The Vector Privacy Manifesto

Your cognition data is yours alone. Vector is built from the ground up to ensure we cannot see, analyze, or access your focus data.

Privacy at a GlanceExport & Deletion

Zero-Knowledge Model

Vector uses a zero-knowledge architecture. This means Vector servers cannot access your focus data, even if we wanted to.

All your cognition data—notes, ratings, outcomes, durations—is encrypted client-side using AES-256-GCM before it ever leaves your browser. The encryption keys never leave your device.

What Vector Can See

Vector servers can only see:

  • Opaque session IDs (random UUIDs)
  • Timestamps (when sessions started/ended)
  • App configuration and feature flags
  • Encrypted blobs (opaque binary data that cannot be decrypted)

What Vector Cannot See

Vector servers cannot see:

  • Your notes or task descriptions
  • Focus ratings (1-10)
  • Outcomes (aligned/partial/missed)
  • Failure triggers
  • Actual focus durations
  • Performance trends
  • Coaching recommendations
  • Computed profiles

Encryption & Key Management

When you first use Vector, a master encryption key is generated in your browser. This key is used to derive sub-keys for different purposes:

Data Key

Encrypts all your focus training data

Sync Key

Encrypts data for optional cloud sync (future)

Export Key

Re-encrypts data for export bundles

Keys are stored locally in your browser. You can optionally wrap them with a password for additional security.

Key Loss Warning

If you lose your encryption key, Vector cannot recover your data.

This is by design. The zero-knowledge architecture means Vector never has access to your decryption keys. Make sure to:

  • Export your data regularly
  • Back up your encryption key if you set a password
  • Keep browser data if you want to preserve your history

Server Compromise

If Vector's servers are compromised, attackers cannot read your data. They can only see:

  • Opaque IDs and timestamps
  • Encrypted blobs that cannot be decrypted without your key

Without your encryption key (stored locally), encrypted data is useless.

Data Storage

All your focus data is stored locally in your browser using IndexedDB. Data is encrypted before storage, so even if someone gains access to your browser's storage, they cannot read your data without your encryption key.

Optional cloud sync (future feature) will store encrypted blobs that the server cannot interpret.

Analytics

Vector collects minimal analytics to improve the app:

  • App version
  • Screen/page IDs
  • Event names (e.g., "assessment_completed")
  • Hour-level timestamps

We do not collect scores, ratings, text, durations, or any behavioral data.

An optional research mode (opt-in) may collect aggregated, anonymized counts, but never individual data points or free-form text.

Export & Deletion

You can export all your data at any time in JSON, CSV, or Markdown formats. Exports are decrypted and include all your focus training history.

You can delete individual sessions, date ranges, or all data. Deletion is permanent and irreversible. Once deleted, Vector cannot recover your data.

Learn more about export & deletion

Compliance

This architecture ensures:

GDPR compliance

No personal data processing without your control

Zero-knowledge

Server cannot access your cognition data

User sovereignty

You own and control your data completely

Audit-ready

Architecture can be reviewed by security experts