Last Updated: June 29, 2022
Prior version: September 30, 2021
Plume Design, Inc. and its subsidiaries and affiliates (collectively, Plume or we) offers software, mobile applications (Plume Mobile Apps), hardware, Plume’s user experience management platform and other related services that deliver smart home and enterprise-grade small business services built on self-optimizing WiFi technology (Plume Services). Plume provides this Plume Privacy Policy to explain the personal information that Plume processes and how and why Plume processes it.
This Privacy Policy also describes the rights and choices that you may have with respect to your Personal Information and how to exercise those rights.
Throughout this Plume Privacy Policy, we use the following terms with the following meanings:
- personal information means information that identifies or can be used to identify an individual person and, under some privacy laws that may apply to Plume, information that identifies a specific entity
- processing means any operation (or set if operations), such as collecting, combining and storing, performed on personal information
- controller means the person or entity that determines why and how personal information is processed
- processor means the person or entity processing personal information on behalf of a controller
- Customer Network means the WiFi network created by a Plume customer’s use of the Plume Services together with Customer Network Equipment
- Customer Network Equipment means Plume’s SuperPods and similar WiFi extenders, OpenSync-enabled gateways and other on-premise WiFI network equipment, whether communication provider equipment (CPE) or equipment acquired by the customer.
Plume’s processing of personal information is subject to the laws in the jurisdictions in which Plume operates. Privacy rights also may vary depending on each individual’s place of habitual residence. For more information, please see Section 8.
IF YOU HAVE QUESTIONS REGARDING OUR PERSONAL INFORMATION PROCESSING PRACTICES, PLEASE CONTACT US USING THE CONTACT INFORMATION HERE
This Plume Privacy Policy is divided into the following sections:
- WHEN AND WHERE DOES THIS PLUME PRIVACY POLICY APPLY?
- WHAT PERSONAL INFORMATION DOES PLUME COLLECT AND WHY?
- HOW DOES PLUME USE PERSONAL INFORMATION?
- DOES PLUME USE AUTOMATED PROCESSING?
- HOW DOES PLUME SHARE PERSONAL INFORMATION?
- HOW DOES PLUME PROTECT PERSONAL INFORMATION?
- HOW LONG DOES PLUME RETAIN PERSONAL INFORMATION?
- WHAT CHOICES ARE AVAILABLE FOR PERSONAL INFORMATION?
- HOW DOES PLUME PROTECT CHILDREN’S PRIVACY?
- DOES PLUME TRANSFER PERSONAL INFORMATION TO OTHER COUNTRIES?
- WHEN IS THIS PLUME PRIVACY POLICY CHANGED?
- WHO DO I CONTACT WITH QUESTIONS?
WHEN AND WHERE DOES THIS PLUME PRIVACY POLICY APPLY? When the Plume Privacy Policy applies depends on your relationship with Plume.
The Plume Privacy Policy applies when you are asked to acknowledge it and when Plume is the controller of personal information. For example:
- When you create an account, you are asked to acknowledge that this Plume Privacy Policy applies to your personal information.
- Plume processes your personal information as a controller when Plume collects data (including personal information) for service management purposes, such as to analyze, measure the effectiveness of and improve the Plume Services, to identify and track and record support, to ensure the security and integrity of the Plume Services and for billing and account management.
- When a Plume customer asks you to agree to the customer’s privacy policy before you connect to a Customer Network, then the customer’s privacy policy applies. Generally, Plume is a processor of personal information when a customer’s privacy policy applies – except for personal information that Plume collects for service management purposes.
- If a particular website or service links to a different privacy policy, then that privacy policy – not the Plume Privacy Policy – applies. Please make sure to check those other privacy policies to learn how your personal information is processed.
