Last Updated: February 26, 2026
Plume Design, Inc., its subsidiaries and branch offices (“Company” or “we”) offers software, hardware, mobile applications (“Mobile Apps”), websites (including opensync.io), network traffic management, and related services that deliver smart home and enterprise-grade small business services built on self-optimizing WiFi technology (altogether, the “Services”). This Privacy Policy (the “Privacy Policy”) explains how Company processes your personal information in connection with the Services. This Privacy Policy also covers rights and choices to your personal information.
For the Services:
- You are a “Customer” if you are the (employee of a) legal or natural person that purchases or subscribes to the Services and/or if you avail of customer support services provided by us in respect of the Services.
- You are a “User” if a Customer has provided you with access to the Services.
Throughout this Privacy Policy, we use the following terms with the following meanings:
- Services Data means data that we generate or derive from your use of the Services.
- Customer Network means the WiFi network that a Customer creates by using the Services together with Customer Network Equipment.
- Customer Network Equipment means Company’s SuperPods and similar WiFi extenders, OpenSync-enabled gateways, and other on-premise WiFi network equipment that a Customer acquires or that a internet service provider makes available.
Generally, Company is a processor of User personal data except for data collected for services management purposes and Services Data. In those cases, Company is a data controller of User data.
Please use the following headings to jump to the relevant sections in our Privacy Policy:
- WHEN AND WHERE DOES THIS PRIVACY POLICY APPLY?
- WHAT PERSONAL INFORMATION DOES COMPANY COLLECT AND WHY?
- HOW DOES COMPANY USE PERSONAL INFORMATION?
- DOES COMPANY USE AUTOMATED PROCESSING?
- HOW DOES COMPANY SHARE PERSONAL INFORMATION?
- HOW DOES COMPANY PROTECT PERSONAL INFORMATION?
- HOW LONG DOES THE COMPANY RETAIN PERSONAL INFORMATION?
- WHAT CHOICES ARE AVAILABLE FOR PERSONAL INFORMATION?
- HOW DOES COMPANY PROTECT CHILDREN’S PRIVACY?
- DOES COMPANY TRANSFER PERSONAL INFORMATION TO OTHER COUNTRIES?
- WHEN IS THIS COMPANY PRIVACY POLICY CHANGED?
- WHO DO I CONTACT WITH QUESTIONS?
- PRIVACY RIGHTS AND CHOICES IN SPECIFIC JURISDICTIONS
1. WHEN AND WHERE DOES THIS COMPANY PRIVACY POLICY APPLY
WHEN AND WHERE DOES THIS COMPANY PRIVACY POLICY APPLY
?
The Privacy Policy applies in these cases:
▪ You create a Plume Home or WorkPass account.
▪ We collect personal information to manage, secure or bill the Services.
▪ We analyze Services Data to improve the Services.
▪ You visit www.plume.com or opensync.io to learn more or download resources.
It does not apply when you:
▪ Connect to a Customer Network; that Customer’s privacy policy applies instead.
▪ Visit another website or service from a link, please review the privacy policy for that company instead.
2. WHAT PERSONAL INFORMATION DOES COMPANY COLLECT AND WHY
WHAT PERSONAL INFORMATION DOES COMPANY COLLECT AND WHY
?
Company may collect personal information about you in the following ways.
