Your Vault Key: how your data is encrypted
Every document that flows into Verinode, an emailed invoice, an uploaded photo, a voice note, a connected feed, lands in your Vault at `iq.verinode.ai/data` (sidebar: **My Data**, sub-item **Vault*…
On this page
- What the Vault Key is
- The "Encrypted by your Vault Key" pill
- The account-holder reveal gate
- The re-auth modal, step by step
- Wrong password, lockout, and other failure messages
- Downloading your Verinode Membership document
- The honest server-decryptable trust posture
- Why this lives on the Data page
- Best-practice example
- Data sources
- Related articles
What the Vault Key is
Every document that flows into Verinode, an emailed invoice, an uploaded photo, a voice note, a connected feed, lands in your Vault at iq.verinode.ai/data (sidebar: My Data, sub-item Vault). The personal and free-text details on those documents, names, contact information, claim and adjuster details, street addresses, and free-text records, are encrypted at rest under a key scoped to your operator account: the Vault Key.
This article is about that key: the pill that tells you it exists, the modal that lets the right person reveal it, and exactly what "encrypted" does and does not mean here. For what the Vault page itself shows about your documents (counts, extraction completeness, what needs review), see The Vault: your data section and What Verinode is tracking: the Vault hero.
Note
The Vault Key protects the same data everywhere it appears, not just one document type. If you have already read the invoices-specific version of this story, Your Vault Key: how invoice data is encrypted, this article covers the same mechanism from the Data section's point of view, plus the mobile Wallet reveal flow that article does not cover.
The "Encrypted by your Vault Key" pill
Pinned to the top right of the Vault page, for every operator, sits a small rounded pill on a cream background with copper text and a key icon: Encrypted by your Vault Key. It is not a decoration. It is Verinode stating, at the exact moment you are looking at your documents, that the sensitive parts of what you have sent in are encrypted under a key that belongs to your business alone, not a shared platform key.
Every seat on your account sees this pill, because the encryption commitment is true for every seat. What differs by seat is whether tapping it does anything.
- Account holder (the seat marked as billing contact, or an admin seat if no billing contact is on file): the pill is an interactive button. Tapping it opens the reveal modal.
- Every other seat: the pill renders as a static label, not a button. Hovering it shows the tooltip "Your data is encrypted. Your account holder holds the recovery Vault Key." Tapping does nothing, on purpose: Verinode does not let a teammate tap through only to hit a permission error.
The same pill also appears, auto-opened, on the mobile Wallet pass back. If you tap "Reveal Vault Key" from your Verinode Membership pass on your phone, you land on a page headed Reveal your Vault Key, with the same key icon and the line "Confirm your password to view your Vault Key on this device. The key hides automatically after 30 seconds." A View Vault Key button opens the identical re-auth modal used on web, and a successful reveal renders the same key panel inline on the page.
The account-holder reveal gate
Revealing the master Vault Key is restricted to your account's single billing-contact seat, falling back to an admin seat if no billing contact is on file. This is deliberately narrower than day-to-day decryption: every seat on a multi-membership operator can read the encrypted columns they need to do their job, but the recovery artifact itself, the string that can be written down, photographed, or handed to someone outside the business, is gated to one person.
If you are not sure who that is on your account, it is whoever your billing contact is. Ask them directly, the same way you would ask about billing.
The re-auth modal, step by step
For the account holder, tapping the pill (on web or on the Wallet landing page) opens the same modal: Confirm your password to view your Vault Key.
- 1Enter your account password. This is a re-authentication step, separate from your normal login session, because the Vault Key is sensitive enough to ask for proof twice.
- 2Choose Show Vault Key or Download Verinode Membership. Show reveals the key inline; Download streams a PDF of your Verinode Membership document instead.
- 3On Show Vault Key, the key appears in a cream-and-copper panel labeled Your Vault Key, formatted in chunked monospace text, groups of 5 characters separated by hyphens (for example
A4F82-H6C9K-QRMN3-TXYZ7-W8DPV-K2L4M), with its fingerprint (the last group of 5 characters) printed underneath as "Fingerprint XXXXX." - 4Use Copy to put the formatted key on your clipboard, or read it directly off the screen. The button reads "Copied" for a couple of seconds after you click it.
- 5The key auto-hides after 30 seconds. A live countdown reads "Hides in Ns" the whole time it is visible.
Wrong password, lockout, and other failure messages
If your password is wrong, the modal tells you how many attempts remain before a lockout: "Incorrect password. N attempt(s) remaining before lockout." Three failed attempts within a five-minute span lock the form for fifteen minutes; the modal shows the exact time the lock lifts, for example "Too many failed attempts. Try again at 3:45 PM."
