phone +1 206-523-4152 or 800-315-OMNI mastodon @OmniGroup

How is my data protected, and how private is it?

We value your privacy. Communication to and from the server is encrypted using a secure HTTPS connection, just like the traffic between your computer and your online banking website. We take measures to protect our servers from outside intrusion, as we do with our own online store.

We do preserve our ability to examine the data directly on the server, but we’ll only do so when it’s necessary to solve a problem, and we’ll get the account holders’ permission before doing so if possible. (If someone is misusing the server, that’s a different matter.) For comprehensive information, check our Privacy Policy.

If you do want maximum privacy for your data, you’ll want to use a server you control rather than iCloud, Dropbox, or any other server that someone else runs for you.

OmniFocus Encryption

In OmniFocus 3 for Mac and iOS your data is encrypted before it leaves your device so that it’s encrypted on the server itself. OmniFocus uses your sync password to generate a key that encrypts everything as it leaves your device. All encryption and decryption happens locally, so your data is always encrypted end-to-end and our server never has access to your encryption key. OmniFocus doesn’t encrypt the data stored on your local devices: you can use the built-in device encryption features in iOS (enabled by default) and OS X (FileVault) to encrypt your local data at rest.

New users of OmniFocus will start off with an encrypted database, whereas existing users will see a migration prompt to migrate to the encrypted format.

There are a few other things worth remembering: no one at Omni will have the ability to look at or restore your data. Further, if you lose every single device OmniFocus is installed on and you forget your password, you should consider your OmniFocus database lost and unrecoverable.

For comprehensive information about encrypted sync, check out this forum post.

When you use OmniFocus for the Web, you connect directly to a copy of OmniFocus running on our servers. That copy of OmniFocus decrypts your data temporarily in order to send it to your browser (via a secure connection). To keep OmniFocus for the Web responsive, the copy of OmniFocus you’ve connected to may continue running after you log off. If it’s important to you that no unencrypted data is ever on Omni’s servers, you should not use OmniFocus for the Web. For more details, read How Security and Encryption Work in OmniFocus for the Web.

Last Modified: Jun 27, 2024

Still need help?
+1 206-523-4152 or 800-315-OMNI

Was this article helpful?