Prayer Request System · Airgapped
Private prayer requests visible only to elders. Never touches a third-party AI — by design.
Private prayer requests visible only to elders. Never touches a third-party AI — by design. The differentiator is what the system refuses to do.
| Category | Care |
| Church-health domain | Close the Back Door |
| Data-privacy tier | Maximum — the church's most sensitive non-financial data; no AI, no export |
| Mastery-ladder target | Level 2 · Connected |
| Build stack | Dedicated Gmail + Google Apps Script + private Google Sheet + Vercel viewer behind Google SSO |
The problem
Prayer requests are confession-adjacent — illness, marriage crises, addiction, finances — yet most churches route them through group chats, public bulletins, or third-party apps that increasingly bolt on AI features. The most sensitive thing a member shares ends up in the least controlled place.
This build is deliberately the opposite of every other idea in the set. Its value is restraint: a minimal pipeline where the most sensitive data never leaves infrastructure the church already controls and never touches an LLM or third-party API.
What good looks like
Members email prayer@church.org. The request lands in a private Google Sheet visible only to the elder Google Group. A small Vercel viewer renders it behind Google SSO, restricted to that group — read-only, no download, no export, no analytics. No AI, ever. Elders see what they need; the data goes nowhere else.
Market scan
| Tool | Fit | Pricing (verify) |
|---|---|---|
| Echo Prayer | Replaces prayer chains/email lists | Echo+ ~$15/yr |
| PrayerMate | Prayer app with private "Share Groups" | Free; premium ~$2.99 one-time |
| Planning Center Forms/Workflows | Can capture requests; not purpose-built for confidential prayer | Free tier |
The gap: commercial prayer apps are third-party clouds — by definition the data leaves the church, and several now add AI features. None offers a deliberately air-gapped, no-AI, no-export, elder-only model. The gap is philosophical and real: for the church's single most sensitive dataset, the right design is defined by what it won't do.
Data privacy & security — this build is the security lesson
This is the workshop's red line made concrete. Best practice for the most sensitive data is to reduce attack surface and connectivity: a system not connected to an external network cannot be attacked remotely. Prayer content qualifies for that protection.
- No third-party API, no LLM, no export — directly honoring the rule that confidential communications must not enter AI tools the church doesn't manage, and avoiding the documented risk of "confession-like details" moving into systems churches don't control.
- Logical air-gap via strict access controls + encryption. A full physical gap is impractical, so the design uses a Google Sheet visible only to an elder Google Group plus a viewer behind Google SSO restricted to that group — effectively a logical air-gap inside Workspace the church already owns.
- Confidentiality norms mirror clergy-penitent expectations and the "only those who need it" access rule.
- The intentional no-AI design is the best practice, not a limitation. Resisting AI here is the feature.
How to build it
- Create a dedicated
prayer@church.orgaddress and an elder Google Group. - A Google Apps Script (runs inside the church's Workspace — no external service) pulls each email into a private Google Sheet shared only with the elder group.
- A small Vercel viewer renders the sheet behind Google SSO restricted to that group — read-only, no download/copy/export, no analytics.
- Lock sheet sharing to "specific people," disable link sharing, enable Workspace audit logging.
- Test with synthetic prayer entries only.
Rollout plan
- Q1: Stand up the address, group, and locked sheet. This alone is a real improvement over a group text.
- Q2: Add the SSO-gated viewer for a cleaner elder experience.
- Q3: Review access list quarterly; confirm no export paths have crept in.
Effort & cost
- Build: ~2–4 days.
- Run: ~$0 incremental — Google Workspace (existing) + Vercel free/hobby tier. The lowest-cost, lowest-risk build in the set.
Sources
- Air-gap principle — https://www.sentinelone.com/cybersecurity-101/cybersecurity/what-is-an-air-gap/
- AI policy formation for churches — https://churchtechtoday.com/ai-policy-formation-for-churches/
- Church AI adoption vs. governance gap — https://exponential.org/ai-in-churches-2025-91-adoption-rate-reveals-dangerous-policy-gap/
- Echo Prayer — https://www.echoprayer.com/
- PrayerMate — https://www.prayermate.net/platform
Note for Orlando Grace: Robert Jackson is already building exactly this (airgapped to Gmail). This brief is written to validate and document that approach — and to make it a reference pattern other churches can copy.