When you synchronize your phone, or update your lists from a web browser, the information that is sent to our Web Server is encrypted, using AES . More precisely the description of each entry is encrypted. The key for the encryption is a hash of your email address and password. Neither your password, or the key that is dervived from it, are sent to our WebServer. What is sent, to provide authentication, is a hash of the key. But it is not possible to obtain your password or the key from this second hash. So with the data held on our WebServer it is not possible to decypher your data. A consequence of this is that should you loose/forget your password we cannot send it to you, because we do not store it. The data held on your phone is NOT encrypted. The encryption is purely to provide security for your data on our WebServer.
