Last Updated: November 29th 2017.
The security of the information contained, transmitted, and managed by Cirrus is of the utmost importance to us. We take a highly proactive approach to security and this document aims to explain what steps we've taken to protect your data, what data is collected, how it is used, and your choices.
This document uses the following terms, provided are their definitions:
|App, Application||The Cirrus software product.|
|We||The developers of the Cirrus Software Application.|
|You, User||The user of Cirrus.|
|Data, Log||The information collected by the app.|
|Device, Phone||The physical device running the app.|
|Cloudflare||The Cloudflare service and organization.|
|Credentials||Your Cloudflare account email and API key.|
- Your credentials never leave your device and are stored securely.
- We collect as little information as possible to provide a reliable service.
- We never collect any information about your Cloudflare account or websites.
An important note about Jailbroken devices
Jailbreaking is the name given to the act of making changes to the operating system of your iOS device to allow for code that has not been approved by Apple to run.
We respect your right to modify your device and will not prevent you from using Cirrus on a jailbroken device or from making unauthorized modifications to the app. However, doing so may render your privacy compromised beyond our control.
What information Cirrus collects
Cirrus is built to collect as little information about your device as possible. We do not collect insights into what types of users are using our application, what type of sites they run, or anything else.
The only information Cirrus knows about you that leaves your device is purely analytical. Our goal with Cirrus is to provide a high quality application thats easy to use, highly reliable, and safe. To achieve this, we need to understand what issues our users are running into so that we can address them.
Cirrus uses the Fabric framework to manage the collection, security, and storage of this information.
The following is a non exhaustive list of the types of information we collect:
- Device type (iPhone, iPad, iPod Touch)
- Device model (iPhone 5S, iPad Mini 2, iPod Touch 5th Generation)
- Amount of free disk space
- Amount of RAM utilized
- Network connection type (Wifi, 3G, LTE)
- How long you use the app
- Operating system version (iOS 7, 8)
- Application version
- Jailbroken status
We never collect the following information:
- Anything that can personally identify you (Your name, email, address)
- Your Cloudflare API key
- Any information relating to your Cloudflare sites (domain names, IP addresses)
When the application quits unexpectedly (crashes) a small amount of information is sent to us to provide technical information as to what went wrong. This information will tell is where in our code did the crash occur, but will not tell us what you were specifically doing, or any other sensitive information such as (but not limited to) input values.
Opt-out of analytic collection
We respect your right to privacy and offer you a way to opt-out of this data collection. As of Cirrus 1.0.0 you can disable usage collection by following these steps:
- From the zone list, tap the gear icon
- Select options from the list that appears
- Slide Collect Anonymous Analytics off
- Double-tap the home button and quit Cirrus
This setting is stored locally on the device. If you use Cirrus across multiple devices, you must disable it on each device.
TestFlight Beta Applications
Beta applications are releases that are meant for testing purposes. These releases may contain software faults or other problems. In order for provide users with a reliable service, we release these builds to select users in order to catch these problems before we release the application to the public.
When you sign up for beta released you must provide us with your Apple ID email address. Your address is stored in a cryptographic hash format in a database to prevent duplicate-sign ups. Your email address will be provided to Apple, Inc. to complete the registration process.
Beta applications are distributed using the TestFlight service provided by Apple. This first-party service is tied to your Apple ID and the software is sent to your device using the TestFlight app. When you install the application from TestFlight, you cannot opt-out of analytic collection.
Beta testing is completely optional, and users can leave the test at any time by uninstalling the beta application.
By default, Cirrus will show your websites favicon within the app using the Google S2 Favicon Service. To achieve this, we have to share the domain name of each site registered to your Cloudflare account with Google so they may get the favicon. No other information is provided to Google for this service and you may disable this feature within the applications settings.
Cirrus and Your Credentials
To allow us to communicate with Cloudflare on your behalf, you must input your Cloudflare account email address and API key. This key is generated by Cloudflare and grants the ability to access and make changes to your Cloudflare sites. This key does not grant the ability to make changes to your account such as changing your password or email address, or accessing your credit card information (if applicable).
The first time you open Cirrus, if you add a new account, or if your API key was regenerated, you'll be required to sign-in to Cloudflare with Cirrus. There are two ways to do this: using a Web Browser or manually.
If you do not wish to use the web browser to log in, you can manually log in by tapping the "Gear" icon in the lower right and selecting "Manual Login". You'll need to provide us with your email and API key.
Regardless of if you use the web browser to log in or the manual log in, Cirrus will have your Cloudflare account email address and the API key for your account. We treat these two pieces of information as highly sensitive, and ensure that they are properly stored on your device. Both the email and API key are stored on your devices keychain, which is the proper location for secure storage, protected by your device's passcode.
Changes to this policy
Questions or Comments
You may email us with any questions or concerns using this address.