At Mozy we focus on making our products simple, automatic, and secure.

We respect the privacy rights of our customers and are committed to protecting our customers’ personal information. Within our Information Security Management System (ISMS) we incorporate a combination of technical, administrative, and physical controls to safeguard personal information consistent with the industry standards and laws that are applicable to our customers and our company. We view compliance as critical and also take steps to protect against anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information.

We recognize that information security requires an appreciation and understanding of how people, processes, technology, and organizational structure all interact to create a complex mix of elements and issues. We protect the interests of our customers and business by operating a holistic program focused on the confidentiality,  availability, and integrity of company and customer systems and data.

We are often asked if we meet the standards required by various regulations such as those listed below.

International:

• PCI DSS
• ISO/IEC 27001
• SAS70

United States:

• SOX
• HIPAA
• GLBA
• Any state mandated privacy laws, i.e.Massachusetts 201 CMR 17

Our customers often want to know if they can remain compliant while using our backup solutions. The principles behind each of these standards are for the data owner to retain control of sensitive data and ensure that only authorized parties can view that data. When you back up information to Mozy, you remain in control of the data through the authentication schemes and encryption the system uses. Each file stored within the Mozy infrastructure is encrypted prior to transmission to our infrastructure, meaning that private and sensitive information remains private while we store it for you. We do not compromise the internal security controls our customers maintain to meet compliance with various regulations.

As we state in the Mozy Privacy Commitment at http://mozy.com/privacy/commitment, our job is to help you protect your personal information. In order to do that, we operate our business on the following principles:

• Your information is your information, not our information.
• We never sell your information to anyone, nor do we sell information about you.
• We never share your information with anyone unless you explicitly instruct us to do so and in what manner. 
• We never sift through your information in order to create a profile of you or for target advertising purposes.
• You can always get your information back. We have no rights to your information if you leave the service.

We use strict security policies, military-grade encryption, and world-class data centers to protect your information, including:

Encryption: Your information is always encrypted during the backup process and while stored in our data centers.
     - SSL encryption: The same technology used by banks secures your data during the backup process.
     - AES/Blowfish: Choose Mozy's encryption key using 448-bit Blowfish or manage your own key using military-grade 256-bit AES to secure your data during storage.
World-class data centers: All data centers employ state-of-the-art physical and technical security and are SAS70 certified.
Backed by EMC: With over $13 billion of revenue, EMC stores and protects more information for the Fortune 500 than any other company.

For a detailed look at our privacy practices, please review our full Privacy Policy at http://mozy.com/privacy.