Server Database is SQL Server and XPressEntry supports all standard methods of authentication and encryption for SQL Server including full database and per table encryption.
Handheld Database is encrypted when at rest and can not be removed from the device.
Requests from the handheld to the server are signed to ensure request authenticity.
The Server -> Handheld communication channel uses HTTPS/TLS1.2
The zip file which is transmitted over that channel is further secured by an AES256 shared symmetric key.