- WHAT PERSONAL INFORMATION DOES PLUME COLLECT AND WHY? Plume processes personal information to provide and promote the Plume Services and for service management purposes. The specific types of personal information that Plume collects from or about you depends on how you interact with Plume, the Plume Services used and the applicable law.
a. Information you choose to give us
We collect the personal information you choose to share with us. The personal information that you choose to give to us typically includes the following types of personal information:
Types of Personal information | Why this Personal Information is Collected |
---|---|
Contact and account information Name, email address or other username, password, telephone number and similar contact information and purchase related contact information (e.g., billing and delivery address, payment information and similar information necessary to complete a purchase); profile nicknames and profile photos. |
|
Location Data location derived from IP addresses on a Customer Network |
|
Information associated with a social media account |
|
Personal information you share through the Plume Services |
|
b. Information about use of Plume Mobile Apps
When you download and install one of the Plume Mobile Apps on your mobile device or tablet (Mobile Device), the information that we collect depends on the Mobile Device’s operating system and permissions. The Plume Mobile Apps need to use certain features and data from your Mobile Device in order to function. For example, we collect mobile operating system and version, usage data and crash reports for the Plume Mobile Apps. Some information also is automatically collected by the Plume Services (as described in sub-section c below)..
To learn more about the specific information collected by one of the Plume Mobile Apps, please check your Mobile Device’s settings or review the permissions information available on the particular mobile app platform (e.g., Google Play or App Store) from which you downloaded the App. Certain of the Plume Mobile Apps also allow you to check or change your status for certain data collection in the Plume Mobile App’s settings. If you change your settings, certain App features may not function properly.
To stop collection of all information through an App, please uninstall the App.
c. Information automatically collected by the Plume Services
The Plume Services automatically collect certain information from and about use of the Plume Services and Customer Networks. Automatically-collected information is used to help ensure that the Plume Services deliver the best Wi-Fi experience, quality of service and security on Customer Networks. Some automatically-collected information is personal information under certain laws.
Category of Personal information that Plume Automatically Collects | Types of Personal Information Automatically Collected |
---|---|
Information about Customer Networks |
|
Digital well-being data (Data about use of a Customer Network available to a Customer Network’s administrator when certain safety controls and security features are turned on in the Plume Services.) |
|
Information specific to a Customer Network created using HomePass |
|
Information specific to a Customer Network created using WorkPass |
|
Data collected using cookies, pixel, web beacons and similar data collection technology (collectively, data collection technology) |
Please see Plume’s Cookie Policy for more information. |
d. Information collected from third parties
From time to time, Plume receives personal information from third parties that help Plume learn more customers and more effectively promote and improve the Plume Services.
The types of personal information that we receive from third parties are:
- Information from internet-connected devices and services when using the Plume Command (Voice Assistant) service, such as technical data and usage information from the Google or Amazon device connected to a Customer Network. Plume does not receive or process audio files.
- Location information using MaxMind’s GeoIP service
- Personal information associated with purchases. Payments for purchases are processed by third-party payment processors; Plume does not have access to complete bank account numbers, credit card numbers or debit card numbers.
- Personal information from marketing services providers to help identify individuals who may be interested in learning more about the Plume Services and to supplement personal information we already have
- Personal information from the third-party advertising partners that use cookies on the Plume website to collect information about browsing activities over time and across websites. Through a process called “retargeting,” each advertising partner places cookie(s) in your browser when you visit our website so that they can identify you and serve you ads on other websites around the web based on your browsing activity. Please see Plume’s Cookie Policy for more information.
- Personal information from publicly-available sources
- Personal information from law enforcement and other government authorities (but only in rare cases)
When Plume combines personal information from third-party data sources to enhance the personal information that Plume or it customers hold, Plume requires that each third party confirm the lawfulness of its sharing of personal information with Plume for the purposes described in this Plume Privacy Policy.
e. Other information collected with your consent
We may ask you for your consent to collect specific types of personal information, such as when you choose to participate in events, request exclusive content or participate in testing new products or features.
3. HOW DOES PLUME USE PERSONAL INFORMATION? Plume uses personal information to provide and improve the Plume Services, manage our business, protect users and enforce our legal rights.
To operate and provide the Plume Services for its small business and internet service provider customers:
- create user accounts and verify user identity
- provide customer support and respond to customer requests
- identify security threats (e.g., malicious Internet locations or websites) and activity that may indicate unauthorized use of Customer Networks
- schedule network optimizations and firmware updates for Customer Network Equipment
- enable Customer Network administration, such as offering tools for administrators to manage access, security and confidentiality policies, blocking content identified as inappropriate in accordance with content filters set by the Customer Network administrator and generating live motion visuals and motion history for Customer Networks
- offer data analytics tools that enable customers to match and augment their own data sets with data generated by Customer Networks in order to help improve market and audience segments and profiles, identify and analyze trends and better target advertising campaigns
Whether Plume is a controller or processor depends on the customer relationship. If you have questions about whether Plume is a processor or controller of your personal information, please contact the administrator of the Customer Network you are using or privacy@plume.com.
