in your browser before it ever leaves your device. By the time anything reaches our servers, it's already unreadable ciphertext — not the original text you typed.

This is what Fern & Echo can see: your name and email (stored encrypted), account creation date, section types, the number of entries per section, and timestamps.

This is what Fern & Echo cannot see: entry titles, account credentials, URLs, notes, MFA methods, section names, or any content stored within entries. These are all encrypted client-side using AES-256-GCM before reaching our servers.

For a complete breakdown, see our Privacy Policy data transparency table.

Your vault data is permanently and irrecoverably lost. This is not a policy — it's a technical reality.

Your vault password is the encryption key for everything in your vault. It is never transmitted to or stored by Fern & Echo in any recoverable form. We have no backdoor, no master key, and no way to decrypt your data on your behalf.

We strongly recommend storing your vault password in a physical location you trust — a safe, a lockbox, or written down somewhere only you can access. You can also store it in a separate password manager.

Mostly. All vault entry contents — including titles, credentials, notes, MFA methods, and section names — are encrypted client-side. Fern & Echo genuinely cannot read these.

Some structural metadata is stored unencrypted: section types (e.g. "financial", "medical"), entry counts, and timestamps. This is required to render your vault structure before you unlock it.

There is one narrow exception: during an active Level 2 continuity release, a vault key is temporarily held on our servers for the duration of the waiting period. This requires your explicit prior consent to set up. See our Privacy Policy for the full explanation.

We store the minimum necessary to operate the service:

Encrypted — unreadable to us: your name, email address, entry titles, MFA methods, credentials, URLs, notes, section names, and all vault content.

Plaintext — visible to us: account creation date, subscription tier, section types, entry counts, and timestamps.

Opt-in only: anonymized field usage patterns — which fields you fill when saving entries, recorded as true/false only. No values are ever collected.

See the full breakdown in our Privacy Policy.

A continuity contact is a person you designate to access your full vault when you are unable to — whether due to incapacitation, extended unavailability, or death. They are your trusted representative for your digital life.

When you designate a continuity contact, you complete a key exchange in your browser that gives them decryption access to your vault. Fern & Echo cannot grant or override this access — it is entirely controlled by you.

Your continuity contact also gets access to your customized continuity playbook — a checklist of tasks you want them to complete — and a curated set of guides for common tasks like notifying banks, filing final tax returns, and closing accounts.

Fern & Echo has two levels of access for trusted people.

Level 1 — Vault sharing gives a trusted person read-only access to your vault. This is useful for day-to-day situations — a partner who needs to reference your accounts, someone covering for you while you travel, or a trusted friend who might need to step in. You can revoke it at any time.

Level 2 — Continuity access gives a designated contact full access to take over your vault when needed. This requires a deliberate activation process and a waiting period before access is granted — giving you time to cancel if you're able to. The continuity view presents your vault formatted for handover, and includes your playbook and continuity guides.

Technically, both use the same encryption mechanism. The distinction is in intent, activation process, and how the information is presented to the recipient.

Fern & Echo does not offer family plans. This is a deliberate architectural decision, not a missing feature.

Every vault is inherently personal. Your vault is encrypted with a key that only you hold — it is technically impossible for anyone else to read your vault contents, including us. A shared or joint vault would require sharing encryption keys, which would compromise the zero-knowledge model for everyone involved.

If you want someone to have access to your vault, use the sharing or continuity access features. These give a specific person access to a specific vault — without compromising the security of either party.

Your account and all associated data — including your encrypted vault — are permanently and irrecoverably deleted. This cannot be undone.

We recommend exporting your vault before deleting your account. The export file is encrypted with your vault key and can serve as a permanent offline backup.

Your account converts to the free tier. Your vault data is never deleted unless you explicitly request it — a lapsed subscription does not remove anything.

On the free tier your own view and exports are limited to the free plan limits. Your continuity contacts and share recipients are unaffected — they continue to see the full vault as it was at your last sync, regardless of your subscription status. Upgrading at any time restores your full view.

Prices will never decrease without explicit public communication explaining why. If we ever lower prices, we will announce it publicly and explain the reasoning.

Your subscription price is locked at the rate you signed up at. As long as your subscription remains active, it will not increase. If you cancel and resubscribe, you will be charged the current price at the time of resubscription.

When someone signs up using your referral link and subscribes to a paid plan, you earn one free month. They get 20% off for their first 12 months — $4/month or $40/year instead of the standard rate.

Your referral link is available at Settings → Referrals. It's also automatically embedded in any vault you share — anyone viewing your shared vault sees an invitation to sign up with your link.

Your free month is applied when the person you referred converts to a paid subscription. You'll receive a notification when this happens. The reward is one calendar month of free service regardless of which plan they choose.

No limit on how many people you can refer. However, rewards do not stack — each conversion earns you one free month for that billing cycle only. If multiple people convert in the same month, you still receive one free month, not multiple. Each new conversion resets your free month from the date it triggers.

No. The best vaults are built gradually. Start with one section and a few entries — whatever feels most important. A few minutes today, a few more next week.

The vault readiness score helps you track your progress over time and shows you what's missing.

Think about what someone would need if they had to step in for you tomorrow. Common starting points:

Financial: bank accounts, investment accounts, credit cards, loans, insurance policies.

Digital: email accounts, social media, subscriptions, domain names, hosting accounts.

Devices: computers, phones, home network, smart home devices.

Legal & property: location of physical documents, insurance policies, property deeds, vehicle titles.

You don't need to store passwords — just enough context that the people who depend on you know where things are and who to contact.

Yes. From the Export page you can download your vault in four formats: HTML (readable in any browser), Markdown, JSON, and CSV. You can also generate an Emergency Access export — a standalone offline document designed for your continuity contact, including your vault instructions and continuity playbook.

All exports contain your complete vault data in plaintext — store them securely and delete them when no longer needed.