LegacyGuard

A Service of California Trust and Legacy

★ Launching July 2026 · For select clients

Your trust holds your wealth.
LegacyGuard holds the line around it.

The same families that hire us to draft a trust are also the families being targeted by a new generation of cybercrime. LegacyGuard is the cybersecurity hardening layer we built for them — and now offer to anyone who wants the protection without the boilerplate.

Schedule a 15-Minute Call with Bryan

Available July 2026 · For select clients

For more than three decades, families across Contra Costa County have come to our firm for civil counsel — and in the last few years, increasingly, for the careful trust instruments designed to hold up at the moment they’re actually needed. Over those last few years, we’ve also watched the moment-it’s-needed risk shift. The trust is still doing its job. The vulnerability has moved upstream — into the email inbox, the password manager that doesn’t exist, the phone call from a voice that sounds like the CFO. LegacyGuard is what we built for our own clients to address that shift, and what we now offer as a standalone service.

LegacyGuard mark

What we actually do

LegacyGuard is five components, configured for your family. We bring the hardware, the software, the training, and the structure. You keep the keys.

1. Password manager, two-factor authentication, and device hygiene

We set up a household-grade password manager (typically 1Password or Bitwarden), migrate your existing accounts in, turn on two-factor authentication on the accounts that matter, audit your devices for outdated software and weak settings, and walk every family member through how the system actually works in daily life. The goal is one place where credentials live, with strong locks on the front door.

2. Family threat model and heir access protocol

A one-on-one conversation about what your family is actually protecting and from whom — children, capital, identity, reputation, physical safety. Documented. Then a tested process for how your heirs get access to the digital and physical pieces of your estate when the trigger fires. This is the piece that connects directly back to your trust: the trust says who inherits; the protocol says how they actually find what they’re inheriting.

3. Estate document vault

A secure, encrypted, succession-aware place for your trust documents, deeds, account inventories, and instructions, with a built-in handoff to your heirs on the trigger. This is not cloud storage. It’s an architecture designed around your trust.

4. Hardware: physical storage and access keys

We source and configure the hardware that does the actual protecting — security keys (typically YubiKey), hardware wallets if you hold cryptocurrency, fireproof and water-resistant storage for paper originals, secure key storage for the household, recovery seed plates for anything that requires them. The hardware is yours. We do not hold it.

5. Verification protocol against AI-generated impersonation

A short, simple protocol your family uses with each other and with your wealth manager, CPA, and attorney to confirm that a request is really from who it claims to be — even when the voice on the phone or the email in the inbox sounds exactly like the right person. This is the defense we recommend most strongly to families with material wealth and active financial relationships.

What we don’t do

A short list. Equally important.

  • We do not take custody of your passwords, recovery phrases, hardware keys, or seed phrases. The hardware lives at your home, in your control.
  • We do not run a security operations center. We do not monitor your accounts in real time. We do not respond to incidents twenty-four hours a day.
  • We do not sell credit-monitoring or identity-monitoring subscriptions. Those are recurring third-party services with a different business model and we won’t profit from steering you into them.
  • We do not provide cybersecurity legal counsel. Our attorney work, through California Trust and Legacy, stays within the scope of trust and estate planning.
  • We do not guarantee outcomes. Cybersecurity is risk reduction, not risk elimination. Anyone who promises otherwise is selling you something else.

Why we built this now

Until recently, a sophisticated, custom attack on your family — a phishing email written in your wealth manager’s actual voice, a phone call cloned from your daughter’s voicemail — required a skilled human attacker who had to decide you were worth the hours. That math has changed. Generative AI now writes the email and clones the voice for fractions of a cent. The threshold of “worth attacking” has moved down into our clients’ tier. LegacyGuard is the practical response to that shift.

Read the full essay → Why Cybercrime Is on the Rise

How LegacyGuard works alongside your estate plan

If you are already a California Trust and Legacy client, LegacyGuard is a natural extension of the planning work. The trust documents the what and the who. LegacyGuard documents the how — how your heirs find the accounts, how they prove they’re who they say they are, how they get into the systems that hold the inheritance. We integrate the cybersecurity protocol into the trust-funding work so the two pieces fit together cleanly.