For Plume’s legitimate business interests. Plume processes personal information as a controller to:
- monitor use of and protect the Plume Services and information processed through the Plume Services
- track customer support, billing and account management
- analyze, measure the effectiveness of and improve the Plume Services
- identify customer needs and develop new products and services to meet them
- conduct marketing about the Plume Services or related third-party products and services (where permitted)
- invite customers and others to participate in market research and testing of current and new features or products
- create statistical analyses and segment and combine data sets to identify trends
- detect and prevent fraud (e.g., if you provide a credit or debit card, we may use third parties to check the validity of the sort code, account number and card number you submit)
- enforce Plume’s customer contracts and other legal agreements
- prevent, investigate and/or report security incidents, crime, fraud or misrepresentation
To comply with applicable laws and protect legal rights. Plume processes personal information as a controller to:
- enforce and investigate actual or suspected violations of our agreements
- protect the safety, security and legal rights of customers and users of Customer Networks
- detect, prevent and remediate fraud or other unlawful behavior, security issues and other technical issues related to the Plume Services
- With consent. Plume processes personal information as a controller based on consent for certain marketing activities and advertising practices for automated processing (as described below).
Plume also anonymizes personal information and uses the anonymized data as permitted by applicable law and contracts. (Once personal information is anonymized, it is no longer personal information and not subject to this Plume Privacy Policy.)
4. DOES PLUME USE AUTOMATED PROCESSING?Where permitted by law, Plume uses automated decision-making and profiling tools (collectively, automated processing). We provide notice and/or obtain consent for automated processing as required.
We use automated processing in the following situations:
- To analyze certain personal information for targeted marketing strategies
- To support interconnections with Facebook, Google and similar providers for advertising on behalf of a CSP partner
- For behavior based modeling and customer segmentation analysis
- For data loss prevention
- To monitor use of the Plume Services in accordance with content, governance and information security policies.
- To comply with legal obligations and defend legal rights
- To prevent, investigate and/or detect unauthorized or illegal use of the Plume Services
Plume works to provide meaningful information about the logic involved in automated processing to help ensure that, when consent to automated processing is required, it is specific, informed and voluntary and to ensure that users of the Plume Services are not adversely affected by a decision to withhold or revoke consent to automated processing.
5. HOW DOES PLUME SHARE PERSONAL INFORMATION?How Plume shares personal information depends on the Plume Services used. Generally, Plume shares personal information according to customer contracts, with people and businesses that help operate the Plume Services and otherwise when Plume is legally permitted or required to do so.
Plume shares personal information with the following categories of recipients:
- Professional advisors, such as lawyers, accountants, insurers and information security and forensics experts.
- Marketing vendors that help promote the Plume Services (such as by email marketing) and from time to time supplement personal information that we already have. For example, Meta receives and uses certain data related to the use of the Services to help us deliver personalized advertising on its platform and assess the effectiveness of this advertising.]
- Service providers to enable them to perform services on our behalf, including data analytics, geo-location based on IP address analytics, data security, cloud storage providers, ecommerce operations, surveys, research, administration of promotions, offers and promotions and otherwise to help us carry out our business.
- Business customers when Plume is acting as a processor of personal information.
- Business partners, such as the providers of the internet-connected devices and services that a customer chooses to connect to a Customer Network (e.g., Google Nest and Amazon Alexa). If you acquire the Plume Services through a CSP or other Internet service provider, Plume shares personal information with that provider. Plume also shares Personal Information with partners to enable them to segment their users based on machine learning-determined “traits” of that location.
- Potential or actual acquirers or investors and their professional advisers in connection with any actual or proposed merger, acquisition or investment in or of all or any part of our business. We will use our best efforts to ensure that the terms of this Plume Privacy Policy apply to personal information after the transaction or that users receive advance notice of changes to personal information processing.
- Our affiliates and subsidiaries, such as Plume’s entities in the U.S., Canada, Poland, Slovenia, Switzerland and Taiwan.
