← Back to Blog
Encryption March 8, 2026 • 4 min read

What Zero-Knowledge Encryption Means for Your Data

"Zero-knowledge" sounds like a buzzword. It's not. It's a specific architectural decision that fundamentally changes what a company can and cannot do with your data.

Here's a non-technical explanation of what it means and why it matters for something as personal as prayer.

Most apps: "Trust us"

When you use a normal app — Gmail, Notes, most prayer apps — here's what happens:

  1. You write something
  2. It gets sent to the company's server
  3. The server stores it in a database
  4. The company can read it anytime

The company promises they won't look. Maybe they even have a nice privacy policy. But they can. An employee can query the database. A hacker can steal it. A government can subpoena it. The data is there, readable, waiting.

This is "trust us" security. You're trusting a company's behavior, not the architecture.

Zero-knowledge: "We can't"

Zero-knowledge encryption is different. Here's how The Praying App works:

  1. You write a prayer on your phone or browser
  2. Your device encrypts it using a key only you have
  3. The encrypted text (ciphertext) gets sent to our server
  4. We store scrambled data that we cannot decrypt

The difference isn't policy — it's math. We don't have your encryption key. It was derived from your password on your device via PBKDF2-SHA256 with 600,000 iterations and never sent to us. Without the key, the ciphertext is gibberish. Not "hard to read" gibberish — mathematically impossible to read gibberish.

Think of it like a safe deposit box

Imagine a bank with safe deposit boxes. In a normal bank, the bank has a master key. They promise not to open your box, but they could.

Now imagine a bank where the lock was designed so that only YOUR key works. The bank never had a copy. If you lose your key, even the bank can't help you open it. That's the tradeoff — but it means nobody else can open it either.

That's zero-knowledge. We built the safe. You hold the only key.

What this means practically

If we're hacked: Attackers get encrypted blobs. Useless without your key.

If a government subpoenas us: We can only hand over ciphertext. We can't decrypt it.

If an employee goes rogue: They see the same gibberish everyone else does.

If you forget your password and lose your Recovery Kit: We genuinely cannot help you recover. That's the price of real privacy.

Why this matters for prayer

Prayer is the most intimate form of communication. People confess things in prayer they wouldn't tell their spouse, their pastor, or their therapist. They express fears they've never said out loud. They pour out grief, shame, hope, and desperation.

That data deserves better than a database someone can query. It deserves the same protection as the conversation itself — something sacred, something between you and God, something no one else can access.

Zero-knowledge isn't a marketing feature. It's an ethical obligation for anyone building a prayer app.

See exactly how it works

Step-by-step encryption walkthrough.

How Our Encryption Works