When you synchronize your phone, or update your lists from a web browser, the information that is stored on our Web Server is encrypted, using AES . More precisely the description of each entry is encrypted. The key for the encryption is a hash of your email address and password. Neither your password, or the key that is derived from it, are stored on our Web Server. What is stored, to provide authentication, is a hash of the key. But it is not possible to obtain your password or the key from this second hash. So with the data stored on our Web Server it is not possible to decipher your data. A consequence of this is that should you loose/forget your password we cannot send it to you, because we do not store it. NOTE: The data held on your phone is NOT encrypted. The encryption is purely to provide security for your data on our Web Server. This is important. In this respect, we recommend that you treat your phone similar to a piece of paper. Do not store information on your phone that you would not write down on a piece of paper, and carry around with you.
