Cloud Phone Privacy Policy

Updated: November 21, 2023

Your privacy is of utmost importance to us. We hold a deep respect for the privacy of our users and are fully committed to its protection. Our primary goal is to provide secure and user-friendly services that enhance your feature phone browsing experience. When you use our services, you entrust us with your information, and we take this responsibility very seriously. We work tirelessly to safeguard your data and ensure that you always remain in control.

This Policy outlines how we collect, use, and disclose your data. It is applicable to your interactions with CloudMosa and the Cloud Phone products, collectively referred to as 'Services' or ‘Service’ within this notification.

CLOUD WIDGETS

A cloud widget refers to a small, specialized application or interactive component developed by third-party content providers or developers (“Developers”) specifically designed to enhance the user experience on the Cloud Phone platform. These widgets are hosted on Developers’ remote servers, enabling feature phone users to access various internet services, functionalities, or content without the need for extensive local resources. Cloud widgets may encompass a wide range of features, including but not limited to, real-time updates, interactive interfaces, multimedia content, and dynamic information retrieval, all of which are made available to users through the Cloud Phone service. Please note that the usage and data collection policies of these cloud widgets are governed by their respective providers, and users are encouraged to review the privacy practices of these third parties when utilizing cloud widgets on the Cloud Phone platform.

HANDLING OF THE DATA

Collection of Information

We collect various types of device-related information from your device. It's crucial to note that whether this data falls within the scope of personal data is subject to the definition provided by applicable data protection laws.

Use of Data

We may use the data we collect to customize our products and services according to your preferences, delivering more relevant offerings that align with your profile and interests. This may include providing recommendations and displaying customized content within our services.

Cookies

When you use the Service to access cloud widgets on your feature phone, these cloud widgets also use cookies to enhance their functionalities, track web traffic data, and enhance the overall user experience. It's important to note that these cookies are only passed through our servers to reach the destination that requests them during an active session.

Logs

We log anonymous activities, including your IP address, the date and time of your request, and URLs. We use this data for internal data analysis, troubleshooting, and self-defense. These reports are aggregated statistical data and include non-personal information. We purge the logs after 180 days and only keep the reports. Recent ones may be used based on reasonable external requests, e.g., for fund-raising due diligence.

Device Related Data

We collect various technical details and identifiers, such as IMEIs, MACs, S/Ns, UUIDs, and more. Additionally, we may acquire information regarding the app version, app-specific IDs, operating system versions, device models, location data from your mobile devices, and connection status during your use of the Service. This data, which does not contain personally identifiable information, is used for user research and to improve our services. We also process this data to prevent fraud, abuse, and address legal responsibilities.

HOW LONG WE STORE THE DATA

Session Logs

Upon the user's initial use of the Service, a unique device identifier (“UDI”) will be generated and stored exclusively on the user's device. In the context of the Avatar engine, certain third-party cloud widgets may collect data such as Cookies, Local Storage, IndexedDB, etc. All of this data is encrypted using the UDI before being stored on our servers. It's important to note that only the specific device associated with the corresponding UDI can access this encrypted data. The UDI is exclusively utilized in the Random Access Memory (RAM) of our servers during active sessions when websites request access to data like Cookies. Rest assured that the UDI remains on the user's device and is never transmitted or stored outside the user's device during these processes.

Rest of Data

CloudMosa retains the data only for as long as necessary to meet the purposes for which it was collected, as explained in this Privacy Policy or in our service-specific privacy notices, or as mandated by applicable laws. When determining how long to retain data, we prioritize efficiency and resource management, striving to retain the data for the shortest period necessary under the law. When it comes to data removal, we take steps to ensure that the data is permanently deleted, making it neither recoverable nor reproducible. This includes a thorough deletion of files containing data.

PROTECTION OF THE DATA

At CloudMosa, we believe that great privacy rests on great security. We use administrative, technical, and physical safeguards to protect the data, taking into account the nature of the data, the processing, and the threats posed. We are constantly working to improve these safeguards to help keep the data secure.

Security

Our Services are fortified with strong security features designed to ensure the continuous protection of your information. Our servers are configured to reject network connections in the event of a "man-in-the-middle" attack. All network traffic from our clients to our servers is meticulously encrypted, guaranteeing data integrity and confidentiality. Individual search results are only visible to the user who initiated the request on their own device. To maintain top-notch security, we diligently patch SSL vulnerabilities and place our trust exclusively in our server certificates. Any attempt to use "faked" certificates by corporations, Internet service providers, or government agencies will be unsuccessful.