A handful of other messages can appear in place of the key, each one specific to what went wrong:
- "Your Vault has not been set up yet. Please complete onboarding." No Vault Key exists yet for your operator account.
- "Your seat is not yet activated for the Vault. Ask the operator owner to log in once to finish setup." Your seat exists, but the per-user step that lets you decrypt has not run yet. The account owner logging in once completes it.
- "Only the account holder can reveal the Vault Key. Ask your billing contact to share it." You reached the reveal action while on a seat that is not the billing contact, something the pill itself should have already prevented.
- "You have been signed out. Please sign in again." Your session expired mid-flow.
Downloading your Verinode Membership document
The second option in the modal, Download Verinode Membership, gives you a PDF copy of your key instead of a one-time on-screen reveal. This is the copy meant to live somewhere durable, a password manager, a printed page in a locked drawer, wherever you keep documents you cannot afford to lose. Verinode's own language is direct about why: "This is that key. Save it somewhere durable."
Re-downloading does not change the underlying key, it just gets you a fresh copy of the same document. If you also forget your password on top of losing the document, support can help you reset your password without touching the Vault Key itself; your encrypted data stays accessible as long as the document still exists somewhere. Lose both the document and the password, and the encrypted parts of your account, your customers' and team's personal details, claim numbers, adjuster details, street addresses, and free-text records, cannot be recovered. The rest of your account remains intact.
Heads up
There is no backdoor recovery for the encrypted fields if both the Membership document and your password are lost. Nobody, including Verinode, can read those fields without one of those two things. Treat the download the same way you would treat a domain registrar's transfer code.
The honest server-decryptable trust posture
It is worth being precise about what "encrypted" means here, because overclaiming would be dishonest. The reveal modal itself states it plainly: "This key unlocks the encrypted parts of your Verinode account. Verinode does not store it in a form we can read." That is true of the key as stored, your password wraps it, not Verinode.
But the Vault as a whole is server-decryptable, not a zero-knowledge system. Verinode's automated systems decrypt your data to do the work you ask for: running extraction on a document, matching it to a vendor, feeding a benchmark. Every one of those accesses is logged for you to see, and no Verinode employee can browse or export your data through any tool we operate. That is a real, meaningful boundary, but it is not the same claim as "Verinode itself is technically locked out." If you need that distinction stated exactly, for a compliance conversation or otherwise, say it this way: encrypted and access-logged, not something Verinode cannot technically read.
Note
Your financial figures, dollar totals, dates, reference numbers, are not column-encrypted yet. They live in a database that is yours alone, are never sold, and every access is logged for you to see. Encrypting those figures too, for private aggregation, is on the roadmap, not shipped. Only the personal and free-text fields (names, contact info, claim and adjuster details, street addresses, free-text records) are Vault Key-encrypted today.
Every access to your encrypted data, by you, by a teammate, or by Verinode's own systems, is written to an audit log you can review, so "access logged" is not a marketing line, it is a record you can go check.
Why this lives on the Data page
Every document you forward, upload, or connect passes through the Vault page on its way into the rest of the platform: vendors, jobs, clients, margin, benchmarks. Seeing the trust commitment right there, pinned above your documents, is more useful than reading it once during onboarding and never again. The same canonical wording also appears on your Membership Card in Settings, in your Verinode Membership document, and on the data-use policy page, one source, several surfaces, so the claim never drifts between them.
Verinode never sells your data to carriers or to anyone else. As an independent data trust, that boundary, plus the encryption and audit logging described here, is the whole reason the benchmarks built on top of this data are worth trusting.
Best-practice example
An operator opens the Vault page to check that a batch of forwarded documents landed correctly. The "Encrypted by your Vault Key" pill sits at the top right, same as always. As the account's billing contact, they tap it, confirm their password, and choose Download Verinode Membership to refresh their saved copy after switching password managers. The PDF downloads, they file it in the new manager, and move on. A teammate on the same account, checking the Vault the next day, sees the identical pill, hovers it, reads the tooltip confirming their data is encrypted too, and continues with their work without needing to open anything.
Data sources
Data sources
- 1.Vault Key existence and per-seat wrapping status. Your operator account (operator vault records, operator user seats).
- 2.Account-holder / billing-contact designation. Your operator account settings.
- 3.Encrypted personal and free-text fields on documents you forward, upload, or connect. Your business.
- 4.Vault access log entries for every reveal, failed attempt, and lockout. Your operator account.