So how do you encrypt this UUID?
You don't need to. Paranoid about it? Wipe the UUID field from the database upon successful verification of the email so it can't be queried against in the future. However it would be better to just do a sanity check in the code that if there's a boolean 1 in the "emailConfirmed" field after querying for the UUID, just notify the user that the account has already been confirmed and doesn't need to be again.
And what do you send for a password reset?
An email to the address on file that has a link to the password reset possibly pre-filling the userID field, but I tend to make the user type that in themselves. If they don't remember the userID... then they'll need to know other pertinent information that the account was created with, otherwise new account time. After the password is reset, then send a confirmation that only states this fact and not giving any identifying information in it beyond that. The same thing you should be doing for any type of change made at the user's account level. If the user is changing their email address, send a confirmation to both the old and the new address that it has been changed, then also reset emailConfirmed to 0, regen the UUID, and force the user to verify the new address, following the same procedure as if it were the first time.