Why your legacy letters need real encryption (and what that actually means)
.png&w=3840&q=75)
Imagine writing a letter to your daughter. In it, you tell her about the time you almost left her father. About the night you sat in a parking lot crying, wondering if you were strong enough to hold the family together. You tell her you stayed, and you tell her why. You tell her what love actually looks like when it's hard -- not the fairy tale version, but the real one.
Now imagine that letter getting read by a stranger.
Or by your son-in-law. Or by a customer service rep at whatever platform you used to store it. Or by a hacker who got lucky one Tuesday afternoon.
That's not a hypothetical. It's what happens when personal letters end up in the wrong storage. And legacy letters -- the ones you write to be opened after you're gone -- hold some of the most private, vulnerable, irreplaceable words you'll ever put down. They deserve real protection. Which means understanding what "encrypted" actually means before you trust a product with them.
These aren't just documents
When people talk about "securing your digital legacy," it's easy to picture filing cabinets and insurance policies. That stuff matters, sure. But legacy letters are different.
Legacy letters are where you say the things you couldn't say out loud. The apology you've been carrying for twenty years. The confession that only makes sense once you're gone. The love letter to your spouse that says everything you were too embarrassed to say at the dinner table. The note to your grandchild who hasn't been born yet, telling them about the family they come from.
These are the most personal things you'll ever write. More personal than a diary, because a diary is for you. Legacy letters are for someone specific, someone you love, and they're written with the full weight of knowing these might be your last words to that person.
That's why treating them like ordinary files -- dropping them into Google Drive or emailing them to yourself -- misses the point entirely. Ordinary files get ordinary security. And ordinary security means someone else can read them.
The three things "encrypted" can mean
Most products that mention encryption are talking about one of three different things. They sound similar but offer very different protection. It's worth knowing which is which before you trust a product with your letters.
Encryption in transit (TLS). This protects your letter as it travels between your device and the company's servers. It's the lock icon in your browser. Almost every reputable service uses it. It prevents someone snooping on the network from reading the data while it's moving. It does nothing once the data lands on the server.
Encryption at rest. This means the data is encrypted while it sits on the company's servers. If someone steals a hard drive out of the data center, they get scrambled bytes instead of your letters. Most major cloud platforms (Google, AWS, Convex, etc.) do this by default. But here's the catch: the company holds the decryption keys. Their systems can read the data when needed. So can a court order, a rogue employee, or a sophisticated attacker who breaches the keys.
End-to-end encryption (E2EE). This is the strongest. Your letter gets scrambled on your device before it ever leaves, using a key only you (and your chosen recipient) hold. It stays scrambled on the server. The company storing it literally cannot read it -- they don't have the key. Signal works this way. So does iMessage between Apple users. Most legacy-planning platforms do not.
When a product says "encrypted," it usually means in-transit and at-rest. That's the industry default. Both are good and worth having. Neither is end-to-end encryption.
What "someone else can read them" actually means
Let's get specific about what's at risk, because it's easy to hand-wave about "privacy" without thinking about what a breach actually looks like in real life.
The platform reads them. Most cloud storage services encrypt your files on their servers, which sounds safe. But the company holds the decryption keys. That means their employees can technically access your files. It means a government request can compel them to hand everything over. Your letter to your wife about your struggles with addiction? It's sitting on a server where an engineer with the right access level could open it.
A data breach exposes them. Breaches happen constantly. They don't make the news anymore unless millions of records are involved. If the service storing your letters gets breached and they hold the encryption keys, your letters are exposed. Every word. To anyone who wants to look.
The wrong family member reads them early. Maybe you gave your son access to your document storage because he's your executor. But buried in there is a letter to your other son -- the one explaining why you set aside extra money for him, because he was struggling in a way the family didn't talk about. If your executor stumbles across that letter before its time, you've created exactly the kind of hurt you were trying to prevent.
Someone uses them against your family. This sounds dramatic until you think about contested estates, bitter divorces, custody fights. A letter where you admit to a mistake, share a family secret, or express a complicated opinion could be weaponized by the wrong person at the wrong time.
None of this is paranoia. It's just what happens when private things aren't actually private.
Why the distinction matters for legacy letters
Here's what end-to-end encryption does that regular encryption-at-rest doesn't: it makes sure that nobody between you and the intended reader can access your letter. Not the company hosting it. Not a hacker who breaches their servers. Not a rogue employee. Not a court order. Nobody.
