# VCC Privacy Model

The Verified Compute Cloud provides configurable privacy across several layers of the system. These can be combined to meet the requirements of different use cases, from fully public and transparent verifications through to highly restricted, private deployments.

### Proof Mode

The choice of proof mode determines what input data leaves the enterprise boundary during verification.

* In manifest-only mode, the Verification Logic is publicly re-executable. Runtime nodes each re-run the same computation independently and reach consensus on the Merkle hash of the result. The computation is transparent, but input data privacy can still be preserved through anonymisation at the application layer. For example, an organisation's identity may be represented as a hash or pseudonymous identifier within the verification system, with only that reference appearing on-chain or in the Explorer rather than the underlying entity details.
* In ZK mode, the VCC Gateway generates a Groth16 zero-knowledge proof inside the enterprise environment. Only public signals (defined in the circuit) leave the Gateway. Runtime nodes verify the proof without ever seeing the underlying inputs. This mode is suited to use cases where the sensitivity of the input data requires that it remain entirely within the enterprise boundary.

### Operator Participation

VCC Solution Groups support three operator participation models, allowing solution builders to match the trust and accountability requirements of their use case:

* Whitelisted operators: participation is restricted to a fixed, named set of operators. Suited to consortium deployments where all verifying parties are known and pre-approved.
* KYC-restricted operators: any operator that meets defined identity verification or compliance requirements (KYC or KYB) can participate. Suited to regulated use cases that require accountability without limiting the operator set to a fixed list.
* Open participation: any operator meeting the subscription requirements (typically a minimum stake contribution) can participate. Suited to public or decentralised deployments where maximum independence and censorship resistance are priorities.

### On-Chain Data

By default, what is recorded on-chain is a Merkle root derived from the canonical evidence fields rather than raw input data. For use cases where transparency is preferred and there is no sensitivity in the output, the actual calculation result can be stored on-chain directly, making the verified output fully readable without any additional decoding.

### Result Visibility and Access Control

VCC supports a spectrum of result visibility options. By default, verification outcomes are publicly accessible through the VCC Explorer, providing full transparency over rounds, consensus results, and operator participation. Where the use case requires restricted access, role-based access control can be applied using decentralised identifier (DID) gatekeeping, limiting visibility of specific outputs to authorised accounts or organisations. For use cases involving highly sensitive underlying data, peer-to-peer verifiable presentations enable direct, permissioned data sharing between parties off-chain, while the verified result remains anchored on-chain. Auditor attestations, where applicable, are also inspectable on the VCC Explorer.

**Note:** execution on encrypted data is not currently supported. Privacy-preserving architectures are implemented through proof mode selection, application-layer anonymisation, hashing, and controlled operator participation depending on the requirements of the deployment.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.energyweb.org/energy-web-verified-compute-cloud/vcc-privacy-model.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.