NextCalm Security Architecture Whitepaper
Your most sensitive information deserves to be protected.
AES-256 Encryption | Secure Transmission | Privacy Compliance
1.What Is NextCalm
NextCalm is a secure digital vault for the information your family would need if something happened to you.
Over the course of a life, people accumulate records that matter deeply: financial accounts, insurance policies, property documents, medical histories, legal wishes, and personal messages they want to leave for the people they love. This information is almost always scattered. Email here, a filing cabinet there, three different cloud services, a folder on a laptop. No one else knows where it all is.
When something unexpected happens, a family is left searching. Not grieving. Searching. For passwords, account numbers, documents, instructions. For information that should have been easy to find.
NextCalm solves this. One encrypted vault for everything that matters. Organised your way. Shared on your terms. And when the time comes, Guardian Bot delivers the right information to the right people automatically, without anyone needing to remember, search, or guess.
2.Our Approach to Security
Security is not an afterthought at NextCalm. The nature of the information our users store demands that we treat it with the highest standard of care available.
Every item stored in your NextCalm vault is encrypted using AES-256, the same standard used by governments, banks, and intelligence agencies worldwide. All data moving between your device and our servers is protected by TLS encryption. These are not aspirational goals. They are in place today, in the product you use.
We are also building. Security is a continuous process, not a fixed state, and NextCalm is committed to expanding its security posture as the platform grows. Where capabilities are in active development, we say so clearly rather than overstating what is live today.
2.1What Is in Place Today
Current Security Measures
| Feature | Detail |
|---|---|
| Encryption at rest | AES-256. Every item in your vault is encrypted. |
| Encryption in transit | TLS across all connections: web, iOS, and Android. |
| Session management | Authenticated sessions with automatic expiry. |
| Guardian Bot | Operates on access permissions only. Does not read vault content. |
| Privacy compliance | GDPR, CCPA, LGPD, PIPEDA commitments. |
3.Why Security Matters for This Kind of Information
Most cloud storage services encrypt data in transit and at rest. For photos, shared documents, and everyday files, that is generally sufficient.
NextCalm holds something different. Financial account details, medical records, legal instructions, messages intended for people you love. The consequence of a breach is not an inconvenience. It is real harm to real people at an already difficult time.
That is why NextCalm applies encryption at the storage level using AES-256, not merely in transit. Your data is not readable as plain text on our servers. It is stored as encrypted data, and accessing it requires authenticated credentials. This is the foundation we build on, and it is the standard the sensitivity of this information demands.
4.AES-256 Encryption: The Standard Governments and Banks Use
4.1What AES-256 Is
AES stands for Advanced Encryption Standard. The 256 refers to the key length in bits. It is the standard adopted by the United States government for classified information, used by financial institutions worldwide, and endorsed by security agencies including NIST, NSA, and GCHQ.
The number of possible AES-256 encryption keys is 2^256: a figure larger than the estimated number of atoms in the observable universe. A brute-force attack running on every computer on Earth simultaneously would take longer than the current age of the universe to succeed.
Every item in your NextCalm vault is protected by this standard.
4.2What This Means in Practice
When you store content in your NextCalm vault, it is encrypted using AES-256 before being written to our servers. The data stored on our servers is not readable as plain text. Accessing your vault requires valid authentication. Without it, the encrypted data cannot be used.
All data moving between your device and our servers travels over a TLS-encrypted connection. This protects your information from interception during transmission across web, iOS, and Android.
Your encryption key is managed securely within the NextCalm platform. We are committed to ensuring that access to vault content requires your explicit authentication and cannot occur without it.
5.How Your Data Is Protected
Security operates at multiple levels in NextCalm. Here is what is in place across each one.
5.1At Rest: Stored on Our Servers
- Every item in your vault is encrypted with AES-256.
- Stored data is not accessible as plain text. Valid authentication is required to access vault content.
- Access to our server infrastructure is controlled and restricted to authorised personnel only.
5.2In Transit: Between Your Device and Our Servers
- All data transmission uses TLS encryption.
- This applies consistently across the NextCalm web application, iOS app, and Android app.
- Data in transit is protected against interception.
5.3Session Management
- All vault access requires authenticated sessions.
