When the decision is made to enable the Account Transfer feature on a particular role, all of the users that are a member of that role will be subjected to the possibility of having the entire contents of their vault transferred and their account deleted at will by the Keeper Administrator. After the enforcement policy is enabled, the users within the managed role will receive a pop-up notification upon logging into their vault informing them that the business has chosen to enable the capability of transferring their vault if needed. Each user will need to Accept that consent notification. Upon acceptance, Keeper performs the necessary encryption key exchange between users and roles to facilitate the data transfer in the future, if needed. Without this encryption key exchange, the user within the Admin Console would be unable to decrypt and transfer the data. The reason for this process flow is to maintain zero knowledge, and to also ensure that only specific users are able to be transferred or perform the transfer. Once the vault has been transferred to another user, the transferred user's vault is deleted.