a. Information you choose to give us
| Types of Personal information | Why this Personal Information is Collected | Lawful Basis |
| Contact and account information. Name, email address or other username, password, telephone number, and similar contact information and purchase related contact information (for example, billing and delivery address, payment information, and similar information necessary to complete a purchase); profile nicknames and profile photos. | · To create and maintain your account for the Services. · To create a Customer profile, such as a User profile displaying devices connected to a Customer Network. · To enable Company’s internet service provider (ISP) and other partners to use Services for data analytics about Customer Networks and targeted marketing. · To verify identity for certain Services. · To complete a purchase of Company products, such as a purchase of Company SuperPods. Payment card information is handled by a third-party payment processor, not Company. · For customer service. · To provide information that you request. · For marketing and promotions that Company may offer. · To send information that we think will interest our Customers, which is sometimes personalized based on the information associated with their accounts. · To request customer feedback, such as through a survey about a new product feature. · For research and innovation, such as algorithmic data matching that enables Company and its business partners to better understand how Users interact with Customer Networks. | We have a legitimate interest in providing account related functionalities to Users. We use your personal information to perform our contract to provide the Services. In some contexts, our use is also based upon your consent. |
| Location Data. location is derived from IP addresses on a Customer Network and is not precise geolocation. | · To provide certain features of the Services, such as to recognize a device that connects to a Customer Network. · To customize the experience of the Services. · To provide customer support. | We have a legitimate interest in understanding our Users and providing tailored services. We use your personal information to perform our contract to provide the Services. In some contexts, our use is also based upon your consent. |
| Information associated with a social media account. | · When you connect with Company or connect to a Customer Network through a social media platform, such as Facebook or X, we collect the personal information permitted by the social media platform and your account permissions. (Your personal information also is subject to the social media platform’s privacy policy and practices.) Some of this information is automatically collected. | We have a legitimate interest in understanding our Users and providing tailored services. In some contexts, our use is also based upon your consent. |
| Personal information you share through the Services. | · To manage features of the Services that allow you to share your personal information. · When you receive customer support, including contents of communication that you share by using our chatbot. · To respond to your request in a form filled out on Company’s website to download content or attend an event. | We have a legitimate interest in receiving and acting upon feedback. We use your personal information to perform our contract to provide the Services. In some contexts, our use is also based upon your consent. |
b. Information automatically collected by the Services or Mobile Apps
| Category of Personal Information that Company Automatically Collects | Types of Personal Information Automatically Collected | Lawful Basis |
| Information about Customer Networks. | · network addresses, Internet connections, and operating statistics of Customer Network Equipment. · type, operating system and other identifying information about Customer Network Equipment and computers, and mobile devices connected to a Customer Network. · Internet service provider (ISP) name and Internet protocol (IP) address, ISP speeds, and outages. · data about movement of computers and mobile devices while connected to Customer Networks. · log information from Customer Network Equipment. For instance, connected computers and mobile devices, and their software and hardware versions and connection time. · Customer Network metadata, such as DHCP fingerprints, HTTP user agents, UPnP, and mDNS data to identify devices and IP addresses. · domain name system requests. · current and historical data transfer speeds and consumed data amounts. · hostname and nicknames of Customer Network Equipment and access points. · source and destination traffic headers, IPs, ports, packet and byte counts, TLS/HTTPS handshake metadata, and DNS requests. | We have a legitimate interest in understanding our Users and providing tailored services. We use your personal information to perform our contract to provide the Services. |
| Data about use of Mobile Apps | · mobile operating system and versions, Bluetooth data, usage data, and crash reports for the Mobile Apps. | We have a legitimate interest in understanding how you use the Mobile Apps. We use your personal information to perform our contract to provide Company’s Mobile App-related services. In some contexts, our use is also based upon your consent. |
| Digital well-being data. (Data about use of a Customer Network available to a Customer Network’s administrator when certain safety controls and security features are turned on in the Services.) | · computers and mobile devices that currently connect to a Customer Network. · connection duration of specific computer or mobile device. · attempted or actual use of a computer or mobile device to access a blocked domain. | We have a legitimate interest in using this personal information to prevent fraud and to ensure security of the Services. We use your personal information to perform our contract to provide the Services. |
| Information specific to a Customer Network created using Plume Home. | · motion in the home, which we collect as disruptions in Wi-Fi waves in the Customer Network and which collectively provide a pattern of motion and motion history. · metadata about time spent using various Internet applications that are accessed through the Customer Network. | We have a legitimate interest in understanding our Users and providing tailored services. We use your personal information to perform our contract to provide the Services. |
| Information specific to a Customer Network created using WorkPass. | · data from users of a small business Customer Network that lets the administrator identify connected users, such as name, email, location, birth year, gender, phone, profile photo, and social media handle. Many fields are optional or depend on social media settings. | We have a legitimate interest in understanding our Users and providing tailored services. We use your personal information to perform our contract to provide the Services. |
| Data collected using cookies, pixel, web beacons, and similar data collection technology. | · browser type, operating system version, domains, IP address, browser type, internet service provider, and mobile network of visitors to Company’s websites. · how devices interact with Company’s websites, including visit times, searches, clicks, page views, and videos watched. · data about third-party sites you visit before Company, used to improve ad relevance. · interactions with Company marketing, such as when emails are opened, to measure campaign success. | We have a legitimate interest in making the Services operate. We also use it to understand how you interact with our websites, gather analytics, improve the Services, and learn your preferences. We may also use this data to help detect and prevent fraud.Where required by law, we base the use of technologies upon consent. |
c. Information collected from third parties
We may receive personal information from:
▪Internet-connected devices like Google or Amazon services (no audio files received or processed).
