Puffin Browser - CloudMosa Privacy Policy
Puffin Browser

CloudMosa Privacy Policy

Updated: August 7th, 2019

This Privacy Policy explains what information CloudMosa collects about you, your usage, and what we may do with that information as you use our service.

Information may be collected when you use the apps (the “ App ”) and services (the “ Services ”) developed by CloudMosa. By using the App and Services, you agree to the collection and use of information in accordance with this Privacy Policy.

Our philosophy

We value our users’ privacy and we strive to protect it. We design all the CloudMosa Apps and Services to comply with privacy regulations, and we do not store user data on our servers. Our goal is to create a safe place for faster Internet browsing, not to monetize user data.

Our system is designed to be simple and state-less, i.e., once you quit the App and leave the Services, it is as clean as you were never there. There is no way to link back to your identity such as name, address or phone number, etc. that you have used when you use our App or Services to browse the web.

Information we collect and how we use it

Account information

Your personal identifiable information (such as your name, credit card number, email address, etc.) may be collected when you sign up to subscribe to CloudMosa paid Apps or Services (the “Paid Services”). This includes trials. Upon the expiration or cancellation of the subscription, you may contact us to request deletion of your subscription data.

In our ad-supported free apps and services (the “Free Services”), no user account information is stored on our cloud servers. However, we will work with ad providers to serve ads to support our operation to offer Free Services. Some ad providers will use your IP address that we pass via the X-Forwarded-For (the “XFF”) header to serve geo-targeted ads.


When the “Save Password” option is enabled, your passwords will be only saved on your device and encrypted, and you can purge them by clearing browsing data or by disabling password saving via “Settings” in the App.

We do not know your passwords and do not store your passwords on our servers. Therefore, we are not able to recover your passwords if you can’t remember them.


Many websites use cookies, and cookies are small pieces of data, which often includes an anonymous unique identifier. Websites use cookies to better help you interact with their services, to monitor web traffic data, and to improve the overall experience.

Two types of cookies are widely used by websites:

  • Session cookies: A session cookie enables websites to offer certain features to you on the site and is deleted immediately from your computer when you leave the site.
  • Persistent cookies: A persistent cookie, which normally remains in your browser after you leave the site or close your browser and can be used by your browser on subsequent visits (ie. to help you stay logged in on a follow-up session).

You are free to configure our client applications to accept or reject all cookies. If you reject all cookies, you might not be able to use some services provided by the websites you browse. If you choose to accept cookies, the cookies will only be saved on your device and will be passed via our servers (cached in a connection-based and encrypted vault on our server, for better user experience) on to the destination websites that request it.


We log anonymous activities in the format of standard web logs, whose information includes source addresses, destination addresses, and URLs. The logs are used to generate reports for internal data analysis, troubleshooting, and self-defense. The reports have aggregated statistical data and are anonymous, which means no individual user data will be included.

We purge the logs after 100 days and only keep the reports. Logs are only used internally, while recent reports are sometimes used externally, e.g., for fund-raising due diligence.

Device related information

We may also collect information about the App version, App-specific IDs, and operating system versions, device models, location data of your mobile devices, as well as connection status during your usage of the App. This information (excluding personal information) may be used for user research and service improvement purposes.

Web page contents

Even though the URLs of the web pages are logged, the contents of the web pages are not logged. In fact, the contents will never be logged, and this policy will be strictly enforced. However, be aware of the possibility of surveillance by intelligence agencies in your home country and our home country.

Files, videos and images

We do not store or cache any pictures, files, or videos that you browse or watch on our servers. Images or files will only be cached on your device for better user experience, and you are always free to purge them via “Settings” in the App.

We use cloud storage services that you authorize in the App to store files that you choose to download to the cloud, e.g. when you download a file on a web page, you can choose to download it to your cloud storage services. Only the user who grants access to the downloaded file can view it via the App, and no one inside or outside of CloudMosa has access to any file you have chosen to download to cloud storage. We do not store file transfer information on our servers. Your download records are stored on your device, and you are free to purge the records via “Settings” in the App.

Videos are requested directly from the user’s device and only on some rare cases when they won’t play or for network traversal reasons, they will be relayed via our servers. Live video streaming is not proxied via our servers but streamed directly to user’s devices. For some of our App or Services, e.g. Puffin Secure Browser, videos or video streams will be rendered or streamed via our servers for security reasons. Videos will not be stored or cached on our servers.

Cloud storage authorization

The download feature requires cloud storage authorization (for storing user’s downloaded files to their cloud storage services) to work properly. The authorization information will be stored on your device and will be passed via our servers to the cloud storage services that you authorize in the App when you choose to download files to your cloud storage accounts.

You are free to purge the cloud storage authorization information stored on your device anytime. However, if you choose to purge the information, you will be asked to authorize the cloud storage services again when you wish to download files to your cloud storage accounts.

IP Addresses

We use our servers located in different countries to improve the user experience. The side effect is that the websites receive our servers IP rather than yours.

Puffin does forward your real IP address through XFF header for websites that need this information. Although we pass your IP to websites via XFF, some websites don't support this standard.

Location information

Location information is frequently used on websites to serve various purposes. Some websites use it to serve their content efficiently, e.g. video streaming, and some use JavaScript to request for location information to serve their users accurately, e.g., for geo-restricted contents.

Incognito mode

The Incognito mode feature allows you to browse the web while protecting your privacy. We will not save the pages viewed in Incognito mode in your browsing history or any information entered in forms. Cookies and site data are deleted when you leave the Incognito mode.


The General Data Protection Regulation (GDPR) is a European privacy law that took effect on May 25th, 2018. Established by the EU Parliament, the GDPR regulates how individuals and organizations can obtain, use, store, and remove personal data. You may read the full text of the law here.

Our Terms of Service and Privacy Policy clearly describe the types of personal data we collect and process, why we collect the data, how we use it, who we share it with, and how long we store it.

Data inventory

We do not store user's data on our servers. Our Privacy Policy identifies what we do with the data we collect and how we manage consent.

Data Access, Portability, and Deletion

We do not store the user’s personal information on either our servers or our client applications. We do store cached images and files, cloud storage authorization (for storing user’s downloaded files to their cloud storage services), users’ browsing history, passwords or information entered in forms on our client application on user’s devices to bring a better user experience. However, users are free to purge these data stores on their devices via “Settings” in our client applications.


We are very serious about security. Our server refuses network connection if the connection is under the "man-in-the-middle" attack.

All network traffic from our clients to our servers is encrypted by the 2048-bit public-key encryption. No one inside or outside of CloudMosa will have access to it. Only the user who initiated the request (to browse any web pages) will be able to see the rendered result on their own devices.

We patch SSL security loopholes and trust only its server certificate. Any "faked" certificates through corporate/enterprise, Internet service providers, and government agencies will not work.

We do not comply with external requests for user information. The only exception is that we may cooperate with law enforcement agencies as required by law when we receive a request to aid in a criminal investigation.


You may opt-in to receive newsletters and other marketing information that may be of interest to you by filling out forms or surveys on the https://www.puffin.com website. The personal information you submitted will not be shared with any third parties. You may opt-out of receiving any, or all, of these marketing communications by contacting us. Please note that we may still send you transactional or administrative messages related to the App or Services even after you have opted out of receiving marketing communications.

Changes to this Privacy Policy

CloudMosa may update this Privacy Policy over time at our discretion without prior notice as we refine and add or remove features. If you do not agree to abide by any changes made in the Privacy Policy, you may remedy the situation by uninstalling CloudMosa Services and App in the future.