Security & Trust

LastReach exists to deliver your most important messages when you no longer can. That is a serious responsibility, and it only works if you can trust how your words are stored, who can see them, and what happens over the long run. Here is exactly how it works.

How your content is protected

Your messages and any files you attach are encrypted at rest with AES-256-GCM, and your attachments are kept in private storage, encrypted before they’re ever written to disk. The keys that protect your data are stored as sensitive secrets that can’t be viewed — not even by us. Your account can be secured with two-factor authentication, and your content and account data sit behind row-level security. We don’t read your messages.

Under the hood: 256-bit keys, a unique initialization vector for every item, and an authentication tag that makes tampering detectable — the same authenticated encryption trusted to protect sensitive government data.

How check-ins and delivery work

LastReach runs on a simple, predictable rule: you check in on the schedule you choose, and as long as you do, nothing is ever sent. When it’s time, we send you a check-in reminder. Confirm you’re okay and the clock resets. If you don’t respond — and only after the grace period you configured has fully elapsed — LastReach delivers the messages you prepared to exactly the recipients you chose, through the channels you selected: email, SMS, Telegram, or WhatsApp.

The decision to deliver is made automatically by the system, based on your settings. No staff member reviews your situation or presses a button. Your message contents stay encrypted until the moment of delivery, when they are decrypted only to be sent to your recipients. Once a message has been delivered, the attachments tied to it are removed from our storage.

What happens if LastReach disappears

A service like this only matters if it’s still there when it’s needed. LastReach is operated by LastReach LLC, a company registered in Wyoming, United States. You deserve to know what would happen if we ever had to wind the service down — so here is our commitment:

  • Advance notice. We will notify every account holder by email at least 90 days before any planned shutdown. No silent disappearance.
  • Your data stays yours. Throughout that period your data remains fully accessible from your dashboard, and we will provide tooling to export your account, your messages, and your files, so nothing is ever locked in.
  • A final, best effort. Where it is technically possible, we will make a best-effort attempt to honor deliveries you have already configured as part of the wind-down.

We would much rather over-communicate than leave anyone guessing. If our plans ever change in a way that affects these commitments, we will say so — in advance, in writing.

Frequently asked questions

Is my data encrypted?

Yes. Your message bodies and any file attachments are encrypted at rest with AES-256-GCM, and attachments are kept in private, access-controlled storage.

Can LastReach staff read my messages?

No. Your messages are encrypted at rest, and the keys are held as sensitive secrets that can't be viewed, even by our team. They're decrypted only to be delivered to the people you chose.

What if I miss a check-in by accident?

That's what the grace period is for. Nothing is sent until the full grace window you set has elapsed after a missed check-in, and we send reminders throughout. You control both how often you check in and how long the grace period lasts.

Who can be a recipient, and how are they contacted?

You choose your recipients and how to reach them: email, SMS, Telegram, or WhatsApp. They're only ever contacted if your switch actually triggers — or when you send a test — and the message they receive is the one you wrote.

Can I delete my data?

Yes. You can delete individual messages and files, or your entire account, at any time. Account deletion follows a short grace period and then permanently removes your data.

Is my payment information stored by LastReach?

No card details are stored on our servers. Payments are handled by our processors — Stripe on the web, and the App Store or Google Play for in-app purchases. LastReach never sees or stores your full card number.

What happens to messages after they're delivered?

Delivery is logged so there's a record it happened, and any attachments tied to a delivered message are removed from our storage.

What if LastReach shuts down?

See “What happens if LastReach disappears” above: at least 90 days' notice, export tooling, and a best-effort final delivery.