Prayvine: Security and best practices
At Prayvine, we are committed to providing mission workers with a high level of data security, since your prayer requests, messages, and prayer team lists may contain confidential or sensitive information.
This article provides a detailed explanation of Prayvine’s security features, as well as some best practices for maintaining the security of your information. Our goal is to help you and your organization weigh the advantages of mobilizing prayer with Prayvine against potential risk factors.
We are happy to answer any questions you may have; please submit a help ticket to begin a conversation with us about your specific concerns or requirements.
Security feature #1: You have complete control over who is in your prayer team on Prayvine
The first and most critical line of defense is limiting who can see your prayer requests and messages. On Prayvine, the only way for someone to join your prayer team is for you to add or import them. We do not currently provide an online sign-up form where anyone can join your prayer team.
Note: if you’d like an online form where someone new can join your prayer team, we recommend creating a Google Form (or similar online form). That way, you can review requests to join your prayer team before adding them on Prayvine.
Security feature #2: We don’t provide a way for people to see whether you are using Prayvine
Prayvine does not provide a directory showing who is using Prayvine. Similarly, we do not provide a way for someone to search whether you are using Prayvine. While we acknowledge that it could be helpful for some mission workers to be “findable” on Prayvine, we have chosen to prioritize the security of Prayvine users in sensitive contexts.
Security feature #3: Nothing on Prayvine is visible or searchable on search engines like Google
We hide all of your prayer requests, messages, and prayer team information from search engines, including Google, Bing, Baidu (China), and Yandex (Russia). If someone searches for you on a search engine, your content on Prayvine will not appear in the results.
Note: If you create a link to your prayer team from a publicly available website, it is possible that a link to Prayvine will appear in a search result. However, this link will only work if someone has your Prayvine login and password, so we do not recommend sharing or linking to your prayer team.
Security feature #4: All content on Prayvine is encrypted and password protected
A login and password are required to view all prayer requests and messages on Prayvine. In addition, data from Prayvine is always encrypted via HTTPS.
Security feature #5: Email forwarding is the primary security risk on Prayvine, but we limit access to message history
To help you effectively mobilize prayer quickly, Prayvine sends prayer requests and messages to your prayer team through email. As a result, it is important that you are aware of the potential security risks associated with email forwarding. Prayvine cannot prevent nor know when email messages are forwarded. To address this risk, some Prayvine users add a confidentiality notice to their prayer requests (e.g. “Please do not forward, post, or share this message.”)
If a message is forwarded, only the content of that particular message is visible to the recipient. The recipient of a forwarded message is unable to see previous prayer requests and messages, unless they have the login and password of the prayer team member who forwarded the message.
Security feature #6: Prayer team members cannot see who else is in your prayer team, nor can they see one another’s messages
Prayer team members cannot view a list of who is in your prayer team, and they cannot see another one else’s messages or prayer activity. Each prayer team member’s user experience consists of individual, one-to-one messages with you.
Security feature #7: Prayvine removes geolocation and other metadata from uploaded photos
Photos taken on mobile devices typically include descriptive metadata – including potentially sensitive information such as GPS coordinates, device information, and time/date – embedded in the image file. When you upload a photo, Prayvine removes all metadata from the file. In addition, Prayvine renames uploaded photo files with a non-descriptive string of randomized characters.
Best practice #1: Use a virtual private network (VPN) and encrypted email for strongest security
For users in sensitive contexts, we recommend using a reputable virtual private network (VPN) when accessing Prayvine and checking email. This way, your internet service provider (and anyone with access to the internet service provider’s data) cannot tell that you are visiting Prayvine. It is especially important to use VPN when accessing the internet via free public wi-fi access points (e.g airports, coffeeshops). In addition, we recommend using an encrypted email service – such as Proton Mail – in highly sensitive security settings.
Best practice #2: Use strong password practices and be vigilant about physical device security
If someone hacks into your Prayvine account, they will gain access to your prayer team member list – along with all prayer requests and messages you have sent and received. As a result, it is critical for Prayvine users in sensitive contexts to use strong, unique passwords for every site or app they access. We recommend using a reputable password manager to create and manage your passwords. Similarly, be especially careful with your physical device security (e.g. use a laptop lock, don’t carry your phone in your back pocket).
Best practice #3: Use discretion when sharing photos or real, full names
One basic rule-of-thumb is whether it would negatively impact your relationship if a prayer team member were to forward your prayer request to the person you’re sharing about. If so, consider using initials or an alias instead of their full name. You may also want to blur their face when sharing a photo.
Best practice #4: Follow your organization’s policies and guidelines on information security
Sending organizations have varying policies and tools to help you develop wise information security practices. They are professionals with a detailed understanding of your specific security context, and we recommend that you follow their rules and guidelines. We are happy to discuss specific questions or requirements with your sending organization: please submit a help ticket to begin a conversation with us about your specific concerns or requirements.