The trade-off, which is real, is recovery. If you lose your key in an E2EE system, the company can't restore your letters. They can't, because they never had the key to begin with. That's a feature for security and a problem for usability. It's why most consumer products choose at-rest encryption instead — losing access to your own data is more common than getting breached.
For sensitive long-term writing like legacy letters, that trade-off is worth understanding before you pick a storage solution. There's no universally right answer. But there is a wrong move: assuming the product you chose is E2EE when it isn't.
The things people actually write about
I think the reason privacy feels abstract is that people haven't sat down yet to write these letters. Once you do, the need for real security hits you fast.
People write about marriages that almost ended. About children they gave up for adoption. About faith they lost or found. About money mistakes they made and what they learned. About the real reason they moved across the country. About the parent who hurt them and how they chose to forgive -- or didn't.
People write about the proudest moments of their lives and the ones they're most ashamed of. They write about love that's hard to say out loud and regret that only makes sense in hindsight.
If you're thinking about what to share and what to keep private, that's a healthy thing to work through. But whatever you decide to put in a letter, you should be able to trust that it stays sealed until the right person reads it at the right time. The kind of encryption a platform uses is part of that trust.
And here's the thing: if you don't trust that your letter will stay private, you won't write honestly. You'll hedge. You'll leave out the hard parts. You'll write something safe and generic instead of something real and meaningful. Knowing what protection you actually have isn't just about security -- it's about giving yourself the confidence to be truthful.
Real scenarios worth considering
A woman stores a letter to her husband on a popular cloud drive. Years later, they divorce. Because the account was shared during the marriage, her ex-husband's lawyer requests access during discovery. The letter -- written with love, at a time of deep vulnerability -- becomes an exhibit in a courtroom.
A man writes a letter to his youngest child explaining that she was conceived through a donor. He stores it in a basic note-taking app synced across his devices. His older child borrows his tablet for a school project and finds the letter.
A family stores end-of-life documents on a platform that goes bankrupt. The new owner of the company's assets inherits the servers, and with them, everything stored on those servers. Nobody reads the fine print about what happens to user data during an acquisition.
These aren't edge cases. They're the normal risks of storing private things in places that weren't built with real privacy in mind.
Questions to ask before trusting a platform
You don't need to become a cybersecurity expert. But you do need to ask a few specific questions when choosing where to store your legacy letters:
- What kind of encryption does the platform use? Look for specifics. "Encrypted" is vague. "TLS in transit and AES-256 at rest" tells you something. "End-to-end encrypted" tells you more — but only if it's true.
- Can the company read my data? If yes, it's not E2EE. If they say no, ask how. A real E2EE product can explain their key management and why they can't access your content.
- What happens if I lose my password? In an E2EE system, the answer is "you lose access to your data, period." If the company can reset your access and restore your data, they have the keys.
- Who can access my account after I die? Encryption is one part of the picture. Access controls and trusted-contact systems are the other half. A perfectly encrypted vault no one can open is useless to your family.
- What's the access model for recipients? When your letter reaches your daughter, how does she read it? Does she need an account? A key? An invitation link? Get this clear before you trust the system.
If a platform can't or won't answer these clearly, that's a signal. Honest products explain their security posture in plain terms.
Writing honestly requires trusting the system you chose
There's a reason people whisper secrets in empty rooms. Privacy changes what we're willing to say.
When you know your storage choice matches the sensitivity of what you're writing, you write differently. You stop performing. You stop editing yourself for an imaginary audience. You write the real thing.
And the real thing is what your family will treasure. Not the polished, careful version of you. The honest one. The one who loved imperfectly and tried hard and had regrets and still showed up. That's the version worth preserving, and it only comes out when you feel safe enough to put it on paper.
So before you start writing, decide what protection your words need. Then pick a tool whose security posture matches — and whose company is honest about what it does and doesn't do.
A good place to start
If you've been putting off writing legacy letters because you weren't sure where to store them safely, here's the short version. For most people, a reputable platform with TLS in transit, encryption at rest, and clear access controls is a sensible baseline. For the most sensitive writing, look at end-to-end encrypted tools and accept the recovery trade-off.
Whatever you choose, make sure the platform explains its security posture in plain language. If you're considering When I Die Files, our guide to safely storing legacy documents walks through what we do and don't do — so you can decide if the trade-offs work for you.
The most personal things you'll ever write deserve protection that matches their weight. Knowing what kind of protection you actually have is the first step.