Updated: August 7th, 2019
We value our users’ privacy and we strive to protect it. We design all the CloudMosa Apps and Services to comply with privacy regulations, and we do not store user data on our servers. Our goal is to create a safe place for faster Internet browsing, not to monetize user data.
Our system is designed to be simple and state-less, i.e., once you quit the App and leave the Services, it is as clean as you were never there. There is no way to link back to your identity such as name, address or phone number, etc. that you have used when you use our App or Services to browse the web.
Information we collect and how we use it
Your personal identifiable information (such as your name, credit card number, email address, etc.) may be collected when you sign up to subscribe to CloudMosa paid Apps or Services (the “Paid Services”). This includes trials. Upon the expiration or cancellation of the subscription, you may contact us to request deletion of your subscription data.
In our ad-supported free apps and services (the “Free Services”), no user account information is stored on our cloud servers. However, we will work with ad providers to serve ads to support our operation to offer Free Services. Some ad providers will use your IP address that we pass via the X-Forwarded-For (the “XFF”) header to serve geo-targeted ads.
When the “Save Password” option is enabled, your passwords will be only saved on your device and encrypted, and you can purge them by clearing browsing data or by disabling password saving via “Settings” in the App.
We do not know your passwords and do not store your passwords on our servers. Therefore, we are not able to recover your passwords if you can’t remember them.
Two types of cookies are widely used by websites:
- Session cookies: A session cookie enables websites to offer certain features to you on the site and is deleted immediately from your computer when you leave the site.
- Persistent cookies: A persistent cookie, which normally remains in your browser after you leave the site or close your browser and can be used by your browser on subsequent visits (ie. to help you stay logged in on a follow-up session).
You are free to configure our client applications to accept or reject all cookies. If you reject all cookies, you might not be able to use some services provided by the websites you browse. If you choose to accept cookies, the cookies will only be saved on your device and will be passed via our servers (cached in a connection-based and encrypted vault on our server, for better user experience) on to the destination websites that request it.
We log anonymous activities in the format of standard web logs, whose information includes source addresses, destination addresses, and URLs. The logs are used to generate reports for internal data analysis, troubleshooting, and self-defense. The reports have aggregated statistical data and are anonymous, which means no individual user data will be included.
We purge the logs after 100 days and only keep the reports. Logs are only used internally, while recent reports are sometimes used externally, e.g., for fund-raising due diligence.
Device related information
We may also collect information about the App version, App-specific IDs, and operating system versions, device models, location data of your mobile devices, as well as connection status during your usage of the App. This information (excluding personal information) may be used for user research and service improvement purposes.
Web page contents
Even though the URLs of the web pages are logged, the contents of the web pages are not logged. In fact, the contents will never be logged, and this policy will be strictly enforced. However, be aware of the possibility of surveillance by intelligence agencies in your home country and our home country.
Files, videos and images
We do not store or cache any pictures, files, or videos that you browse or watch on our servers. Images or files will only be cached on your device for better user experience, and you are always free to purge them via “Settings” in the App.
We use cloud storage services that you authorize in the App to store files that you choose to download to the cloud, e.g. when you download a file on a web page, you can choose to download it to your cloud storage services. Only the user who grants access to the downloaded file can view it via the App, and no one inside or outside of CloudMosa has access to any file you have chosen to download to cloud storage. We do not store file transfer information on our servers. Your download records are stored on your device, and you are free to purge the records via “Settings” in the App.
Videos are requested directly from the user’s device and only on some rare cases when they won’t play or for network traversal reasons, they will be relayed via our servers. Live video streaming is not proxied via our servers but streamed directly to user’s devices. For some of our App or Services, e.g. Puffin Secure Browser, videos or video streams will be rendered or streamed via our servers for security reasons. Videos will not be stored or cached on our servers.
Cloud storage authorization
The download feature requires cloud storage authorization (for storing user’s downloaded files to their cloud storage services) to work properly. The authorization information will be stored on your device and will be passed via our servers to the cloud storage services that you authorize in the App when you choose to download files to your cloud storage accounts.
You are free to purge the cloud storage authorization information stored on your device anytime. However, if you choose to purge the information, you will be asked to authorize the cloud storage services again when you wish to download files to your cloud storage accounts.
We use our servers located in different countries to improve the user experience. The side effect is that the websites receive our servers IP rather than yours.
Puffin does forward your real IP address through XFF header for websites that need this information. Although we pass your IP to websites via XFF, some websites don't support this standard.
The Incognito mode feature allows you to browse the web while protecting your privacy. We will not save the pages viewed in Incognito mode in your browsing history or any information entered in forms. Cookies and site data are deleted when you leave the Incognito mode.
The General Data Protection Regulation (GDPR) is a European privacy law that took effect on May 25th, 2018. Established by the EU Parliament, the GDPR regulates how individuals and organizations can obtain, use, store, and remove personal data. You may read the full text of the law here.
Data Access, Portability, and Deletion
We do not store the user’s personal information on either our servers or our client applications. We do store cached images and files, cloud storage authorization (for storing user’s downloaded files to their cloud storage services), users’ browsing history, passwords or information entered in forms on our client application on user’s devices to bring a better user experience. However, users are free to purge these data stores on their devices via “Settings” in our client applications.
We are very serious about security. Our server refuses network connection if the connection is under the "man-in-the-middle" attack.
All network traffic from our clients to our servers is encrypted by the 2048-bit public-key encryption. No one inside or outside of CloudMosa will have access to it. Only the user who initiated the request (to browse any web pages) will be able to see the rendered result on their own devices.
We patch SSL security loopholes and trust only its server certificate. Any "faked" certificates through corporate/enterprise, Internet service providers, and government agencies will not work.
We do not comply with external requests for user information. The only exception is that we may cooperate with law enforcement agencies as required by law when we receive a request to aid in a criminal investigation.
You may opt-in to receive newsletters and other marketing information that may be of interest to you by filling out forms or surveys on the https://www.puffin.com website. The personal information you submitted will not be shared with any third parties. You may opt-out of receiving any, or all, of these marketing communications by contacting us. Please note that we may still send you transactional or administrative messages related to the App or Services even after you have opted out of receiving marketing communications.