Your privacy is important to us. We value our users’ privacy, and we strive to protect it. Our goal is to create safe and accessible services for faster Internet browsing. When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.
This Policy describes how we collect, use, and share your data. It applies to the interactions CloudMosa has with you and the CloudMosa products (collectively, “Services” or “Service”) that display this notice. You also can view this information at any time, either in features and/or online at https://www.puffin.com/privacy/.
HANDLING OF YOUR INFORMATION
Your Account. Using our Services may require a Puffin Account (“Account”). The Account allows you to access our Services across CloudMosa’s ecosystem. Personal data associated with your Account may include credentials, name payment data, device, and usage data. Signing in to your Account may enable certain features.
Subscriptions. The Services and certain features may allow you to purchase access to the Services on a subscription basis. The subscription may collect your personal data, such as your name, credit card number, email address, etc., to allow you to use certain features or the Services; this includes trials. CloudMosa is PCI DSS (Payment Card Industry Data Security Standards) Compliant and does not store your credit card information on our server. Third-party payment processors will process the cardholder data. Upon the expiration or cancellation of the subscription, your subscription data will be deleted.
Third-Party Credentials. When the “Save Password” option is enabled, your passwords to access third-party services and websites will only save on your device and encrypted. You can always purge them by clearing browsing data or disabling password saving via “Settings” in the Service.
We do not store your passwords on our servers. Therefore, we are not able to recover your passwords if you can’t remember them.
Your Account Password. When you sign up for a Puffin Account, your password is securely encrypted and saved on our server. However, we do not know your passwords. If you forgot your password, you would be able to reset your password via our website.
You are solely responsible for handling your account activity and securing your password or activation codes.
Websites widely use two types of cookies:
Session Cookies. Sessions cookie enables websites to offer certain features to you on the site and is deleted immediately from your computer when you leave the site.
Persistent Cookies. Persistent cookie, which usually remains in your browser after you leave the site or close your browser, can be used by your browser on subsequent visits (i.e., to help you stay logged in on a follow-up session).
The cookies will only save on your device. They will pass via our servers onto the destination websites that request it. You can also configure our client applications to block all cookies. But remember that many websites rely on cookies to function correctly, for things like remembering your language preferences. Blocking cookies might affect your user experience when browsing these websites.
We log anonymous activities, whose data includes your IP address, the date and time of your request, and URLs. We use the data to generate reports for internal data analysis, troubleshooting, and self-defense. These reports are aggregated statistical data and include non-personal data.
We purge the logs after 180 days and only keep the reports. We use the reports for internal purposes, while recent ones may be used based on reasonable external requests, e.g., for fund-raising due diligence.
Device Related Data
We may also collect data about the App version, App-specific IDs, and operating system versions, device models, location data of your mobile devices, as well as connection status during your usage of the Service. This data, excluding personally identifiable information, may be used for user research and service improvement purposes.
Web Page Contents
We do not log the contents you browse, and we strictly enforce this policy. However, be aware of the possibility of surveillance by intelligence agencies in your home country and our home country.
Settings, Bookmarks, and Search History
Settings will be saved only on your local device. If you choose to enable the Device Sync option, you agree to keep your bookmarks, browsing history, and active browsing tabs on our server. They will be securely stored, and can be retrieved via your Puffin account.
Files, Videos, and Images
We do not store or cache any pictures, files, or videos you browse or watch on our servers. We will only cache images or files on your device for a better user experience, and you can always purge them via “Settings” in the Service.
We use cloud storage services that you authorize in the Service to store files that you choose to download to the cloud, e.g., when you download a file on a web page, you can choose to download it to your cloud storage services. Only the user who grants access to the downloaded file can view it via the Service, and no one inside or outside of CloudMosa has access to any file you have chosen to download to cloud storage. We do not store file transfer data on our servers. Your download records save only on your device, and you can always purge the records via “Settings” in the Service.
Videos are requested directly from the user’s device, and only on some rare cases when they won’t play or for network traversal reasons will be relayed via our servers. Live video streaming is not proxied via our servers but streamed directly to user’s devices. For some of our Services, videos or video streams may be relayed via our servers for security considerations. Vidq1eos will not be stored or cached on our servers.
Cloud Storage Authorization
The download feature requires cloud storage authorization to work correctly. The authorization information saves only on your device will be passed via our servers to the cloud storage services you authorize in the Service when you choose to download files to your cloud storage accounts.
You can always purge the cloud storage authorization information. However, if you deauthorize it, you will be asked to authorize the cloud storage services again whenever you wish to download files to your cloud storage accounts.
We use the servers in our data centers to render the result. The side effect is that the websites receive our server’s IP rather than yours.
Puffin may forward your real IP address through the XFF header for websites that need this information. Although we pass your IP to websites via XFF, some websites don't support this standard.
We partner with ad providers to serve ads to support our operation to offer the Services. Some ad providers will use your IP address we pass via the X-Forwarded-For (the “XFF”) header to serve geo-targeted ads.
