Cool Maze privacy terms
These terms apply since April, 2022.
These terms may evolve. In case this happens, the new terms will apply to data transferred after the new terms have been published. The new terms won't revoke protections granted to previously transferred data.
Cool Maze (the Service) is an online system to transfer data from a source device A to a target device B.
The User must be in control of the source device A, of the browser of the target device B, and of the data D to be transferred from A to B.
The Service is provided free of charge for the User.
The Service is provided without any guarantee, except the best-effort policy to respect the privacy of the personal data of its Users.
The Service doesn't use and doesn't store the identity of its Users.
The Service doesn't correlate its usage with Users' internet browsing data, nor with other apps usage.
The only personal data involved is the payload D that the User explicitly requests to transit by the Service, using a "Share via ... Cool Maze" action.
The data D sent from A to B is routed through intermediary servers: the Brokers and the File server.
All data transfers are protected by the HTTPS protocol:
- Web pages from Service to User web browser
- Short text messages from User mobile device A to Brokers
- Files from User mobile device A to File server
- Short text messages and notifications from Brokers to target computer web browser B
- Files from File server to target computer web browser B
The transferred data D is kept private and is never made publicly available.
The transferred data D is not disclosed to third parties.
The transferred files are provided to the target B through short-lived URLs. The URLs expire after a maximum of ten minutes. This means that after ten minutes, the User cannot use a specific URL anymore. Expiring URLs do not prevent the User from saving the transferred files to the storage of target device B.
The Service uses cloud computing infrastructure providers. The facilities are Google App Engine, Google Cloud Storage, and Pusher.
Cool Maze for Android uses end-to-end encryption (E2EE) since its version 1.1.1909 released in September 2019. This means that the service owner and the cloud infrastructure vendors can't read the data D transiting through the Service.
Cool Maze for iOS currently doesn't implement end-to-end encryption. This means that the service owner could (theorically) read the data D transiting through the Service. The infrastructure providers are bound by explicit privacy policies. However, it is technically feasible that they read the data D transiting through the Service. Whether this would constitute a violation of their own policies is debatable on a case-by-case basis.
Anonymous data may be gathered for statistics purpose. This data includes, and is not limited to:
- country and city of usage,
- size and type of transferred data D,
- actions made by the same User,
- software quality metrics, such as the timing performances of Service processings.
Data sent from the mobile to the server, necessary for proper message delivery:
- The unique ID of the current "Share" action
- The unique ID of the ephemeral communication channel of the current "Share" action
- The encryption scheme used by the current "Share" action to achieve E2EE (when E2EE is active)
- The Initialization vector (IV) used by the current encryption scheme of the current "Share" action to achieve E2EE
- Cryptographic key
- Number of resources being shared by the current "Share" action
- Index (zero-based) of the resource being shared
- Text message being shared or URL to the resource being shared (when E2EE is active, this field is encrypted)
- Filename of the resource being shared (when E2EE is active, this field is encrypted)
- Thumbnail of the resource being shared (when E2EE is active, this field is encrypted)
- Whether the shared resource was resized by the Cool Maze mobile app
- The width of the shared resource (after optional resizing)
- The height of the shared resource (after optional resizing)
- Number of resource bytes already sent, when the QR-code is scanned
- File server path to the data being shared
- Hash of the resource being shared (not used when E2EE is active)
- The Cool-Maze mobile app User Agent contains: App name, App version, App build number, plus 3 fields for service quality monitoring
Data sent from the mobile to the server for service quality monitoring:
- Mobile connexion type: wifi, or mobile data
- MIME type of the resource being shared
- File extension of the resource being shared
- Number of "Share" actions made by the current mobile app instance (since installation)
- Whether Cool Maze is displayed in Dark Mode
- Time to resize the resource on the mobile to reduce it, in milliseconds
- Time to resize all the resources of a multiple share action on the mobile, in milliseconds
- Size of the original resource, before resizing
- Time to encrypt the resource on the mobile before uploading, in milliseconds (when E2EE is active)
- Time to upload the single resource from the mobile to the cloud File server, in milliseconds
- Time to upload all the resources of a multiple share action from the mobile to the cloud File server, in milliseconds
- Time between the start of the "Share" action and the QR-code scan, in milliseconds
- Mobile display language
- Mobile user locale
- The Cool-Maze mobile app User Agent contains: App installation ID, mobile OS, mobile model, plus 3 necessary App fields
Data sent from the target web browser to the server for service quality monitoring:
- Time to fetch (download) the resource from the cloud File server, in milliseconds
- Time to prefetch (download before scan) the encrypted resource from the cloud File server, in milliseconds
- Time to decrypt the resource on the target web browser, in milliseconds
- Time between the generation of the QR-code and a scan notification for a single resource received by the web browser, in milliseconds
- Time between the generation of the QR-code and a notification of (single or multiple) resource ready received by the web browser, in milliseconds
- Short-lived cookie (36h) used for prefetch performance optimization
©2017-2023 Bartalog Software