< Back
February 12

How YDO keeps your secrets.

One of the biggest concerns with YDO is privacy. Like, who can see who you liked? Can the developers peek at the database and see all the tea? ☕️

At YDO, the answer is a firm no.

We built YDO using a Zero-Knowledge system. It basically means that while we host the app, we have absolutely zero knowledge of your actual choices. No database peeking, no leaking, nothing.

How it works 🛠️

Technical bits below, feel free to skip if you just want to know your secrets are safe.

1. Local Key Generation

When you first log in, your browser uses the Web Crypto API to generate a unique ECDH P-256 (Elliptic Curve Diffie-Hellman) key pair.

2. Client-Side Encryption

When you select someone:

  1. Your browser fetches their public key.
  2. It generates an temporary key pair.
  3. Your choice is encrypted into a scrambled blob of gibberish before it even hits the network.

So when it reaches our Supabase database, all I see is something like xK92!zQ.... To me, every single choice looks identical. I literally can’t tell the difference between a match and a random string of text. 🤷‍♂️

3. The Big Reveal 💘

On February 14th, the app lets you unlock your results.

The Catch ⚠️

Because your Private Key is the only thing that can unlock your matches, if you lose it, I cannot help you.

There is no “Forgot Password” for your digital key because we never had it in the first place. If you clear your browser cache or lose your device without a backup, your matches are gone. It’s a small price to pay for 100% privacy though.

Even if a hacker or a curious dev gained full access to the YDO servers, all they’d see is millions of locked safes with no keys.

Had a lot of fun building this, Hope you did reading too :)

~ with 💖 by Om.

< Back