Last updated: February 19, 2004
The security of our customers' personal data is very important to us. We recognize that you are making a substantial commitment by trusting us to secure your personal data.

In this policy, we will describe the technology and practices we use to keep your data secure:

Data transmission
FusionOne uses the Internet to sync your personal data (for example, your calendar, address book, or tasks) between your mobile phone and your web- and/or PC-based organizer applications. To do this, your data must be sent over the Internet. To keep your data secure during transmission, your data is encrypted on your device before it is sent over the Internet. Certain devices, including PalmOS™ compatible handhelds, Short Message Service (SMS) mobile phones, and Internet-capable mobile phones (the kind you would use to browse a Web site) cannot transmit encrypted data. With respect to these devices, the data is secured once it is stored in the FusionOne data center as described below.

When you synchronize with the service, the FusionOne agent software first establishes a “secure session” with our data center using Secure Socket Layer (SSL). FusionOne uses this secure session as you access your account. First you enter your user name and password, which is irreversibly scrambled (using SHA-1, a hash technology) and authenticated. The scrambled version of your password is used for authentication and cannot be unscrambled by FusionOne or anyone else with access to our servers, ensuring there is no unauthorized access to your account or your data. After your encrypted password is confirmed by FusionOne and your account is validated, we use a strong encryption technology, called TwoFish, to encrypt your personal data (for example, Calendar, Contacts, Files) before sending it to our data center for storage and synchronization with your other devices.

Once your data is stored in the FusionOne data center, your data can only be "unlocked" by using an encryption key. This key, which is itself encrypted via your password, is used to encrypt and decrypt data every time you sync. This “safe” encryption key and your encrypted password are stored by FusionOne, but the decrypted versions are never stored in the data center. This prevents unauthorized access to your synchronized data, even in the unlikely event that the data center was in some way compromised.

In the event you choose to synchronize your personal data with a web application or a web service like FusionOne's MightyPhone Web, the data you synchronize will not be encrypted in FusionOne's database. However, the FusionOne database itself is tightly secured behind our firewalls and protected by the physical security measures described below. In order to synchronize your data with a third party web application, FusionOne must store an encrypted version of your password in the same secure database -- procedures which do not apply when you migrate data to the Internet.

When FusionOne migrates data to the internet we use 128-bit key encryption. In all other instances, FusionOne will use either 56-bit key or 128-bit key encryption for your data depending on your geographic location. The use of 128-bit key encryption is subject to restriction in certain countries under U.S. encryption export law.

Network security
FusionOne uses firewalls in close proximity to public and private Internet Exchanges to create a safe haven for your data. In effect, this means that there is more than one firewall protecting your personal data from intrusion and hackers.

The Internet connection used by FusionOne is based on an industry-standard network architecture known as “n+1”. This architecture provides redundant connections to the Internet in order to prevent malicious flooding of data, also known as “spamming”.

Physical security
FusionOne has located its data center at MFN in San Jose, California to ensure the highest level of security for your personal data.

The MFN facility is equipped with the following safeguards to ensure the highest possible physical security and safety for FusionOne's data systems:

  • 24/7 top-security controlled access (including guards, cameras, motion sensors and hand-scanner access controls)
  • 24/7 security monitoring
  • Raised floors for improved wiring of electricity and air flow
  • Climate control
  • Seismically-braced racks
  • Heavy-duty steel cages and locks for housing all networking equipment, servers, and data storage

Policies and practices
Our corporate policies outline our expectations for our employees and their commitment to data security in detail, and these policies address all activities that have an impact on the security of our service and your data. In addition, our policies and security practices are reviewed frequently in order to keep both human and system resources as up-to-date as possible.

Password recommendations
Your password is the key to your data and your most important tool for keeping your data secure. Here are some suggestions to help you create the most secure password possible:

  • Do your best to ensure that you are the only person who knows your password.
  • Change your password at least every 30 days. You can change your password by going to your account page at any time.
  • Choose a long password that is difficult to guess.
  • Never write down your password.
  • Password-protect your devices themselves whenever possible.

Secure password examples:

  • Join two small words with a strange character.
  • Invent an acronym.
  • Choose a line from a poem or song and use the first letters of each word.

Non-secure password examples:

  • Name of your spouse, parent, child, sibling, colleague, friend, pet, or towns
  • Months, birthdays, anniversaries
  • Car or motorcycle registration number, driver's license number, telephone numbers
  • Common dictionary words in any language
  • Series of identical numbers or letters
  • Obvious sequences letters, numbers, or symbols found on a computer keyboard
  • Any of the bad password examples listed above but spelled backwards or with a number before or after it

In summary
FusionOne takes data security and management very seriously. The security, availability, and integrity of the data you synchronize with our service is our highest priority.

If you should have any questions about our security practices and policies, please contact FusionOne by sending email to: securityadvocate@FusionOne.com.