Data Transparency — What UVettd Stores

Created by Matt Gill, Modified on Sun, 26 Apr at 7:15 PM by Matt Gill

Data Transparency — What UVettd Stores

▶ See it in action

Video 1.1 — Our Story + What Is UVettd — coming soon to the Lens tab.

You're evaluating other people on UVettd. That requires you to trust the system with sensitive observations. Before you do, here's a complete, honest account of what we store, what we can read, and what we literally cannot access — even if we wanted to.

Two Tiers of Data — By Design

UVettd stores your data in two distinct tiers. The distinction between them is not a policy — it is an architectural difference baked into the system.

Tier 1 — Server-Readable

Tier 1 data is stored in readable form on UVettd's servers. Our systems can process this data to run product features. Tier 1 includes:

  • Your email address and account profile
  • Your subscription status and billing information (processed by Stripe)
  • Your Compass values and Never-Agains — your values framework
  • Usage metrics — message counts, feature activity, session timestamps
  • Presence entry summaries used to generate Love(r)view intelligence (AI-synthesized responses, never your raw journal text)

Your Compass values are Tier 1 because the product uses them server-side — for example, to personalize Yvette's coaching context and to power your Love(r)view intelligence layer. This is a deliberate trade-off for functionality, not an oversight.

Tier 2 — Zero-Knowledge Encrypted

Tier 2 data is encrypted in your browser using AES-256-GCM encryption before it ever reaches UVettd's servers. We store only ciphertext. This includes:

  • Prospect names and all identifying information
  • Vetted conversation messages — everything you've told Yvette about someone
  • CAMERA Method™ scores and observations — the evaluations themselves
  • Presence journal entries — your raw journal text

Your encryption key is derived from your password at login. It lives in your browser's memory during your session and is never sent to UVettd's servers. We cannot derive it, recover it, or access it through any means.

What Happens Under a Court Order

Under a court order, UVettd can only produce Tier 1 data and encrypted ciphertext for Tier 2. The content of your prospect conversations and evaluations is unreadable to us — we literally cannot provide it.

This is the practical consequence of zero-knowledge architecture: legal compulsion cannot extract data we do not have the ability to decrypt. What a court would receive is a file of encrypted bytes — useless without the key that only you hold.

Why This Architecture Exists

Your evaluation of other people is private by design — not as a policy choice. Policies can change with new management, new regulations, or new incentives. Architecture is harder to undo. The decision to encrypt Tier 2 client-side was a deliberate commitment to a higher standard than "we promise to protect your data." The promise is structural: even a fully compromised UVettd server would expose only ciphertext from your evaluations.

Your Recovery Phrase

Your 12-word recovery phrase is the only way to restore your Tier 2 encryption key if you lose access to your account. UVettd does not store your recovery phrase — we store only a one-way hash that confirms you acknowledged it. If you lose both your password and your recovery phrase, your Tier 2 data is permanently inaccessible — to you and to us. Store your recovery phrase somewhere safe and separate from your device.

What If There's a Data Breach?

In a worst-case breach scenario where an attacker obtained UVettd's server data, they would acquire Tier 1 data (email addresses, subscription status, Compass values) and encrypted ciphertext for Tier 2. They would not be able to read prospect names, evaluations, or journal entries without your individual encryption keys. The private content of your evaluations would remain protected even in a full server compromise.

UVettd's full Privacy Policy is available at uvettd.com/privacy.

Common questions about this topic

Can UVettd employees read my prospect evaluations?
No. Tier 2 data — which includes all prospect names, Vetted conversation messages, and CAMERA Method™ scores — is encrypted before it reaches our servers. UVettd employees see only encrypted ciphertext. There is no administrative decryption capability. This is not a policy we enforce on employees — it is a technical impossibility.
What if there's a data breach — what's exposed?
A breach of UVettd's servers would expose Tier 1 data: email addresses, Compass values, subscription status, and usage metrics. Tier 2 data — your prospect evaluations, conversation messages, and journal entries — would be exposed only as encrypted ciphertext, which is unreadable without your encryption key. Your private evaluations would remain protected.
Why does Tier 1 include my Compass values but not my evaluations?
Your Compass values serve a functional role that requires server access — they personalize your AI coaching context and power your Love(r)view intelligence layer. These are values you've chosen to define yourself, not sensitive observations about specific people. Your evaluations of other people, by contrast, have no legitimate reason to be server-readable. The architecture reflects that distinction: what the product needs to function is Tier 1; what is purely private is Tier 2.
Is there any way UVettd could access my Tier 2 data in the future?
Not without rebuilding the system. Changing from client-side encryption to server-side encryption would require a migration that users would have to consent to and participate in (re-encrypting their data). It would be visible and auditable — not something that could happen silently. The current architecture is a structural commitment, not just a preference.

Still need help? Contact us at support@uvettd.com or use the in-app help widget.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article