Privacy Policy

Last Updated: November 29th 2017.
Effective: Immediately.

The security of the information contained, transmitted, and managed by Cirrus is of the utmost importance to us. We take a highly proactive approach to security and this document aims to explain what steps we've taken to protect your data, what data is collected, how it is used, and your choices.

This document uses the following terms, provided are their definitions:

TermDefinition
App, ApplicationThe Cirrus software product.
WeThe developers of the Cirrus Software Application.
You, UserThe user of Cirrus.
Data, LogThe information collected by the app.
Device, PhoneThe physical device running the app.
CloudflareThe Cloudflare service and organization.
CredentialsYour Cloudflare account email and API key.
Key takeaways from this policy
  • Your credentials never leave your device and are stored securely.
  • We collect as little information as possible to provide a reliable service.
  • We never collect any information about your Cloudflare account or websites.

An important note about Jailbroken devices

Jailbreaking is the name given to the act of making changes to the operating system of your iOS device to allow for code that has not been approved by Apple to run.

We respect your right to modify your device and will not prevent you from using Cirrus on a jailbroken device or from making unauthorized modifications to the app. However, doing so may render your privacy compromised beyond our control.

Please Note This document is written for devices that are not jailbroken. Users who chose to use our service on a jailbroken device do so at their own risk without any expectation of privacy or security.

What information Cirrus collects

Cirrus is built to collect as little information about your device as possible. We do not collect insights into what types of users are using our application, what type of sites they run, or anything else.

The only information Cirrus knows about you that leaves your device is purely analytical. Our goal with Cirrus is to provide a high quality application thats easy to use, highly reliable, and safe. To achieve this, we need to understand what issues our users are running into so that we can address them.

Cirrus uses the Fabric framework to manage the collection, security, and storage of this information.

The following is a non exhaustive list of the types of information we collect:

Hardware Information:

Software Information:

We never collect the following information:

When the application quits unexpectedly (crashes) a small amount of information is sent to us to provide technical information as to what went wrong. This information will tell is where in our code did the crash occur, but will not tell us what you were specifically doing, or any other sensitive information such as (but not limited to) input values.

Opt-out of analytic collection

We respect your right to privacy and offer you a way to opt-out of this data collection. As of Cirrus 1.0.0 you can disable usage collection by following these steps:

  1. From the zone list, tap the gear icon
  2. Select options from the list that appears
  3. Slide Collect Anonymous Analytics off
  4. Double-tap the home button and quit Cirrus

This setting is stored locally on the device. If you use Cirrus across multiple devices, you must disable it on each device.

TestFlight Beta Applications

Beta applications are releases that are meant for testing purposes. These releases may contain software faults or other problems. In order for provide users with a reliable service, we release these builds to select users in order to catch these problems before we release the application to the public.

When you sign up for beta released you must provide us with your Apple ID email address. Your address is stored in a cryptographic hash format in a database to prevent duplicate-sign ups. Your email address will be provided to Apple, Inc. to complete the registration process.

Beta applications are distributed using the TestFlight service provided by Apple. This first-party service is tied to your Apple ID and the software is sent to your device using the TestFlight app. When you install the application from TestFlight, you cannot opt-out of analytic collection.

Beta testing is completely optional, and users can leave the test at any time by uninstalling the beta application.

Domain favicons

By default, Cirrus will show your websites favicon within the app using the Google S2 Favicon Service. To achieve this, we have to share the domain name of each site registered to your Cloudflare account with Google so they may get the favicon. No other information is provided to Google for this service and you may disable this feature within the applications settings.

Cirrus and Your Credentials

To allow us to communicate with Cloudflare on your behalf, you must input your Cloudflare account email address and API key. This key is generated by Cloudflare and grants the ability to access and make changes to your Cloudflare sites. This key does not grant the ability to make changes to your account such as changing your password or email address, or accessing your credit card information (if applicable).

The first time you open Cirrus, if you add a new account, or if your API key was regenerated, you'll be required to sign-in to Cloudflare with Cirrus. There are two ways to do this: using a Web Browser or manually.

When you sign in with a web browser, Cirrus will inject a Javascript file into the Cloudflare page so that it can retrieve your email address and access your API key. The contents of this Javascript file can be inspected using the steps described in this document. The Javascript file is only used to retrieve your email address and API key. Logical safe-guards are in-place to prevent the script from performing dangerous operations to your account.

If you do not wish to use the web browser to log in, you can manually log in by tapping the "Gear" icon in the lower right and selecting "Manual Login". You'll need to provide us with your email and API key.

Regardless of if you use the web browser to log in or the manual log in, Cirrus will have your Cloudflare account email address and the API key for your account. We treat these two pieces of information as highly sensitive, and ensure that they are properly stored on your device. Both the email and API key are stored on your devices keychain, which is the proper location for secure storage, protected by your device's passcode.

Key Takeaway We store your email address and API key in the devices keychain, and only ever use it when talking to Cloudflare. We do not sync or store this key anywhere else.

Changes to this policy

We reserve the right to change this policy to meet the needs to the app and our users without notice. You can always find the latest version of our Privacy Policy by clicking the "Privacy Policy" link in the footer of our web site. By continuing to use our service, you are agreeing to current version of our privacy policy.

Questions or Comments

You may email us with any questions or concerns using this address.