We work hard to protect you and CloudMosa from unauthorized access, alteration, disclosure, or destruction of information we hold, including:

  • To maintain your data's privacy during transmission, we employ encryption protocols.
  • We regularly assess our data collection, storage, and processing procedures, which encompass physical security measures, to thwart unauthorized access to our systems.
  • Access to the data is limited to CloudMosa personnel, contractors, and agents who require it for processing. Those with such access are bound by stringent confidentiality agreements, and they may face disciplinary action or termination should they fail to meet these obligations.

The knowledge we acquire through the upkeep of our services enables us to proactively identify and block security threats before they can impact you. In the event that we detect any potentially risky activities that warrant your attention, we will promptly notify you and provide guidance on how to enhance your protection.

Facilities and Data Transfer

Our employees will process your data. We take steps to ensure all transfers are protected by adequate safeguards, including the standard contractual clauses approved by the European Commission, or any other appropriate mechanisms in accordance with GDPR.

All facilities used to store and process your data will adhere to security standards at least equivalent to the standards at facilities where CloudMosa stores and processes its own information of a similar type.

As part of providing the Services, CloudMosa may transfer, store, and process your data in the United States or any other country in which CloudMosa or its agents maintain facilities. We ensure that such transfers comply with GDPR and protect your data adequately. By using the Services, you provide explicit consent for this transfer, processing, and storage of the data, in accordance with the principles and requirements outlined in the General Data Protection Regulation (GDPR)

Data Access, Portability, and Deletion

Under the General Data Protection Regulation (GDPR), you have the right to request the erasure of your data, often referred to as the 'right to be forgotten.’ If you wish to delete your data, follow the steps below:

  1. Launch the App.
  2. Press the LSK (Left Select Key) to toggle the menu.
  3. From the menu shown, press “Clear Data”.
  4. Press the LSK (Left Select Key) to confirm “Yes”.
  5. Your data has now been deleted.

Legal Obligations

We are committed to ensuring your data privacy. However, there are situations where we may not be able to fulfill your request for data erasure, as permitted by the GDPR. We may retain your data when required by law or if erasure conflicts with our legitimate interests in using the data for anti-fraud and security purposes, especially when an account is under security investigation. We may also refuse erasure requests in situations that could jeopardize others' privacy, are frivolous, or are extremely impractical, in line with GDPR guidelines.

WHOM WE SHARE THE DATA WITH

Our data processing operations are conducted on our server infrastructure, which is distributed across various global locations, such as the United States and Singapore. This diverse server network is established to optimize performance and cater to localization requirements. Consequently, it is possible that the data might be transmitted internationally, extending beyond the geographical area where you access our products. In such instances, we are committed to ensuring that the transfer of the data adheres to the required legal framework, including compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws, and comply with the provisions for safeguarding the data as mandated by applicable laws.

DATA PRIVACY COMPLIANCE

GDPR

The General Data Protection Regulation (GDPR) is a European privacy law that took effect on May 25th, 2018. Established by the EU Parliament, the GDPR regulates how individuals and organizations can obtain, use, store, and remove personal data. You may read the full text of the law here. Our Terms of Service and Privacy Policy provide a clear and detailed account of the data we collect and process, the reasons behind this data collection, its intended use, the parties with whom we share it, and the duration for which we retain it.

CCPA

The California Consumer Privacy Act of 2018 (CCPA) is a new law that came into effect on January 1, 2020. Unanimously passed in California, United States, this law mandates that organizations inform users about the personal data they store, ensure the secure management of this data, and grant users the right to opt out of the sale of their data. You can review the full text of the law here. Our Terms of Service and Privacy Policy provide transparent insight into the types of data we collect and process, the purpose behind collecting this data, how it is used, who it is shared with, and the duration for which we maintain it.

COMPANYWIDE COMMITMENT TO YOUR PRIVACY

To make sure the data is secure, we communicate our privacy and security guidelines to CloudMosa employees and strictly enforce privacy safeguards within the company.

POLICY QUESTIONS

If you have questions about CloudMosa’s Privacy Policy or privacy practices, would like to contact us, or would like to submit a complaint, you can contact us at https://www.cloudfone.com/#contact-us or CloudMosa, Inc.,19468 Burgundy Way,  Saratoga, CA 95070, USA.

CHANGES TO THIS PRIVACY POLICY

CloudMosa reserves the right to update this Privacy Policy at our discretion without prior notice as we enhance, add, or remove features. If you do not wish to accept the changes in the Privacy Policy, you can address the matter by uninstalling or discontinuing the use of CloudMosa Services in the future.