▪Location services (not precise geolocation).
▪Purchases via Company websites or app stores (we do not access full bank/credit/debit card numbers).
▪Vendors or publicly available sources to improve Services.
▪ Law enforcement or government authorities.
d. Other information collected with your consent
We may ask you for your consent to collect specific types of personal information. For instance, when you choose to participate in events, request exclusive content, or participate in testing new products or features.
3. HOW DOES COMPANY USE PERSONAL INFORMATION
?
Company may also use personal information:
∙ To operate and provide the Services for its small business and internet service provider Customers:
o Create User accounts and verify User identity.
o Provide customer support and respond to customer requests.
o Identify security threats (e.g., malicious Internet locations or websites) and activity that may indicate unauthorized use of Customer Networks.
o Schedule network optimizations and firmware updates for Customer Network Equipment.
o Enable Customer Network administration, such as offering tools for administrators to manage access, security and confidentiality policies, blocking content identified as inappropriate in accordance with content filters set by the Customer Network administrator and generating live motion visuals and motion history for Customer Networks.
o Offer data analytics tools that enable Customers to match and augment their own data sets with data generated by Customer Networks in order to help improve market and audience segments and profiles, identify and analyze trends and better target advertising campaigns.
Whether Company is a controller or processor depends on the Customer relationship. If you have questions about whether Company is a processor or controller of your personal information, please contact the administrator of the Customer Network you are using or privacy@plume.com.
∙ For Company’s lawful business purposes. Company processes personal information as a controller to:
o Monitor use of and protect the Services and information processed through the Services.
o Track customer support, billing and account management.
o Analyze, measure the effectiveness of and improve the Services.
o Identify customer needs and develop new products and services to meet them.
o Conduct marketing about the Services or related third-party products and services (where permitted).
o Invite Customers and others to participate in market research and testing of current and new features or products.
o Create statistical analyses and segment and combine data sets to identify trends
o Detect and prevent fraud (e.g., if you provide a credit or debit card, we may use third parties to check the validity of the sort code, account number and card number you submit).
o Enforce Customer contracts and other legal agreements.
o Prevent, investigate and/or report security incidents, crime, fraud or misrepresentation.
o Generate deidentified or aggregate data containing only information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular User, which we may use or disclose for any lawful purpose, provided that we will use deidentified data only in deidentified form and not to attempt to reidentify the information except as permitted by applicable law.
∙ To comply with applicable laws and protect legal rights. Company processes personal information as a controller to:
o Enforce and investigate actual or suspected violations of our agreements.
o Protect the safety, security and legal rights of Customers and Users of Customer Networks.
o Detect, prevent and remediate fraud or other unlawful behavior, security issues and other technical issues related to the Services.
∙ For other reasons with your consent.
4. DOES COMPANY USE AUTOMATED PROCESSING
?
Where permitted by law, Company uses automated decision-making, including profiling tools. We provide notice or obtain consent for, or allow you to opt out of, automated processing as required.
We use automated decision-making in the following situations:
∙ To analyze certain personal information for targeted marketing strategies.
∙ To support interconnections with Facebook, Google, and similar providers for advertising on behalf of a CSP partner.
∙ For behavior-based modeling and customer segmentation analysis.
∙ For data loss prevention.