If you are not yet a client, you do not need to be one to engage LegacyGuard. We deliver the same five-component service either way. Many families use LegacyGuard first and discover the trust work later; many do it the other way around; both paths are fine.

What an engagement looks like

  1. Discovery call (15 minutes, free). We talk through what your family is protecting and what’s already in place. If LegacyGuard is the right fit we say so. If a piece of the puzzle belongs elsewhere we tell you that too.
  2. Assessment and scoping. We map your accounts, devices, family members, and existing tools, and we propose a configuration. You approve before any hardware is ordered.
  3. Setup and migration. Typically two to four weeks. We do the configuration; you sign in. Hardware is shipped to your home, configured with you, and stays with you.
  4. Family onboarding. Each member of the household who will use the system is walked through it personally. The protocol only works if everyone knows it.
  5. Annual relationship review. Once a year we revisit the configuration with you — what changed, what threats are new, what to refresh. This is the same cadence as the Annual Relationship Review on the trust side, and the two reviews can run together.

Who runs LegacyGuard

LegacyGuard is delivered by Bryan Kemler, the strategic consultant at California Trust and Legacy, working in coordination with Kelly Balamuth, Esq., the firm’s principal attorney. Bryan is not a certified cybersecurity practitioner. The work is the curation, configuration, and training of established, well-vetted security practices for a family-office context — not a substitute for a managed security service or for incident-response counsel. Where a specialist is needed, we say so and we refer.

Talk to Bryan directly

If your question is specifically about the cybersecurity work — what’s involved, whether it fits your situation, what a sample engagement looks like — Bryan keeps a short calendar of fifteen-minute calls open for direct conversations.

Schedule a 15-Minute Call with Bryan →

Available July 2026 · For select clients

Free download

5 Things You Can Do Today to Improve Your Cybersecurity

A short, practical list. Anyone in your family can do them this afternoon. No software to buy. No accounts to open. We use them as the starting point in every LegacyGuard engagement and we’re happy to share them.

Download the PDF

Want occasional plain-English notes from the firm? Email hello@californiatrustandlegacy.com — we’ll add you to the LegacyGuard updates list.

Common questions

Do you take custody of any of my information?

No. Hardware lives at your home; passwords live in your password manager; recovery phrases stay with you. We are configurators and trainers, not a custodian.

Do I have to be a CTL trust client to use LegacyGuard?

Yes, during the launch phase. General availability is planned. If you’re not yet a CTL client, the simplest path is a 15-minute conversation with Bryan.

How long does setup take?

Two to four weeks for most families, depending on how many accounts and how many household members are involved.

See the full FAQ → /services/legacyguard/faq/

A fifteen-minute call is the simplest way to find out whether this fits.

We’ll listen, ask a handful of questions, and tell you honestly whether LegacyGuard is the right next step for your family — or whether something else is.

Schedule a 15-Minute Call with Bryan

Available July 2026 · For select clients

LegacyGuard is a service of California Trust and Legacy. The work consists of curation, configuration, and training of established cybersecurity practices in a family-office context. It is not a substitute for a managed security service, an incident-response retainer, or specialist legal counsel on cybersecurity. LegacyGuard does not take custody of passwords, recovery phrases, hardware keys, seed phrases, or any other credential, and does not guarantee outcomes. Cybersecurity is risk reduction, not risk elimination.

Bryan Kemler, who runs LegacyGuard, is not a certified cybersecurity practitioner. Where a credentialed specialist is required, LegacyGuard refers to vetted third parties.

Legal services described or implied on this page are provided by Kelly Balamuth, Esq. — California State Bar No. 172522 — through California Trust and Legacy. Walnut Creek, CA. This page is attorney advertising under California rules. No attorney-client relationship is created by visiting this site or by submitting an inquiry. An engagement begins only on the execution of a written engagement letter.