digital-legacy digital-afterlife estate-planning privacy peace-of-mind international

What Actually Happens to Your Digital Accounts When You Die

Your Google account, your Apple ID, your Facebook, your Instagram, your phone. Every one has its own policy for what happens after you die. Very few match what most people assume. A practical walkthrough of the defaults — and how to actually set your wishes.

A smartphone showing a locked screen.

When someone dies, a small number of things get dealt with in the first 48 hours. The body. The funeral plans. The phone calls to extended family. The bank, sometimes. Rarely, the will.

What doesn't get dealt with, almost ever, in those first 48 hours: the digital accounts.

The Gmail inbox that's receiving password reset emails for every service the deceased ever used. The iCloud account holding 20 years of family photos. The Instagram feed getting comments from people who don't know yet. The Netflix that's still charging the joint credit card. The Apple ID that's locked the iPhone the family desperately wants to get into, because it contains the phone numbers of everyone who needs to be called.

Every major tech company has a policy for what happens to accounts after death. Almost none of them match what most people expect. And the defaults — the "we didn't make any arrangement" outcome — are usually much harder on the family than the alternatives you can set up in ten minutes today.

Here is what actually happens, platform by platform.

Google / Gmail — Inactive Account Manager

Google has the most developed policy in the industry, and it works exactly if you set it up and badly if you don't.

If you set nothing: Google retains the account indefinitely. Family members can submit a request for account closure or for specific data to be released (photos, emails), but there is no guarantee of approval. Google reviews each case, asks for a death certificate and legal documentation, and can take weeks to months. They will often decline full access on privacy grounds.

If you set Inactive Account Manager (myaccount.google.com/inactive): You can specify:

  • How long of inactivity triggers the plan (3, 6, 12, 18 months).
  • Up to 10 trusted contacts who get notified when the plan triggers.
  • Specific Google data each contact can download (Drive, Gmail, Photos, YouTube, etc.).
  • Whether the account auto-deletes after the plan executes.

Set this up once. It takes five minutes. It is the single most valuable digital legacy action any adult can take, precisely because Google sits at the centre of so many other accounts.

Apple — Legacy Contact

Apple introduced Legacy Contacts in 2021 (iOS 15.2+). It works like this:

If you set nothing: Apple does not release access to an Apple ID without a court order. Not to a spouse. Not to a parent of a deceased child. The family must go to court, obtain an order addressed specifically to Apple, and submit it through a formal process. Even then, not all data is always released. Photos that lived only in iCloud — gone, in practice, for most families.

If you set a Legacy Contact (support.apple.com → Digital Legacy): Settings → your Apple ID → Sign-In & Security → Legacy Contact. You name one or more people. Apple generates an access key (a QR-like code). You share the access key with the contact. When you die, the contact submits the access key plus a death certificate, and Apple grants them access to your iCloud data — photos, messages, documents, device backups.

Two things to know:

  • The access key is the hard part. If you don't share it ahead of time (print it, save it in your vault, email it to the contact), the feature does nothing. Apple will not hand out the key to anyone after the fact.
  • The Legacy Contact does not inherit paid subscriptions, DRM-licensed media (books, movies), or your Keychain password library. The vault of passwords is the most commonly requested category — and it is specifically excluded.

This is a big deal. If your password library lives in iCloud Keychain and you don't have a separate, independent vault your family can access, every account protected by those passwords becomes much harder to reach.

Meta (Facebook, Instagram, WhatsApp)

Meta's policy varies by platform.

Facebook:

  • If you set a Legacy Contact: the contact can memorialise the account (the word "Remembering" appears above the name), pin a post, update the cover photo, and download an archive. They cannot read private messages or log in as you.
  • If you set nothing: the account can be memorialised or deleted by a family member who submits proof. The default is memorialisation on reported-deceased notification.

Instagram: Can be memorialised or removed on request; there is no "legacy contact" equivalent, but verified family members can petition.

WhatsApp: No legacy contact. Accounts inactive for 120 days are automatically deleted. Message history, unless exported or backed up to Google Drive / iCloud, is gone. Group admin transfers don't happen automatically.

Threads, Reels, monetised creator accounts: treated under the parent platform's rules. Creator revenue owed at time of death can be claimed but requires documented proof.

Action: on Facebook, Settings → Accounts Center → Personal Details → Legacy Contact. Set one. On Instagram, there is no proactive setting — document your account URLs in your vault and specify in writing whether you want them memorialised or deleted.

Microsoft — Limited Options

Microsoft does not offer a "legacy contact" feature. On death, family members can submit a next-of-kin request to access OneDrive data, but Microsoft is notably more restrictive than Apple or Google and declines frequently.