- Sessions carry time-limited tokens that expire automatically.
- Re-authentication is required to establish a new session.
5.4Guardian Bot
Guardian Bot is NextCalm's automated delivery system. When your configured delivery threshold is triggered, Guardian Bot releases access to your designated recipients based on the permissions you set at setup.
Guardian Bot operates on access permissions and delivery configuration. It does not read, interpret, or process the content of your vault. This separation between access management and content is a deliberate architectural decision to limit the surface area of automated access to your information.
6.Privacy Compliance
NextCalm is committed to meeting the requirements of the following international privacy frameworks. These commitments shape how we collect, store, use, and delete personal data.
Privacy Compliance Frameworks
| Framework | Scope | Our Commitment |
|---|---|---|
| GDPR | European Union | We honour EU data subject rights: the right to access, correct, delete, and export your personal data. |
| CCPA | California, USA | We honour California consumer rights: the right to know what data we hold, to request deletion, and to opt out of data sale. |
| LGPD | Brazil | We comply with Brazilian data protection law and honour the rights it provides to data subjects. |
| PIPEDA | Canada | We comply with Canadian federal privacy legislation governing how personal information is handled. |
For questions about your rights under any of these frameworks, contact privacy@nextcalm.com.
7.Your Data and Your Rights
7.1While You Are an Active User
Your encrypted vault data is stored on our servers and accessible through your authenticated account. NextCalm manages access permissions and delivery configuration. We do not use your vault content for any purpose other than making it available to you and, where you have configured it, to your designated recipients through Guardian Bot.
7.2If You Choose to Leave
Your data is yours. You can request export of your data at any time. When you delete your account, your personal data and vault contents are removed from our systems in accordance with our data retention policy. Confirmation of deletion is sent to your registered email address.
For specific questions about data retention timelines or deletion procedures, contact hello@nextcalm.com.
7.3If Law Enforcement Requests Your Data
NextCalm will comply with valid legal orders in the jurisdictions where we operate. We will notify affected users where we are legally permitted to do so. We will not voluntarily share user data with any third party outside of legal obligation.
We hold the minimum data necessary to operate the service. Access to vault content requires valid authentication credentials.
8.Security Questions, Answered
8.1Is my data encrypted?
Yes. Every item stored in your NextCalm vault is encrypted using AES-256. Data in transit between your device and our servers is protected by TLS. Your information is not stored or transmitted as plain text.
8.2Can NextCalm staff read my vault?
Access to vault content requires valid user authentication. NextCalm operates with internal access controls that restrict who can access what within our infrastructure. Accessing a user's vault content without their credentials is not a routine operational capability.
8.3Is my data safe on a public Wi-Fi network?
Yes. All data transmission uses TLS encryption. Data moving between your device and our servers is protected against interception regardless of the network you are on.
8.4Does NextCalm sell my data?
No. NextCalm is a subscription service. We have no advertising relationships and no commercial arrangements that involve selling or sharing user data with third parties.
8.5What happens to my data if I close my account?
Your vault content and personal data are removed from our systems when you delete your account. You will receive confirmation by email. For specific questions about data handling, contact hello@nextcalm.com.
8.6How does Guardian Bot deliver my information if it cannot read my vault?
Guardian Bot operates on access permissions, not on content. When your configured delivery threshold is triggered, it releases access to your designated recipients based on the permissions you established at setup. It does not read or process the content of your vault. Recipients access their designated content through their own authenticated sessions.
8.7What if I forget my password?
NextCalm provides account recovery options to help you regain access. Contact support@nextcalm.com and our team will guide you through the recovery process.
8.8How is NextCalm's security improving?
Security is a continuous commitment, not a fixed state. We are actively developing additional security capabilities including enhanced access controls, audit logging, and expanded encryption options. We will publish updates as these become available. If you have specific security requirements, contact security@nextcalm.com to discuss what is in place and what is planned.
Ready to get started? NextCalm is free for the first 30 days, with full access to every feature. Visit nextcalm.com to start organising your life.
Security enquiries: security@nextcalm.com | General: hello@nextcalm.com | Privacy: privacy@nextcalm.com
© 2026 NextCalm. All rights reserved.