The Incognito mode feature allows you to browse the web while protecting your privacy. You can limit the information we store on your device by using incognito mode. In this mode, we won't store certain information on your device, such as:
Browsing history information like URLs, cached page text, or IP addresses of pages linked from the websites you visit
Snapshots of pages that you visit
Records of your downloads, although the files you download will still be stored elsewhere on your device.
Additional information that won’t store or may be stored temporarily on your device when you are in the incognito mode includes:
Cookies. Puffin won't share existing cookies with sites you visit in incognito mode. Websites may deposit new cookies on your device while you are in this mode, but they'll only be stored and transmitted until you close the last incognito window.
Browser Configuration Changes. When you make changes to your browser configuration, like bookmarking a web page or changing your settings, this information is saved. These changes are not affected by incognito mode.
Permissions. Permissions you grant in incognito mode are not saved to your existing device.
Information Entered in Forms. In incognito mode, information entered in forms will not be saved on your device.
HOW LONG WE STORE YOUR INFORMATION
When deleting data, we will take measures to make the data irrecoverable or irreproducible. And files that contain data will be deleted permanently.
PROTECTION OF YOUR DATA
At CloudMosa, we believe that great privacy rests on great security. We use administrative, technical, and physical safeguards to protect your personal data, taking into account the nature of the personal data and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your personal data secure.
Our Services are built with strong security features that continuously protect your information. Our server refuses network connection if the connection is under the "man-in-the-middle" attack. All network traffic from our clients to our servers is securely encrypted. Only the user who initiated the request will see the individual result on their own devices. We patch SSL security loopholes and trust only its server certificate. Any "faked" certificates through corporate/enterprise, Internet service providers, and government agencies will not work.
We work hard to protect you and CloudMosa from unauthorized access, alteration, disclosure, or destruction of information we hold, including:
We use encryption to keep your data private while in transit.
We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
We restrict access to personal information to CloudMosa employees, contractors, and agents who need that information to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
The insights we gain from maintaining our services help us detect and automatically block security threats from ever reaching you. And if we do detect something risky that we think you should know about, we’ll notify you and help guide you through steps to stay better protected.
Facilities and Data Transfer
Our employees will process your data. We take steps to ensure all transfers are protected by adequate safeguards, including the standard contractual clauses approved by the European Commission.
All facilities used to store and process your data will adhere to reasonable security standards no less protective than the security standards at facilities where CloudMosa stores and processes its own information of a similar type. As part of providing the Services, CloudMosa may transfer, store and process your data in the United States or any other country in which CloudMosa or its agents maintain facilities. By using the Services, you consent to this transfer, processing, and storage of your data.
Data Access, Portability, and Deletion
We store cached images and files, cloud storage authorization, users’ browsing history, passwords, or information entered in forms on user’s devices for a better user experience. However, users are free to purge these data stores on their devices via “Settings” in our client applications.
You have the right to request correction or deletion of your subscription data on the https://www.puffin.com website. You may update your data by logging in to your account. To request deletion of your data, please contact us at firstname.lastname@example.org.
There may be situations where we cannot grant your request — for example, if you ask us to delete your transaction data and CloudMosa is legally obligated to keep a record of that transaction to comply with the law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied are if it jeopardizes others’ privacy, is frivolous or vexatious, or would be extremely impractical.
WHOM WE SHARE YOUR DATA WITH
We may share non-personally identifiable information publicly and with our partners. For example, we share information publicly to show trends about the general use of our services. We also allow specific partners to collect information from your browser or device for advertising and measurement purposes using their own cookies or similar technologies.
We also share your data with selected third parties, including:
We work with third-party payment processors to handle payments. The payment processor is responsible for processing your data and may use your data for their purposes under their privacy policies.
Law Enforcement Agencies
We do not comply with external requests for personal user data. The only exception is that we may cooperate with law enforcement agencies as required by law when receiving a request to aid in a criminal investigation.
Change of Corporate Ownership
DATA PRIVACY COMPLIANCE
The General Data Protection Regulation (GDPR) is a European privacy law that took effect on May 25th, 2018. Established by the EU Parliament, the GDPR regulates how individuals and organizations can obtain, use, store, and remove personal data. You may read the full text of the law here.
The California Consumer Privacy Act of 2018 (CCPA) is a new law taking effect in 2020. It was passed unanimously in 2018 in California, the United States, and requires organizations to tell users what personal data they store, adequately secure the data, and give users the right to opt-out from the organization selling their data. You may read the full text of the law here.
COMPANYWIDE COMMITMENT TO YOUR PRIVACY
To make sure your personal data is secure, we communicate our privacy and security guidelines to CloudMosa employees and strictly enforce privacy safeguards within the company.
CloudMosa, Inc. 20863 Stevens Creek Boulevard, Suite 560 Cupertino, CA 95014, U.S.A.