If a Microsoft account holds materials that matter — OneDrive files, Outlook email, Xbox account with purchased games for children — the practical mitigation is to export or back up the important content periodically to a location your family can reach without the Microsoft account.

Mobile Carriers — The Unexpected Blocker

The family often needs one thing first: to get into the phone. The phone has the contacts, the photos, the messages, and the 2FA codes that control every other account.

If the phone is locked and the passcode is unknown:

  • iPhone: unrecoverable without the Apple ID password (which leads to the earlier section) or a brute-force that is effectively impossible.
  • Android: varies by manufacturer, but mostly unrecoverable without the Google account password.

If the SIM is active and you can clone or transfer the number, you can at least reset passwords that depend on SMS 2FA. Mobile carriers (Verizon, AT&T, O2, BT, Telstra, Airtel, Jio, Vodafone) all have bereavement policies — typically requiring a death certificate and proof of relationship — to transfer the number or release it.

Store your phone passcode (or a path to retrieve it) somewhere your trusted person can access. This is the single highest-leverage item in the entire digital legacy problem. One passcode unlocks almost everything else.

Banks, Investments, and Subscriptions

Most consumer financial institutions have reasonable bereavement desks — but they need family members to know the account exists and be able to prove relationship. The unclaimed money registries around the world exist precisely because families cannot name the accounts that bereavement desks are waiting to help them close.

Subscriptions are their own category of silent bleeding. Netflix, Spotify, Amazon Prime, Disney+, any of a hundred smaller services — each charges monthly to a card that continues to work until someone notices. Most families discover this on the first statement after the death, or not at all.

Password Managers

Most major password managers now offer emergency access:

  • 1Password: Recovery codes + family plan sharing.
  • Bitwarden: Emergency Access feature with time-delayed granting.
  • LastPass: Emergency Access.
  • Dashlane: Emergency contact with waiting period.

These features work well if you have set them up. The common failure mode is that the user trusted the password manager with everything but never enabled the emergency feature, which means that on death, every password they ever used becomes inaccessible behind a master password only the deceased knew.

The Pattern

Every platform's policy, read carefully, reveals the same underlying assumption: you are responsible for planning. None of them will fix it after the fact, no matter how painful the situation. They will all work smoothly if you set the relevant feature up ahead of time.

This is annoying from a user-experience perspective (nobody wants to think about death while setting up their phone) and unavoidable from a privacy perspective (platforms can't responsibly hand over accounts to people claiming to be family members without explicit user consent).

The practical implication: you need a secondary layer that the platforms themselves don't control. A place where you document:

  • Which Google account you use for which services.
  • Your Apple ID Legacy Contact access key.
  • Your phone passcode.
  • Your Facebook Legacy Contact (or your preference for memorialisation vs deletion).
  • Your password manager's emergency contact path.
  • Your list of subscriptions to cancel.
  • Your preference for each major account: keep, memorialise, delete, transfer.

That secondary layer is what a vault app exists to provide.

Why We Built SecureKeep Around This Problem

SecureKeep is designed for exactly the documentation layer above. A $7.99 one-time purchase, no cloud account, no subscription.

  • Structured entries for each of your major accounts, including account IDs, associated emails, and your wishes.
  • Secure notes for things like your Apple Legacy Contact access key, your phone passcode, your "what to do with my social media" preferences.
  • Multi-vault support so you can create a separate vault specifically for the person you trust to carry these instructions out. Different master password; different trusted person; isolated from your daily vault.
  • Biometric unlock for fast daily use, plus face-down lock for instant privacy when you need to hand the phone to someone.
  • Video and audio messages, encrypted alongside the rest — so if you want to leave a final voice note for a family member about what to do with your accounts, you can.

Everything stays on your device, encrypted with AES-256-GCM. If SecureKeep disappeared tomorrow, nothing you had saved would leave your phone.

The Ten-Minute Version

If you do nothing else after reading this, in the next ten minutes:

  1. Set up Google Inactive Account Manager on every Google account you use.
  2. Set up Apple Legacy Contact if you have an Apple ID; save the access key somewhere your contact can reach.
  3. Set a Facebook Legacy Contact if you use Facebook.
  4. Write down your phone passcode somewhere retrievable by a trusted person.
  5. Check whether your password manager has emergency access — turn it on if not.

Ten minutes. Every single step is free. Each one alone would save your family hours of bureaucracy on the worst day of their life. Doing all five collapses most of the post-death digital chaos into a set of processes that actually work the way you'd want them to.

Related reading:

SecureKeep is a local, encrypted vault designed for exactly the documentation a family needs — account IDs, legacy contact keys, preferences, emergency contacts — without a cloud account to break the chain. Learn more →