There is no guaranteed 100% foolproof way. There are many ways that may approach 100%, making it extremely unlikely to get the data. But unlikely is NOT impossible.

I was thinking about using openid for user passwords and as a key to encrypt the data but then of course i still have the problem of proving thats how it works to the user.

perhaps I should just concentrate on writing a good data protection & privacy policy and see how it goes.

if i store various users data on a webserver, can I prove to them that no one but them can access it?

Sure, by encrypting on the user's computer and by being completely transparent. (e.g. open-sourcing the software and documenting the data stream.) You might use Javascript, Java, Flash, etc. to do the local encryption.

While the average user may not be able to verify your claim, security experts could.

The important thing is encrypting on the user's computer, and not sharing the the key with you. So, your site is given a stream of "meaningless garbage" to store.

If the data is sent to you in the clear, or via SSL encrypted using your certificate, there is no way the user can verify that you've actually encrypted it.