Legacy Shield

Secure digital vault for critical documents with emergency access. 100% European hosting.

Legacy Shield is a privacy-first document vault designed for storing your most critical files—passports, wills, insurance policies, property deeds—with built-in emergency access for loved ones. Unlike general cloud storage, Legacy Shield uses client-side encryption and European-exclusive infrastructure to ensure maximum privacy and security.

🌟 Key Features

• 🔐 Zero-Knowledge Encryption: Files encrypted in your browser before upload
• 🚨 Emergency Access: Loved ones can access your vault with unlock phrase (read-only)
• 🇪🇺 European Data Sovereignty: 100% EU infrastructure (hosted on Hetzner, Germany)
• 📱 Document Viewer: View PDFs, images, and documents in-browser
• 🏷️ Smart Organization: Categories, tags, favorites, expiration tracking
• ✅ GDPR Native: Privacy-first design, compliant by default
• 🛡️ Powered by BitAtlas: Uses the BitAtlas zero-knowledge encryption layer for all file storage and key management.

🏗️ Architecture

Monorepo Structure:

legacy-shield/
├── packages/
│   ├── web/          # Next.js frontend (React + TypeScript)
│   ├── api/          # Express backend (Node.js + TypeScript)
│   └── shared/       # Shared types and utilities
├── infrastructure/   # Deployment configs
├── docker-compose.yml
├── product-spec.md   # Product specification
└── architecture-spec.md  # Technical architecture

Tech Stack:

• Frontend: Next.js 14, TypeScript, TailwindCSS, Web Crypto API
• Backend: Node.js, Express, Prisma ORM, PostgreSQL
• Storage: Hetzner Object Storage (S3-compatible)
• Hosting: Hetzner Cloud (Germany)
• Payments: Stripe

🚀 Quick Start

Prerequisites

• Node.js 20+ and npm 10+
• Docker and Docker Compose
• Git

1. Clone and Install

cd /Users/stephenballot/Documents/LegacyShield
npm install

2. Start Infrastructure

# Start PostgreSQL, Redis, and MinIO (local S3)
docker compose up -d

# Verify services are running
docker ps

Note: You can also use npm run docker:dev as a shortcut.

3. Configure Environment

# Copy example environment file
cp .env.example .env

# Edit .env with your values (defaults work for local development)

4. Initialize Database

cd packages/api

# Generate Prisma Client
npm run db:generate

# Run database migrations
DATABASE_URL="postgresql://legacyshield:devpassword@localhost:5432/legacyshield_dev" npm run db:migrate

# Optional: seed with test data
npm run db:seed

cd ../..

Note: The DATABASE_URL must be provided because Prisma doesn't automatically read the root .env file. See GETTING_STARTED.md for details.

5. Start Development Servers

# Start both frontend and backend
npm run dev

# Or start individually:
npm run dev:web    # Frontend at http://localhost:3000
npm run dev:api    # Backend at http://localhost:4000

6. Access the Application

• Frontend: http://localhost:3000
• API: http://localhost:4000
• MinIO Console: http://localhost:9001 (minioadmin / minioadmin)

📚 Development

Available Scripts

# Development
npm run dev              # Start all services
npm run dev:web          # Start frontend only
npm run dev:api          # Start backend only

# Building
npm run build            # Build all packages
npm run build:web        # Build frontend
npm run build:api        # Build backend

# Testing
npm run test             # Run all tests
npm run lint             # Lint all packages
npm run type-check       # TypeScript type checking

# Database
cd packages/api
npm run db:migrate       # Run migrations
npm run db:seed          # Seed database
npm run db:studio        # Open Prisma Studio
npm run db:reset         # Reset database

# Docker
docker compose up -d     # Start Docker services
docker compose down      

... [View full README on GitHub](https://github.com/stephenballot-ai/legacy-shield#readme)