Security & Privacy

Complete documentation on how Clouder handles your Cloudflare credentials and keeps your data safe.

TL;DR

Your credentials never leave your device. All API calls go directly to Cloudflare. You can verify this yourself and revoke access instantly from your Cloudflare dashboard.

How authentication works

The two-token architecture

Clouder uses a secure two-token system designed to minimize risk and maximize your control:

Your Token (Root Token): When you log in, you provide a Cloudflare API token with permission to create other tokens. This is stored on your device and only used to create the Clouder App Token.
Clouder App Token: The app creates a scoped, limited-permission token called Clouder-App-{device-id}. This is what's used for all API operations.

Your device

Root Token

Stored locally

Creates

Clouder App Token

Scoped • 30-day expiry

api.cloudflare.com

Direct connection • HTTPS/TLS

No intermediary servers

Credentials stay on device

Revocable anytime

Why this architecture?

Principle of Least Privilege: The Clouder App Token only has specific permissions, not full account access
Visibility: You can see the token in your Cloudflare dashboard at any time
Revocability: Delete the token from Cloudflare and Clouder loses all access immediately
Auto-Expiration: Tokens expire after 30 days for additional security

Token permissions

The Clouder App Token is created with these specific permissions:

Permission	Purpose
Workers Scripts	Manage Workers deployments
Workers R2 Storage	Browse and manage R2 buckets
Workers KV Storage	Manage KV namespaces
D1	Query and manage D1 databases
Pages	Manage Pages projects
Analytics	View zone analytics
Zone	Manage zones/websites
DNS	Manage DNS records
Stream	Manage video streaming
Vectorize	Manage vector databases
Workers AI	AI inference
Queues	Manage message queues
Cloudflare Tunnel	Manage tunnels
Images	Manage Cloudflare Images

Where is your data stored?

Data	Storage Location	Sent Externally?
Root API Token	iOS UserDefaults (on-device)	No - only to api.cloudflare.com
Clouder App Token	iOS UserDefaults (on-device)	No - only to api.cloudflare.com
Account ID	iOS UserDefaults (on-device)	No - only to api.cloudflare.com
Device ID	iOS UserDefaults (on-device)	No
App Preferences	iOS UserDefaults (on-device)	No

No Clouder Servers: There is no "Clouder backend" or intermediary server. All API calls go directly from your device to api.cloudflare.com.

How to verify this yourself

Method 1: Check your Cloudflare dashboard

Log into your Cloudflare account at dash.cloudflare.com
Go to My Profile → API Tokens
Look for a token named Clouder-App-XXXXXXXX
Click on it to see the exact permissions granted

Method 2: Monitor network traffic

Use a proxy tool like Charles Proxy or Proxyman to verify all traffic goes only to Cloudflare:

✓ api.cloudflare.com - All API calls
✓ cloudflare.com - OAuth (login only)

✗ No analytics services (Google Analytics, Mixpanel, etc.)
✗ No third-party servers
✗ No "clouder.com" or similar backend
                    

How to revoke access

Option 1: Delete the Clouder token (recommended)

Go to dash.cloudflare.com
Navigate to My Profile → API Tokens
Find Clouder-App-XXXXXXXX
Click Delete

This immediately revokes all access. The app will no longer be able to make any API calls.

Option 2: Delete the app

Deleting the app removes all locally stored credentials. However, the Clouder App Token will still exist on Cloudflare until it expires (30 days) or you delete it manually.

Recommended: Delete the token from Cloudflare first, then delete the app for complete cleanup.

Frequently asked questions

Can Clouder access my Cloudflare account without my knowledge?

No. You must explicitly provide a token, and any token Clouder creates is visible in your Cloudflare dashboard.

What happens if Clouder is compromised?

Even in this scenario, attackers would only have access to what the scoped Clouder App Token allows. They cannot access your root Cloudflare credentials. You can immediately revoke access by deleting the token from your Cloudflare dashboard.

Does Clouder collect analytics or telemetry?

No. There is no analytics SDK, no crash reporting to third parties, and no telemetry. The app simply talks to Cloudflare's API.

Why should I trust a closed-source app?

Several reasons: (1) You can verify network traffic yourself, (2) The token is visible and revocable in your Cloudflare dashboard, (3) Apple reviews apps for malicious behavior.

Is my data encrypted?

In transit: Yes, all API calls use HTTPS/TLS to Cloudflare.
At rest: Data is stored in iOS UserDefaults, sandboxed to the app. Device full-disk encryption (when enabled) protects this data.

Questions or concerns?

We take security seriously. If you have any questions, concerns, or discover a security issue, please contact us:

Email: security@getclouder.app

Last updated: December 2024 | Document version: 1.0