Your Vault Key: How Invoice Data Is Encrypted

Every invoice you forward, upload, or connect into Verinode lands in your Vault, the page at `iq.verinode.ai/data` (sidebar: **My Data**, sub-item **Vault**; the browser tab reads "Vault"). Pinned…

8 min read·Updated July 13, 2026
On this page

What the Vault Key pill is

Every invoice you forward, upload, or connect into Verinode lands in your Vault, the page at iq.verinode.ai/data (sidebar: My Data, sub-item Vault; the browser tab reads "Vault"). Pinned to the top right of that page, for every operator, sits a small pill: Encrypted by your Vault Key. It carries a key icon and sits on a cream background with copper text, the same copper as the rest of the Membership visual language.

That pill is not decoration. It is Verinode telling you, at the exact moment you are looking at your documents, invoices among them, that the sensitive parts of what you just uploaded are encrypted at rest under a key scoped to your business, not a shared platform key.

This article covers what the pill and its trust line actually protect, what they do not protect, and what happens when you tap the pill to reveal the key underneath it.

Note

This article is about the Vault Key itself, the encryption mechanism and the reveal flow. For what the Vault page shows about your documents, invoice counts, extraction completeness, signals fed, items that need review, see the sibling article on the Vault / My Data home.

What the pill protects, in plain terms

The Vault Key is the encryption key scoped to your operator account. Verinode's copy is deliberately specific about what it covers and what it does not, because overclaiming here would be dishonest. As written in the product:

Your customers' and team's personal details, names, contact info, claim and adjuster details, street addresses, and free-text records, are encrypted at rest under a key scoped to you. No other operator, franchise, or carrier can read it, and we never sell it.

For invoice data specifically, that means the personal and free-text details tied to an invoice, an adjuster's name, a customer's address, notes in the free-text fields, are encrypted under your key. Your financial figures, the dollar totals, dates, and reference numbers you see on the Vault page's document rows, are not column-encrypted yet. They live in a database that is yours alone, are never sold, and every access is logged for you to see. Encrypting those figures too, for private aggregation, is on the roadmap, not shipped.

The trust line under the hero panel on the Vault page states the tight version of this same commitment:

Your data is yours. Encrypted under a key scoped to you, never sold, and only our audited systems ever touch it.

Heads up

The Vault is server-decryptable. Verinode's automated systems can decrypt your data to do the work you ask for, running extraction on an invoice, matching it to a vendor, feeding a benchmark. Every one of those accesses is logged for you to see, and no Verinode employee can browse or export your data through any tool we operate. But this is not a zero-knowledge system where Verinode itself is locked out. If you need that distinction clear for a compliance conversation, say it exactly this way: encrypted and access-logged, not something Verinode cannot technically read.

Who can see the pill, and who can open it

Every seat on your account sees the pill. It reads "Encrypted by your Vault Key" for every operator, because the encryption commitment is true for every seat, not just the one who can act on it.

Tapping the pill only works for the account holder, the single billing-contact seat on your account (falling back to an admin seat if no billing contact is on file). For any other seat:

  • The pill renders as a static label, not a button. Hovering it shows the tooltip: "Your data is encrypted. Your account holder holds the recovery Vault Key."
  • Tapping does nothing. Verinode deliberately does not let a non-holder open the reveal modal only to hit a permission error, that would be a dead end for no reason.

If you are not sure who your account's billing contact is, that is the seat who can reveal the key. Ask them directly, the same as you would ask about billing.

The reveal flow, step by step

For the account holder, tapping the pill opens the Confirm your password to view your Vault Key modal.

  1. 1Enter your account password in the modal. This is a re-authentication step, separate from your login session, because the Vault Key is sensitive enough to ask for proof twice.
  2. 2Choose one of two actions: Show Vault Key or Download Verinode Membership. The Download option streams a PDF, your Verinode Membership document, which is your durable, printable copy of the key. Showing the key reveals it inline instead.
  3. 3If you choose Show Vault Key, the key appears in a cream-and-copper panel labeled Your Vault Key, formatted in chunked monospace text so it is easy to read or transcribe, with its fingerprint printed underneath.
  4. 4Use Copy to put the formatted key on your clipboard, or read it directly off the screen.
  5. 5The key auto-hides after 30 seconds. A countdown reads "Hides in Ns" the whole time it is visible.