∙ To monitor use of the Services in accordance with content, governance, and information security policies.
∙ To comply with legal obligations and defend legal rights.
∙ To prevent, investigate and/or detect unauthorized or illegal use of the Services.
If you live in certain places, you can request human intervention, to express your point of view and to contest the decision based on automated processing.
5. HOW DOES COMPANY SHARE PERSONAL INFORMATION
?
Company shares personal information with the following categories of recipients:
∙ Professional advisors. For instance, lawyers, accountants, insurers and information security, and forensics experts.
∙ Marketing vendors. To help promote the Services (such as by email marketing).
∙ Service providers. To allow them to perform services on our behalf, including data analytics, geo-location based on IP address analytics, data security, cloud storage providers, ecommerce operations, surveys, research, administration of promotions, offers and promotions, and otherwise to help us carry out our business.
∙ Business partners, such as the providers of the Internet-connected devices and services that a Customer chooses to connect to a Customer Network (e.g., Google Nest and Amazon Alexa). If you acquire the Services through a CSP or other Internet service provider, Company shares personal information with that provider. Company also shares personal information with partners to enable them to segment their customers who are Users based on machine learning-determined “traits” of that location.
∙ Potential or actual acquirers or investors. and their professional advisers in connection with any actual or proposed merger, acquisition or investment in or of all or any part of our business. We will use our best efforts to ensure that the terms of this Customer Privacy Policy apply to personal information after the transaction or that Users receive advance notice of changes to personal information processing.
∙ Our subsidiaries/branch offices in Canada, India, Ireland, Poland, Japan, Slovenia, Spain, Switzerland, Taiwan, and UK (Plume Entities).
∙ Competent law enforcement, government regulators, and courts. When we believe disclosure is necessary (i) to comply with the law, (ii) to exercise, establish or defend legal rights, or (iii) to protect the vital interests of Users, business partners, service providers or another third party.
∙ Other third parties with your consent.
6. HOW DOES COMPANY PROTECT PERSONAL INFORMATION
?
Company uses technical, physical, and administrative safeguards to protect the personal information that we process from unauthorized access and use.
Our safeguards are designed to provide a level of security appropriate to the risk of processing your personal information and include (as applicable) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal information.
You are responsible for maintaining the security of your account credentials. Company will treat access to the Services through your account credentials as authorized by you.
7. HOW LONG DOES THE COMPANY RETAIN PERSONAL INFORMATION ?
We keep your personal information only as long as we need it for the reasons explained in this Privacy Policy unless the law requires or allows us to keep it longer. This includes the purposes of satisfying legal, accounting, or reporting requirements.
When determining the relevant retention period, Company considers the amount, nature, and sensitivity of the personal information.
8. WHAT CHOICES ARE AVAILABLE FOR PERSONAL INFORMATION
?
Company offers various options in the Services for exercising choices about personal information processing, including:
Opting out of Company’s Marketing Emails: To stop receiving promotional emails from Company, please click the “Unsubscribe” link at the bottom of the email. Your account settings may also allow you to change your notification preferences. After you opt out, we may still send you service-related communications.
Account Deactivation: You can deactivate your Company account through the Mobile App (for Plume Home) or through the Company website and by contacting Customer Support (for other Services).
Mobile Device Tools: Mobile operating systems and mobile app platforms (for example, Google Play, App Store) let you control permissions for contacts, location, and notifications. You can allow or deny data collection and push notifications in your device settings. You can stop all data collection by uninstalling a Mobile App. After uninstalling a Mobile App, check your device settings. Delete any app-related IDs or activity.
Other rights and choices about your personal information depend on your place of residence and the applicable Services. Please see Section 13 for more information.
IF YOU RESIDE IN A JURISDICTION WITH PRIVACY LAWS THAT OFFER YOU PRIVACY RIGHTS NOT DESCRIBED IN THIS PRIVACY POLICY, PLEASE CONTACT COMPANY AT PRIVACY@PLUME.COM. COMPANY RESPECTS YOUR PRIVACY RIGHTS AND WE WILL DO OUR BEST TO ACCOMMODATE YOUR REQUESTS.
