Last Updated: December 12th 2018.
The security of the information contained, transmitted, and managed by Cirrus is of the utmost importance to us. We take a highly proactive approach to security and this document aims to explain what steps we've taken to protect your data, what data is collected, how it is used, and your choices.
This document uses the following terms, provided are their definitions:
|App, Application||The Cirrus software product.|
|We||The developers of the Cirrus Software Application.|
|You, User||The user of Cirrus.|
|Data, Log||The information collected by the app.|
|Device, Phone||The physical device running the app.|
|Cloudflare||The Cloudflare service and organization.|
|Credentials||Your Cloudflare account email and API key.|
- Your credentials never leave your device and are stored securely.
- We never collect any information, including anonymous, about you, your device, or how you use Cirrus.
An important note about Jailbroken devices
Jailbreaking is the name given to the act of making changes to the operating system of your iOS device to allow for code that has not been approved by Apple to run.
We respect your right to modify your device and will not prevent you from using Cirrus on a jailbroken device or from making unauthorized modifications to the app. However, doing so may render your privacy compromised beyond our control.
What information Cirrus collects
Cirrus was built with privacy in mind, and therefor we're prod to say that we do not explicitly collect any usage or analytical information from the app.
Your iOS device will some information to Apple and to us, which is beyond our control. Certain anonymous analytical information, such as (but not limited to), an aggregated number of users of Cirrus, the types of iOS devices used, and crash information, may be sent by iOS to Apple and shared with us. You can control if your iOS device shared analytical information with App Developers and/or Apple as described in this Apple Support Document.
TestFlight Beta Applications
Beta applications are releases that are meant for testing purposes. These releases may contain software faults or other problems. In order for provide users with a reliable service, we release these builds to select users in order to catch these problems before we release the application to the public. While rare, these software faults may include privacy related vulnerabilities that can potentially put your information at risk. Users who agree to sign up for TestFlight builds agree to accept this risk.
If you choose to participate in TestFlight Beta Testing, you must sign up through the Apple operated TestFlight service. Your Apple ID is associated with your TestFlight participation, but is not made visible to us. Only an aggregate count of users who have signed up for beta versions of Cirrus, and the number of times the application has crashed is provided by Apple to us.
Beta applications are distributed using the TestFlight service provided by Apple. This first-party service is tied to your Apple ID and the software is sent to your device using the TestFlight app. When you subscribe to Cirrus beta builds though TestFlight, analytical information about the status of the test is provided to Apple and to us. This information includes if you have installed a beta version of Cirrus, which version of Cirrus you have installed, and how many (if applicable) times the beta application has crashed. No other information is collected no shared with us, including information within the application such as (but not limited to) your Cloudflare credentials.
By default, Cirrus will show your websites favicon within the app using the Google S2 Favicon Service. To achieve this, we have to share the domain name of each site registered to your Cloudflare account with Google so they may get the favicon. No other information is provided to Google for this service and you may disable this feature within the applications settings.
Cirrus and Your Credentials
To allow us to communicate with Cloudflare on your behalf, you must input your Cloudflare account email address and API key. This key is generated by Cloudflare and grants the ability to access and make changes to your Cloudflare sites. This key does not grant the ability to make changes to your account such as changing your password or email address, or accessing your credit card information (if applicable).
The first time you open Cirrus, if you add a new account, or if your API key was regenerated, you'll be required to sign-in to Cloudflare with Cirrus. There are two ways to do this: using a Web Browser or manually.
Alternatively, you can input your Email Address and API key yourself by selecting "Login using an API Key".
Regardless of if you use the web browser to log in or the manual log in, Cirrus will have your Cloudflare account email address and the API key for your account. We treat these two pieces of information as highly sensitive, and ensure that they are properly stored on your device. Both the email and API key are stored on your devices keychain, which is the proper location for secure storage, protected by your device's passcode.
Changes to this policy
Questions or Comments
You may email us with any questions or concerns using this address.