Security & your data

Your data, your church.

Prayer requests are some of the most personal things your members will ever write down. This page explains, in plain English first and technical terms where they earn their place, how Prayer Board keeps them private, and what happens to your church's data in every situation that matters. It's written to be forwarded: to your board, your elders, or the volunteer your church asks to vet the tech.

Plain English first

What's always true about your board

Only approved members of your own church can see your board. People join with your invite code or link. There are no public pages, and nothing is visible to the open internet. You can require admin approval on top of the code, and regenerate the code anytime; the old one stops working immediately.

We never sell or share your data. Ever. No ads, no data mining, no third-party “partners.” Your church's prayers are not a product. Your subscription is the entire business model.

Audio prayers are heard by two parties only. The person who posted the request, and your church admins for pastoral oversight. Never the whole board, never the public.

Anonymous means anonymous to members, not to your shepherds. When someone posts anonymously, their name is hidden from everyone else on the board, but your admins can still see who posted. Pastoral care and accountability never disappear.

Your church's board is completely separate from every other church's. No other congregation can ever see your requests, recordings, or testimonies, and the section below explains exactly what enforces that.

How it's enforced

The privacy is built in at the database level

This is the part for whoever checks the tech. Promises are only as good as the thing that enforces them. Here's what does.

One church, one board, isolated with row-level security

Every record belongs to exactly one church, and row-level security rules inside the database decide, for every single query, which rows may come back. Church isolation isn't an application feature a bug could slip past. It's enforced at the database level. The database itself refuses to serve another church's data.

Sign-in handled by a dedicated authentication provider

Accounts, email verification, password security, and sessions are managed by a provider whose entire business is authentication. Prayer Board's own database never stores a password.

Encrypted in transit and at rest

Everything moving between your members and Prayer Board travels over TLS, and everything stored (requests, comments, recordings, testimonies) is encrypted at rest.

That's the whole list, on purpose. We'd rather state plainly what protects your church's data than decorate this page with claims we can't stand behind. If your tech volunteer has a sharper question, email us. The person who built it will answer.

Your data is yours

Whatever happens, your records are yours

Your people's prayers, recordings, and testimonies belong to your church, not to us. Here's what that means in every scenario your board might ask about.

A full copy, on request

Email hello@churchprayerboard.com and we'll provide a complete copy of your church's data within 5 business days. No hoops, no export fee.

Cancelling doesn't erase anything

If you cancel, your board pauses and goes read-only rather than disappearing, and nothing is ever deleted without advance notice to you.

If Prayer Board ever shut down

Your church would get notice and an export window to take your records with you. Years of prayers and testimonies don't vanish because a company closed its doors.

Deletion, honored

If your church wants its data gone instead of exported, ask. We'll delete it.

Shepherding & support

Tools for shepherds, and a person who answers

Nothing publishes without review, if you choose

Four independent approval toggles (new members, prayer requests, testimonies, and comments) let you put a shepherd's eyes between “submitted” and “on the board.” Use all four, or none; each is your call. Members must be 13 or older.

One founder, answering his own email

Prayer Board is built and run by one person, Dereck Johnson. There are no support tiers because there's no support department. When your office manager or tech volunteer writes to hello@churchprayerboard.com, he's the one who replies. Read the story behind it →

Questions tech volunteers ask

For the person your church asks to check

Where is our data hosted?

On established, secure cloud infrastructure in the United States, encrypted in transit and at rest. Every church's data sits behind the row-level security rules described above, so isolation between churches doesn't depend on anyone remembering to be careful.

Who at Prayer Board can access our board?

The honest answer: the founder has administrative access, because someone has to be able to help when an admin is locked out or something breaks. He doesn't browse boards and never shares content. Access exists for support and for keeping the service running, nothing else. It's the same answer every hosted service owes you; most just don't say it out loud.

What happens if our payment fails?

Your board pauses, and nothing is deleted without advance notice to you. A missed card update shouldn't cost your church its record of answered prayers. Sort out the payment and the board picks up right where it left off.

Where are your Privacy Policy and Terms of Service?

Right here: the Privacy Policy and Terms of Service, both written in plain language. If your board wants anything on this page confirmed in writing, email us and we'll put it in writing.

Putting a packet together for the board? The one-page overview for church staff & leadership →

Take this page to the board meeting.

And when it's a yes, setup is a three-step evening. Your church can be live before Sunday.

30 days free · No credit card · No contract