9. HOW DOES COMPANY PROTECT CHILDREN’S PRIVACY
?
You must be the age of majority in your place of residence or older to subscribe to the Services. Company does not knowingly collect personal information from minors without parental consent.
10. DOES COMPANY TRANSFER PERSONAL INFORMATION TO OTHER COUNTRIES
?
Where possible, Company uses appropriate safeguards to protect personal information that we transfer to third countries. Company uses standard contracts to protect personal information shared with affiliates, suppliers, and partners. To request information about Company’s standard contractual clauses and other safeguards for cross-border personal information transfers, please contact privacy@plume.com.
For transfers of personal information from the European Union, the United Kingdom and Switzerland to the United States, Company currently complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework. For more information, please see the Design Data Privacy Framework Privacy Policy available at www.plume.com/legal/en-GB/data-privacy-framework.
11. WHEN IS THIS COMPANY PRIVACY POLICY CHANGED
?
Company may update this Privacy Policy in response to changing legal, technical, or business developments. If changes are material, the Privacy Policy that was in place when you submitted personal data to us will govern that data unless you acknowledge the new Privacy Policy. Our Privacy Policy shows “last updated” dates above. The last updated date is the date that we last made substantive changes.
Prior versions available upon request at legal@plume.com.
12. WHO DO I CONTACT WITH QUESTIONS
?
If you have questions or comments about the Privacy Policy or Company’s privacy practices, please contact us:
∙ by email at privacy@plume.com
∙ by mail at: Plume Design, Inc. Attn: Privacy 325 Lytton Avenue, Palo Alto, CA 94301
13. PRIVACY RIGHTS AND CHOICES IN SPECIFIC JURISDICTIONS
RESIDENTS OF THE U.S.: Please also seeU.S. Privacy Rights Notice at https://www.plume.com/legal/privacy-rights-notice/.
RESIDENTS OF EEA, SWITZERLAND, AND UK:
For users of certain Services and/or Customer Network Equipment, Plume Entities may act as controller or processor, depending on your service and location.
Please contact us if you have any questions regarding who is responsible for your personal data.EU Representative. Company’s EU representative is Plume Design d.o.o., Železna cesta 14, 1000 Ljubljana, Slovenia.
Data Protection Officer. Company’s data protection officer is available at privacy@plume.com.
Data Subjects Rights. When you reside in the EEA, Switzerland or the UK, you have the right to request:
∙ Access to your personal information. You may ask us to provide you with a copy of your personal data.
∙ Rectify your personal information. You may ask us to correct inaccurate or incomplete personal information.
∙ Erase your personal information. If required by law, we will grant such a request. In many cases, we must keep your personal information comply with legal obligations, resolve disputes, enforce agreements, or for other business purposes.
∙ Object to or restrict the processing. You may object to certain processing of your personal information, or ask that we restrict the processing of your personal information.
∙ Data portability. You may ask to receive access to your personal information in a portable, machine-readable form.
If we process your personal information based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You may submit these requests via our Data Subject Rights Request Form or by sending your request to privacy@plume.com.
Data Protection Authority. If you are not satisfied with our response and are in the European Union or United Kingdom, you may have a right to lodge a complaint with your local supervisory authority.
RESIDENTS OF JAPAN
Company shares personal information collected from or about residents of Japan or otherwise subject to the privacy laws of Japan under the following terms:
∙ All personal information described in this Privacy Policy is used jointly (under the privacy laws of Japan).
∙ The joint users are the Plume Entities (as defined in Section 5).
∙ The purpose of joint use of personal information is described above in this Privacy Policy.
∙ Plume Design, Inc., 325 Lytton Ave., Palo Alto, CA 94301 is responsible for the management of personal information under this Privacy Policy.
RESIDENTS OF SINGAPORE
If you believe that Company’s personal information processing violates applicable law, please contact privacy@plume.com. You also have the right to lodge a complaint with the PDPC as follows:
Personal Data Protection Commission Singapore.
Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438.
Prior versions: October 24, 2024 December 20, 2022, June 29, 2022, September 30, 2021