Privacy and Security for Push Email
- Network communications between device and our servers is always secured with SSL/TLS. No unencrypted connections are allowed.
- Network communications between our servers and email server via IMAP and SMTP is always encrypted. Unencrypted access is not supported.
- Outgoing email messages have a header added to verify that the message was received from the device over a secure connection, allowing the recipient to verify end-to-end security.
- Email content is not stored on our servers : body, subject, recipients, sender, are never stored. Only time stamps, folder names and message ids are stored.
- Credential data is encrypted when stored and "at reset" in memory.
- We own our own servers which are hosted in secure facilities that have been audited for SAS-70 Type II and PCI compliance, biometric/dual-factor entry control and 7x24 staffed.
- Source code is regularly checked with static analysis tools for security vulnerabilities.
- Our server IP subnets are available on request, allowing mail server admins to lock down access to only our servers.
- When practical, we implement support for any security-enhancing features present in the systems with which our service interoperates. For example: device remote wipe, OAuth for IMAP and SMTP, anti-cracking measures.
Have a question about security? The NuevaSync Security Response Team is always ready to help.