How secure are digital will services?

Data security, document security and continuity for UK digital will services — what to look for, the realistic risks, and how online compares to traditional storage.

"How secure are online wills?" is a fair question. You're entering personal information about your family, your assets and your wishes into a website, and the document is one of the most sensitive things you'll ever produce. This guide explains how a reputable online will service should handle security, what to look for, and what the realistic risks actually are.

We'll separate two different concerns: data security (keeping your information safe from breaches) and document security (making sure the will itself isn't lost, tampered with, or misused). Both matter.

Data security: what should be in place

A reputable online will provider in 2026 should, at minimum, have all of the following:

HTTPS everywhere with a valid TLS certificate, so the connection between your browser and the site is encrypted.
Encrypted storage of personal data at rest, not just in transit.
UK-based or EU-based hosting with proper data protection compliance (UK GDPR / Data Protection Act 2018).
Two-factor authentication option on user accounts.
Regular security audits by a third party.
A clear privacy policy explaining exactly what is stored, where, for how long, and who has access.
An ICO registration as a data controller.

You can usually verify these in minutes. Look for a privacy policy linked from the footer, an ICO registration number (it should be a Z-prefix nine-digit number), and a clearly stated data retention policy. If any of those are missing or vague, walk away.

Document security: storage and tampering

The legal will at probate is the original signed paper document. The electronic copy held by your provider is not the legal will — it's a backup. That has implications:

The paper original needs to be stored somewhere safe and traceable.
Your executors need to know where it is.
The electronic copy is useful for reference and re-issuing if circumstances change, but cannot itself be admitted to probate.

The good news is that this means a data breach at your provider doesn't invalidate your will. The breach might disclose that you wrote a will and what's in it, which is a privacy concern, but the will itself remains the paper document you've signed.

The legal validity of the will is determined by the Wills Act 1837 and the signing process — see our is an online will legally binding guide for the underlying law.

> Worried about security? The single most secure thing you can do is write the will at all. Start your will online with Trusted Hands and only pay when you're ready to download.

What information does a will service actually hold?

A will service typically holds:

Your personal details — name, address, date of birth, contact details.
Family information — names of spouse, children, and other beneficiaries.
A list of assets — usually rough categories rather than account numbers (no good will service should be asking for actual bank account or card numbers).
The will itself as a finished document.

What it shouldn't be holding:

Bank account numbers, sort codes, or login details.
National Insurance numbers (unless there's a specific reason).
Card or payment information beyond what's needed for the transaction.
Copies of identity documents long after they've served their verification purpose.

If the questionnaire is asking for things that look like fraud-bait, that's a red flag.

Who can see your data inside the company?

A reputable provider should:

Limit internal access to people who need it (for instance, the qualified will-writers reviewing flagged cases).
Log access events so any unusual activity can be traced.
Train staff on data protection and confidentiality.
Have a documented incident-response process if something goes wrong.

If a provider cannot tell you who has access to your data and under what circumstances, that's a warning sign. For complex estates, we recommend you seek assistance from a Trusted Hands Advisor or your own legal advice.

What happens if the provider goes out of business?

This is one of the most common worries — and one of the easiest to address.

The paper will is yours. It's at home or in storage. It doesn't depend on the provider continuing to exist.
The electronic copy may be lost, but it's a backup, not the legal document.
Most reputable providers have continuity arrangements — for instance, an escrow or backup hosting agreement — so customer data remains accessible for a period even if the company ceases trading.

In practice, even if the worst happens, you write a new will via another route. You haven't lost anything legally meaningful. Our can you update your will online guide covers re-issuing in detail.

These are the kinds of practicalities the Trusted Hands will builder is designed to handle calmly — clear ownership, clear backups, clear continuity.

What about cyber-attacks?

The realistic threat profile for an online will service is:

Phishing emails pretending to be from the provider, trying to capture login details.
Credential stuffing — attackers using leaked passwords from other sites.
Targeted social engineering — particularly relevant for high-net-worth individuals.

Defences:

Strong unique passwords for your account (a password manager is your friend).
Two-factor authentication wherever offered.
Healthy scepticism of any email asking you to click a link to "verify" your will or update payment details — go to the site directly instead.
Check the URL before logging in; phishing sites often use lookalike domains.

Compare it to the alternatives

It's worth being honest about the alternatives. A solicitor's office holds your data too — on their case management system, sometimes on paper files in cabinets, sometimes in archived storage rooms. Solicitors have suffered data breaches as well, and the regulatory framework around them is similar to that around online services (UK GDPR applies to both). The "more digital" option isn't necessarily the less secure one.

A DIY will kit avoids the data-security question by leaving everything on your kitchen table — but raises a different set of risks (lost documents, no backup, easy invalidation). Our why DIY wills fail article covers this in detail.

Practical security checklist

If you want a quick test of any online will service, run through this list:

Is the site HTTPS with a valid certificate? Check the padlock in the browser bar.
Does the privacy policy state where data is hosted and for how long?
Is there an ICO registration number in the privacy policy or footer (Z-prefix, nine digits)?
Is two-factor authentication offered on user accounts?
Are qualified will-writers named on the team or about page?
Is there a clear support channel (phone, live chat, email)?
Are reviews on independent platforms like Trustpilot generally positive and recent?
Does the questionnaire validate your answers before producing a document?
Is there a continuity statement — what happens if the company ceases trading?

Any one missing is a yellow flag. Two or more missing is a red flag. A reputable provider will tick every box.

> Ready to start your will? Trusted Hands turns these decisions into a 15-30 minute guided builder. Start free → — only pay when you download.

Frequently asked questions

Is my will stored encrypted by online providers?

A reputable provider stores both your account data and the will document encrypted at rest, with HTTPS in transit. Check the privacy policy for specifics; if it's unclear, ask their support team directly.

What if there's a data breach?

Under UK GDPR, the provider has a legal obligation to notify the ICO of significant breaches and, in many cases, to notify affected users. Your paper will isn't affected by a digital breach — only the metadata and electronic copy.

Can someone change my will without my permission?

Online accounts generally require login, and most reputable providers send email confirmations of major changes. The legal will is the signed paper original; an electronic version cannot itself be substituted at probate.

How long does the provider keep my data?

This should be in the privacy policy. Common patterns are: as long as you're an active customer, plus a defined retention period (often 7 years) for legal and accounting reasons. After that, the data should be deleted.

Should I use a fake email or pseudonym for extra security?

No — your will needs to identify you accurately to be enforceable. Use your real legal name and details. The protection is in the provider's controls, not in obscuring your identity.

Ready to write your will?

Trusted Hands is a guided, plain-English will builder. You answer simple questions, see your draft as you go, and only pay when you're ready to download.

Free to start — no card details to begin
Smart Will Engine — only asks what's relevant to your situation
Fixed price — no hourly bills, no surprises
Annual updates option — keep your will editable as life changes

Start your will online →

Data security: what should be in place

Document security: storage and tampering

What information does a will service actually hold?

Who can see your data inside the company?

What happens if the provider goes out of business?

What about cyber-attacks?

Compare it to the alternatives

Practical security checklist

Frequently asked questions

Is my will stored encrypted by online providers?

What if there's a data breach?

Can someone change my will without my permission?

How long does the provider keep my data?

Should I use a fake email or pseudonym for extra security?

Ready to write your will?

Keep reading

The future of will writing: automation and AI

Why more people are choosing online wills in 2026

Is an online will legally binding in the UK?

Ready to write your will?