Privacy Policy

Last Updated: December 12th 2018.
Effective: Immediately.

The security of the information contained, transmitted, and managed by Cirrus is of the utmost importance to us. We take a highly proactive approach to security and this document aims to explain what steps we've taken to protect your data, what data is collected, how it is used, and your choices.

This document uses the following terms, provided are their definitions:

App, ApplicationThe Cirrus software product.
WeThe developers of the Cirrus Software Application.
You, UserThe user of Cirrus.
Data, LogThe information collected by the app.
Device, PhoneThe physical device running the app.
CloudflareThe Cloudflare service and organization.
CredentialsYour Cloudflare account email and API key.
Key takeaways from this policy
  • Your credentials never leave your device and are stored securely.
  • We never collect any information, including anonymous, about you, your device, or how you use Cirrus.

An important note about Jailbroken devices

Jailbreaking is the name given to the act of making changes to the operating system of your iOS device to allow for code that has not been approved by Apple to run.

We respect your right to modify your device and will not prevent you from using Cirrus on a jailbroken device or from making unauthorized modifications to the app. However, doing so may render your privacy compromised beyond our control.

Please Note This document is written for devices that are not jailbroken. Users who chose to use our service on a jailbroken device do so at their own risk without any expectation of privacy or security.

What information Cirrus collects

Please Note As of Cirrus 1.5.1 (released October 20th, 2019) we no longer collect any analytical usage or crash information from Cirrus aside from what is provided by iOS. Prior versions of Cirrus will still include analytic collecting and sharing software.

Cirrus was built with privacy in mind, and therefor we're prod to say that we do not explicitly collect any usage or analytical information from the app.

Your iOS device will some information to Apple and to us, which is beyond our control. Certain anonymous analytical information, such as (but not limited to), an aggregated number of users of Cirrus, the types of iOS devices used, and crash information, may be sent by iOS to Apple and shared with us. You can control if your iOS device shared analytical information with App Developers and/or Apple as described in this Apple Support Document.

TestFlight Beta Applications

Beta applications are releases that are meant for testing purposes. These releases may contain software faults or other problems. In order for provide users with a reliable service, we release these builds to select users in order to catch these problems before we release the application to the public. While rare, these software faults may include privacy related vulnerabilities that can potentially put your information at risk. Users who agree to sign up for TestFlight builds agree to accept this risk.

If you choose to participate in TestFlight Beta Testing, you must sign up through the Apple operated TestFlight service. Your Apple ID is associated with your TestFlight participation, but is not made visible to us. Only an aggregate count of users who have signed up for beta versions of Cirrus, and the number of times the application has crashed is provided by Apple to us.

Beta applications are distributed using the TestFlight service provided by Apple. This first-party service is tied to your Apple ID and the software is sent to your device using the TestFlight app. When you subscribe to Cirrus beta builds though TestFlight, analytical information about the status of the test is provided to Apple and to us. This information includes if you have installed a beta version of Cirrus, which version of Cirrus you have installed, and how many (if applicable) times the beta application has crashed. No other information is collected no shared with us, including information within the application such as (but not limited to) your Cloudflare credentials.

Beta testing is completely optional & voluntary. Users can leave the test at any time by uninstalling the beta application. Your privacy rights with Apple is described in Apple's Privacy Policy.

Domain favicons

By default, Cirrus will show your websites favicon within the app using the Google S2 Favicon Service. To achieve this, we have to share the domain name of each site registered to your Cloudflare account with Google so they may get the favicon. No other information is provided to Google for this service and you may disable this feature within the applications settings.

Cirrus and Your Credentials

To allow us to communicate with Cloudflare on your behalf, you must input your Cloudflare account email address and API key. This key is generated by Cloudflare and grants the ability to access and make changes to your Cloudflare sites. This key does not grant the ability to make changes to your account such as changing your password or email address, or accessing your credit card information (if applicable).

The first time you open Cirrus, if you add a new account, or if your API key was regenerated, you'll be required to sign-in to Cloudflare with Cirrus. There are two ways to do this: using a Web Browser or manually.

When you sign in with a web browser, Cirrus will inject a Javascript file into the Cloudflare page so that it can retrieve your email address and access your API key. The contents of this Javascript file can be inspected using the steps described in this document. The Javascript file is only used to retrieve your email address and API key. Logical safe-guards are in-place to prevent the script from performing dangerous operations to your account.

Alternatively, you can input your Email Address and API key yourself by selecting "Login using an API Key".

Regardless of if you use the web browser to log in or the manual log in, Cirrus will have your Cloudflare account email address and the API key for your account. We treat these two pieces of information as highly sensitive, and ensure that they are properly stored on your device. Both the email and API key are stored on your devices keychain, which is the proper location for secure storage, protected by your device's passcode.

Key Takeaway We store your email address and API key in the devices keychain, and only ever use it when talking to Cloudflare. We do not sync or store this key anywhere else.

Changes to this policy

We reserve the right to change this policy to meet the needs to the app and our users without notice. You can always find the latest version of our Privacy Policy by clicking the "Privacy Policy" link in the footer of our web site. By continuing to use Cirrus, you are agreeing to current version of our privacy policy.

Questions or Comments

You may email us with any questions or concerns using this address.