Tip

The 30-second window is not just a display timer, it is a security posture. The reveal also closes automatically the instant you switch tabs or the window loses focus, the same shoulder-surfing protection you would want on a screen showing a bank routing number. If you need more time, tap the pill again and re-enter your password.

If your password is wrong, the modal tells you exactly how many attempts remain before a lockout. Enough consecutive failures locks the form for a cool-off period, and the modal shows the exact time the lock lifts.

A handful of other messages can appear instead of the key, each one specific to what went wrong:

  • Your Vault has not been set up yet. Please complete onboarding. No Vault Key exists yet for your operator account.
  • Your seat is not yet activated for the Vault. Ask the operator owner to log in once to finish setup. Your seat exists, but the per-user wrapping step that lets you decrypt hasn't run yet.
  • Only the account holder can reveal the Vault Key. Ask your billing contact to share it. You are on a seat that is not the billing contact, and somehow reached the reveal action anyway (the pill itself should have already stopped you here).
  • You have been signed out. Please sign in again. Your session expired mid-flow.

Downloading your Verinode Membership document

The second option in the same modal, Download Verinode Membership, gives you a PDF copy of your key rather than a one-time on-screen reveal. This is the copy you are meant to keep somewhere durable, a password manager, a printed page in a locked drawer, wherever you keep documents you cannot afford to lose.

Verinode's own language is direct about why this matters: "This is that key. Save it somewhere durable." If you already have a saved copy and just misplaced it, you do not need to change anything, downloading again with your password does not change the underlying key. If you also lose your password on top of losing the document, support can help you reset your password without touching the Vault Key itself, your encrypted data stays accessible as long as the document still exists somewhere. Lose both the document and the password, and the encrypted parts of your account, your customers' and team's personal details, claim numbers, adjuster details, street addresses, and free-text records, cannot be recovered. The rest of your account, including your invoice financial figures, remains intact, since those are not key-encrypted.

Heads up

There is no backdoor recovery for the encrypted fields if both the Membership document and your password are lost. This is the tradeoff of an account-scoped key: nobody, including Verinode, can read it without one of those two things. Treat the download the same way you would treat a domain registrar's transfer code.

Why this exists on the Invoices data, specifically

Invoices carry two kinds of information that pull in opposite directions for a restoration operator. The financial side, totals, dates, reference numbers, needs to flow freely enough that Verinode can extract it, feed your margin numbers, and (once anonymized) contribute to peer benchmarks. The personal side, the adjuster named on the claim, a customer's street address, a note a vendor left in a memo field, does not need to leave your account at all, and Verinode encrypts it under your key specifically so it cannot.

That split is also why the pill lives on the Vault page rather than buried in settings: every invoice you forward or upload passes through that page on its way into the rest of the platform, so seeing the trust commitment right there, at the moment your documents are visible, is more useful than reading it once during onboarding and never again.

Best-practice example

An operator forwards a batch of vendor invoices to their Verinode inbox address. A day later they open the Vault page to check that everything landed, and the "Encrypted by your Vault Key" pill sits at the top right, same as always. As the account's billing contact, they tap it, confirm their password, and choose Download Verinode Membership to refresh their saved copy since they switched password managers last month. The PDF downloads, they file it in the new manager, and move on, the invoice's financial figures and vendor match were never touched by the reveal, only the key itself was shown.

Data sources

Data sources

  1. 1.Vault Key existence and per-seat wrapping status. Your operator account (`operator_vault_keys`, `core.operator_users`).
  2. 2.Account-holder / billing-contact designation. Your operator account settings.
  3. 3.Encrypted personal and free-text fields on invoices and other documents. Documents you forward, upload, or connect.
Was this helpful?