Dead man's switch.

Stop checking in and your encrypted control file releases to the people you choose. They don't know the switch exists until it triggers. No advance disclosure. No awkward conversations. Just a safety net that works when you can't.

Set up a switch How it works

How it works.

You check in
Clock resets
30 days
Deadline passes
No check-in
7 days
Grace period
Last chance
expires
📧
Emails sent
To recipients
1

Set a check-in schedule.

Choose how often you need to confirm you're alive. Every 30 days, every 90 days, whatever fits your risk profile. You'll get an email reminder before each deadline.

2

Upload your encrypted control file.

Your control file is stored encrypted. You designate one or more recipients by email address. They get nothing until the switch triggers.

3

Miss a check-in, trigger the release.

If you miss your check-in window, a grace period starts. After the grace period, the system emails your recipients with the encrypted control file and instructions for decryption.

4

Check in, reset the clock.

One click resets the timer. As long as you check in, nothing happens. Your recipients don't even know the switch exists.

Use cases.

Crypto inheritance

Your family gets access to your real wallet if something happens to you. No lawyers, no probate, no third-party custody.

Whistleblower insurance

Documents release automatically if you're silenced. The existence of the switch is itself a deterrent.

Business continuity

A co-founder or CTO disappears. Critical keys, API secrets, and recovery phrases release to the designated backup.

Combined with Shamir

Split your control file into shares. The dead man's switch holds one share. Your trusted contacts hold the others. The switch alone isn't enough. It takes the switch plus at least one other share.

Security model.

Your control file is encrypted before upload (same client-side encryption as the vault). The dead man's switch releases the encrypted blob, not the raw control file. Recipients still need the password you gave them separately.

Two layers: the switch delivers the encrypted payload, the password (shared out-of-band) decrypts it. Compromise of one layer is not enough.

Planning for the long term? See our crypto inheritance guide for a complete walkthrough.

What if deny.sh shuts down? All encryption runs client-side. Your encrypted files work offline with the open-source CLI. The dead man's switch is the only server-dependent feature. Export your control files as a backup.

Set up your switch.

Setting up a dead man's switch takes about 2 minutes. You'll need:

  1. A free deny.sh API key (get one in 10 seconds)
  2. Your encrypted control file (from the protect or encrypt tool)
  3. Email addresses for your recipients

Enter your API key to get started:

FAQ.

What if deny.sh shuts down?

All encryption is client-side. Your files work offline with the open-source CLI. Export your control files as a backup. The switch check-in is the only server feature.

Can someone trigger my switch early?

No. Check-ins are authenticated with your API key. Without it, no one can trigger, pause, or modify your switch.

What if I accidentally miss a check-in?

Every switch has a configurable grace period (1 to 30 days). You'll get email reminders before the deadline, and again when the grace period starts.

What do recipients receive?

An email with your encrypted control file and instructions. They still need the decryption password, which you share separately (verbally, in a letter, etc.).