Our service runs server-side (i.e as a proxy server) and yes, you have the option of tunneling all of your traffic through it. The concept of managed security services isn't new and we've essentially extended it to 'managed privacy services'. The fact of the matter is, you already trust a great many parties in the ecosystem. Your ISP gets too see 'ALL' of your traffic as do browser extensions (which are sometimes malicious).

The thinking here is that you trust ONE entity (us) and that entity is responsible for deploying best of breed privacy/security techniques on your behalf.

You of course have the option to only selectively route traffic (i.e to simply test application privacy on a test device) or disable SSL filtering. However, it's up to the user. We've also taken steps to ensure that we don't inadvertently expose ourselves to your data, such as breaking out each instance into its own Virtual Machine and encrypting sensitive data in memory.