diff --git a/zaps/0002-encrypt-push-notifications.md b/zaps/0002-encrypt-push-notifications.md
index 79d135f..820f110 100644
--- a/zaps/0002-encrypt-push-notifications.md
+++ b/zaps/0002-encrypt-push-notifications.md
@@ -43,9 +43,10 @@ in between the individual Zulip server and its users.
 # Design
 
 Each mobile push notification a Zulip server sends will be encrypted
-with a public key belonging to the intended user device.
-The corresponding private key will have been generated by the Zulip
-mobile app on the device, and will remain only on the device.
+with a secret key specific to the intended user device.
+The key will have been generated by the Zulip mobile app
+on the device, and shared only between that device
+and the server.
 
 When a Zulip server sends a notification, the only information it
 sends to the Mobile Push Notification Service will be the cryptotext