No Recovery, by Design

Last Updated: 2026-05-02

Read this before you set your password.

VU applications use your password to derive your encryption key. The key never leaves your device. We never see it. We never see anything derived from it except the ciphertext you choose to sync, when you choose to sync.

This means:

If you forget your password, your data is gone. Permanently. Mathematically. Forever.

We cannot help you. There is no support ticket, no identity-verification process, no engineering escalation. There is no key for us to dig up. The data is encrypted with bytes that exist only in your head.

The architectural reason

VU apps derive a 256-bit encryption key from your password using PBKDF2-SHA-256 with 310,000 iterations, then encrypt local data with AES-GCM. The derivation salt and the encrypted payload live in your browser's IndexedDB. We have no copy of either, and the key itself is never written to disk.

This is the price of real privacy. Every cloud service that offers a one-click "forgot password" flow is doing one of two things:

  1. Storing your decryption key on its servers — which means staff and adversaries who breach those servers can also read your data.
  2. Storing only enough information to reset your account — which means the data was never really encrypted from the operator in the first place; it was only encrypted against external attackers.

VU apps do neither. The math does not allow it.

What you should do

  1. Choose a strong password. A short or guessable password makes the encryption useless. Use a password manager.
  2. Save your sovereign-identity recovery material. When you create your identity, the app surfaces a fingerprint and a backup of the encrypted private key. Store both somewhere durable and offline; without them you cannot prove ownership of your licenses on a fresh device.
  3. Make a backup. Each VU app has an encrypted export function. Export regularly to a location you trust.
  4. Test your recovery. Try restoring on a different browser before you have meaningful data in the app. Restoration you have never tested is restoration you do not have.

What we will tell you when you write to us

If you contact us saying "I forgot my password, please help" — we will respond exactly this way, every time:

We are sorry. The architecture that makes VU private means we cannot help you recover this account. Your data is encrypted with a key we never had. We cannot generate, reset, or recover it. If you have a backup, restore from it. If you do not, the data is gone. We hate this email as much as you do.

We will not change this answer if you offer to verify your identity, provide ID, escalate to a manager, or threaten legal action. There is no process behind the policy. There is only math.

What is recoverable

A few things are recoverable, because they are not encrypted under your password:

  • Anonymous licenses. If you keep the original blind-signature license token (or its backup), you can restore your purchases on a new device without needing to prove who you are. We never knew who you were in the first place.
  • Public sovereign-identity fingerprint. If you remember your fingerprint, you can verify on the support side that an old-device key matches a new-device claim, in narrow operational scenarios. This does not give you back encrypted vault contents.

Everything inside the encrypted vault — notes, files, messages, vault entries — is gone if the password is gone.

This is a feature, not a flaw. It is the same property that makes your data unreadable to attackers, governments, and us.

Questions?

If you have any questions about this no recovery, by design, please contact us at:

[email protected]