We value your privacy. Communication to and from the server is encrypted using a secure HTTPS connection, just like the traffic between your computer and your online banking website. We take measures to protect our servers from outside intrusion, as we do with our own online store.
If you do want maximum privacy for your data, you’ll want to use a server you control rather than iCloud, Dropbox, or any other server that someone else runs for you.
In OmniFocus 3 for Mac and iOS your data is encrypted before it leaves your device so that it’s encrypted on the server itself. OmniFocus uses your sync password to generate a key that encrypts everything as it leaves your device. All encryption and decryption happens locally, so your data is always encrypted end-to-end and our server never has access to your encryption key. OmniFocus doesn’t encrypt the data stored on your local devices: you can use the built-in device encryption features in iOS (enabled by default) and OS X (FileVault) to encrypt your local data at rest.
New users of OmniFocus will start off with an encrypted database, whereas existing users will see a migration prompt to migrate to the encrypted format.
There are a few other things worth remembering: no one at Omni will have the ability to look at or restore your data. Further, if you lose every single device OmniFocus is installed on and you forget your password, you should consider your OmniFocus database lost and unrecoverable.
For comprehensive information about encrypted sync, check out this forum post.
When you use OmniFocus for the Web, you connect directly to a copy of OmniFocus running on our servers. That copy of OmniFocus decrypts your data temporarily in order to send it to your browser (via a secure connection). To keep OmniFocus for the Web responsive, the copy of OmniFocus you’ve connected to may continue running after you log off. If it’s important to you that no unencrypted data is ever on Omni’s servers, you should not use OmniFocus for the Web. For more details, read How Security and Encryption Work in OmniFocus for the Web.