Your vault is encrypted, private, and only ever opened by the people you choose.
Storing your family’s most important documents and wishes is a serious responsibility. Here’s exactly how Lyff protects your information, who can access it, and why.
Our Commitment to Security.
Secure, digital and upholding Australian privacy regulations.
Our commitment to your family
Lyff is built around a simple principle: your family's most sensitive information should be protected, private, and available exactly when it's needed.
Your vault is encrypted with AES-256, the same standard used by banks and government agencies. Every document you upload and every message you write is protected before it ever leaves your device.
Lyff staff can never view the contents of your vault. We will never sell your data or use it to train AI models. Your information exists to serve your family, not our business.
You decide who can see what. Only the people you nominate as Guardians or Custodians can ever access the folders you share with them. Everyone else, including us, stays out.
Keeping your account secure
Multiple layers of authentication work together to protect your account, with recovery options so you are never permanently locked out.
Password and two-factor authentication
Your account is protected by your login password and two-factor authentication (2FA). 2FA is required, not optional. When you sign in on a new device, you will be asked for your password and a one-time code sent to your phone. This protects your account even if your password is ever compromised.
Passphrase protection
In addition to your account login, your vault is secured by a personal passphrase that you set. This is a second layer of protection specific to your vault content, separate from your account password.
Biometric authentication
On mobile, you can use facial recognition or fingerprint authentication to open the Lyff app quickly without re-entering your password every time. Biometrics add convenience without compromising security.
Backup codes
At setup, you will receive a set of backup codes. Keep these somewhere safe. If you ever lose access to your phone, backup codes let you recover your account without locking yourself out permanently.
Guardian-assisted recovery
If you are locked out of your account, a nominated Guardian can help you regain access through a verified recovery process. This means losing your credentials does not mean losing your vault, and your chosen people are always a path back in.
Recovery Key
During setup, Lyff generates a Recovery Key for your account. This is your personal safety net. Store it securely and use it if you ever need to restore access independently of your phone or Guardian.
How your data is encrypted
Every piece of information you store in Lyff is encrypted using technology trusted by financial institutions and government agencies worldwide.
Bank-level encryption, unique to you
All vault content is encrypted using AES-256, with encryption keys unique to your account. This is the same standard required by the Australian Government for sensitive data.
- Encrypted in transit using TLS
- Encrypted at rest on secure servers
- Keys unique to each user account
- Data stored in Australia on AWS Sydney infrastructure
- Your data never leaves the country
Guardian and Custodian sharing
When you share a folder with a Guardian or Custodian, the content in that folder is encrypted specifically for them. They hold the means to open what you have shared, and only what you have shared. If you become incapacitated or something happens to you, their access continues to work as intended.
Every access is logged
Every time someone opens your vault or a shared folder, it is recorded and visible to you in your Activity log. You will always know who accessed what and when. This is both a security control and a transparency feature.
How Lyff operates internally
Security is not just about technology. It is also about people, processes, and commitments.
No staff access to vault content
Lyff staff and administrators cannot view the documents, messages, or personal details inside your vault. Internal access is limited to the minimum required to provide account support, is restricted to exceptional circumstances, and is logged in full.
Third-party infrastructure
Lyff uses trusted third-party infrastructure to provide secure, reliable services. Cloud infrastructure partners store your encrypted data. They cannot read it, and your data is never used for their own purposes or AI training.
We do not use your data to train AI
Lyff does not use vault content, documents, or personal information to train AI models of any kind. Your information is used only to provide the Lyff service to you and your family.
Vulnerability reporting
We take security reports seriously. If you discover a potential security issue, please contact us at hello@lyff.com.au and our team will investigate and respond promptly.
Your privacy
Your data is not our business model. It never will be.
We will never sell your data
Lyff's revenue comes from subscribers. Your personal information is not for sale to third parties, advertisers, or anyone else. Your information exists to serve your family, full stop.
Your data, your terms
You can export your vault contents at any time from your account settings. If you choose to close your account, your data is permanently deleted from our systems. If your payment lapses accidentally, we will not delete your data until you confirm you want to cancel.
Australian Privacy Act compliance
Lyff is operated by Lyff Pty Ltd and complies with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). You have the right to access, correct, and request deletion of any personal information we hold about you. Our full Privacy Policy is available here.
Transparency by default
We will always tell you what we collect, why we collect it, and how it is used. If our practices change, you will be notified before those changes take effect.
Security standards
Lyff is built on infrastructure and practices aligned with Australian privacy law and recognised industry security standards.
Lyff complies with the Australian Privacy Act 1988 and all 13 Australian Privacy Principles. This governs how we collect, use, store, and disclose your personal information.
All user data is stored on AWS Sydney infrastructure. Your information is hosted in Australia and never transferred offshore. AWS holds ISO 27001, SOC 2, and IRAP certification.
Your family's most important information, safe and ready when it matters.
Create your vault today and put the right people in place before you need them.