encryptedzero-knowledge · by design

Only you can open it.

A companion that listens to your life has to be private by architecture, not by promise. vera·you encrypts every word on your device before it ever touches a server. The keys are derived from your password — we don't hold them, can't request them, and can't help anyone else recover them.

Figure · 01 / The boundary

What stays with you, and what we can't see.

Encryption boundary

Your device

browser

Password

you type it

scrypt · N=2^14 r=8

Master key

derived, in memory only

unwraps

Private key

X25519, stays local

decrypts per-session envelopes

Session keys

AES-256-GCM

encrypt everything before upload

Transcripts · Audio · Memos

ciphertext ready for transit

Our servers

infrastructure

enc(private_key)

opaque blob

key_envelopes

wrapped with your public key

enc(transcripts)

AES-GCM ciphertext

enc(audio)

hybrid-encrypted object store

enc(memos)

your reflections — as ciphertext

enc(pattern_evidence)

nothing human-readable

Never touch the server

  • — your password
  • — your master key
  • — your decrypted private key
  • — any plaintext content

01 — Zero-knowledge encryption

The server holds the ciphertext. You hold the key.

Your password is processed through scrypt to derive a master key — one that never leaves your device. That key unwraps an X25519 private key, which in turn unwraps per-session AES-256-GCM keys used to encrypt every recording and memo.

02 — Privacy by design

No analytics on your content. No third-party processing. No backdoor.

Transcription, diarization, emotion analysis, and pattern detection all run on infrastructure we operate. Your audio and memos never travel to an external API. Because everything is encrypted at rest with your key, even our own operators can't read it.

03 — Infrastructure security

Isolated containers. Encrypted pipelines. Minimal attack surface.

The processing pipeline is split into five independent workers — transcription, diarization, voice embedding, emotion, pattern detection — each running in its own container. Data travels between them as ciphertext, keyed by the session's envelope.

Figure · 02 / The ledger

Exactly what we can and cannot see.

Some metadata stays in plaintext so the product can function — search, dashboards, admin health. Everything below the boundary is encrypted with keys only you hold.

Field
Notes
Status
Encrypted · readable only by you
Transcript text
AES-256-GCM with per-session key
encrypted
Pattern evidence & descriptions
Evidence spans + model reasoning
encrypted
Voice memos & observations
Your reflections, kept as ciphertext
encrypted
Acoustic features
Raw frequency/energy measurements
encrypted
Clinical indicators
Derived mental-health signals
encrypted
Persona names
User-provided labels for speakers
encrypted
Audio recordings
Hybrid envelope — AES data key wrapped in user public key
encrypted
Plaintext metadata · operational only
Emotion type
Category only — no content
plaintext
Intensity / severity
Numeric scores, no content
plaintext
Arousal / valence / dominance
Dimensional voice-derived values
plaintext
Pattern type
Named taxonomy label only
plaintext
Timestamps
Start/end seconds within session
plaintext
Session metadata
Duration, source, processing status
plaintext

If it carries content or meaning, it's encrypted. If it's a count, a timestamp, or a category, it isn't.

What happens if you forget your password

"If both you and your recovery key are gone, so is your data. There is no master key we can hand over — because there isn't one."

Recovery key

A second key you write down

At setup, generate a 256-bit recovery key. Written on paper and stored offline, it's a second envelope for your private key — an escape hatch if you forget your password.

Password change

Re-wrap, don't re-encrypt

Changing your password re-derives the master key and re-wraps the private key. The underlying X25519 pair and session keys don't change — so your old sessions and memos stay readable.

Privacy by design, not policy.

No terms of service can make encrypted data readable. Yours isn't.

Create an accountBack to overview