I really haven't looked into the details of their scheme at all, but from what I understand it is based on a Java client that basically operates in a similiar fashion to a PGP client... I don't think unencrypted messages are stored anywhere. It is encrypted by one client, sent to their servers (in Vancouver I believe), and just held there in their encrypted form until the recipient views it on their client. The only service they are providing besides the client software is a web-based email system like any other. But I could be totally wrong. There was a thread on this on Slashdot a few days ago with plenty of comments if you want to read that.
Eugene Leitl wrote:
> You sure transfer text via SSL, but what happens with your mail on the
> server? It kinda defies the purpose. Then why not http://www.gnupg.org
> Brian Atkins writes:
> > A friend of a friend of mine is one of the founders.. from what
> > I know it is legit. I am still not convinced it will really
> > take off though.
> > Terry Donaghe wrote:
> > > http://www.hushmail.com
-- "Knowing the path is not the same as walking the path." -Morpheus _The Matrix_