- Competent law enforcement, government regulators and courts when we believe disclosure is necessary (i) to comply with the law, (ii) to exercise, establish or defend legal rights, or (iii) to protect the vital interests of users, business partners, service providers or another third party.
- Other third parties with consent.
When Plume shares anonymized data, Plume takes steps to prevent re-identification and also require that the recipients agree not to re-identify the anonymized data.
6. HOW DOES PLUME PROTECT PERSONAL INFORMATION? Plume uses technical, physical, and administrative safeguards intended to protect the personal information that we process from unauthorized access and use.
Our safeguards are designed to provide a level of security appropriate to the risk of processing your personal information and include (as applicable) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal information. Like any other organization, Plume cannot fully eliminate security risks associated with the processing of personal information.
You are responsible for maintaining the security of your account credentials. Plume will treat access to the Plume Services through your account credentials as authorized by you.
We may suspend your use of all or part of the Plume Services without notice if we suspect or detect any breach of security. If you believe that information you provided to Plume or your account is no longer secure, please notify us immediately at privacy@plume.com.
If we become aware of a breach that affects the security of your personal information, we will provide you with notice as required by applicable law. When permitted by applicable law, Plume will provide this notice to you through the email address associated with your account or other permitted method associated with your account.
UNAUTHORIZED ACCESS TO PERSONAL INFORMATION AND THE PLUME SERVICES – INCLUDING SCRAPING – IS PROHIBITED AND MAY LEAD TO CRIMINAL PROSECUTION.
7. HOW LONG DOES PLUME RETAIN PERSONAL INFORMATION? Plume retains personal information associated with a customer’s account for as long as the account is active and as required by Plume’s customer contracts and otherwise for as long as necessary to carry out the purposes described above. Plume also retains personal information for as long as Plume believes necessary to comply with our legal obligations, resolve disputes and enforce our legal agreements.
When determining the relevant retention period, Plume takes into account the Plume Services used, the nature and length of Plume’s relationship with the customer, mandatory retention periods provided by law and other relevant criteria.
At the end of relevant retention period, Plume either deletes or anonymizes personal information or, if Plume cannot delete or anonymize the personal information, then Plume segregates and securely stores personal information until deletion or anonymization is possible. Plume uses anonymized data subject to applicable law and contracts.
8. WHAT CHOICES ARE AVAILABLE FOR PERSONAL INFORMATION? Your choices about personal information depends on your place of habitual residence and the applicable Plume Services. These legal rights may include
- Right to Access - to find out whether Plume processes your personal information
- Right to Correct - to request that Plume corrects or updates inaccurate, incomplete or outdated personal information
- Right to Erasure - to request that Plume delete or erase your personal information
- Right to Restrict Processing - to request that Plume restricts use of your personal information
- Right to Withdraw Consent - to withdraw your consent
- Right to Data Portability - to request that Plume provide you with a copy of your personal information in a structured, commonly used and machine-readable format
- Right to request more information about our automated processing
Plume also offers various tools for exercising choices about personal information processing:
Opting out of Plume’s Marketing Emails
To stop receiving promotional emails from Plume, please click the “Unsubscribe” link at the bottom of the email. Your account settings also may allow you to change your notification preferences. After you opt out, we may still send you non-promotional communications, such as receipts for purchases or administrative information about your account.
Profile settings. Depending on the Plume Services used, a Customer Network administrator may assign profiles and nicknames to Customer Network Equipment and Mobile Devices connected to a Customer Network. Certain Plume Services also offer a privacy mode setting. When on, this setting blocks all data exchange.
Internet security controls. A Customer Network’s administrator may configure policies for security protection, schedules, parental controls or content filters through the account settings. For more information, please visit Plume Support.
Motion detection settings. A Customer Network’s administrator can disable the motion detection features that allow the Plume Services to generate live motion and motion history reports. Once disabled, Plume will no longer information about the live motion within a Customer Network and can no longer generate the reports.
Account deactivation. You can deactivate your Plume account through the Plume Services and by contacting Customer Support.
Mobile Device Tools: Mobile operating systems and mobile app platforms (e.g., Google Play, App Store) have permission settings for specific types of mobile device data and notifications, such as for access to contacts, geo-location services and so-called push notifications. You can use the settings on your Mobile Device to consent to or deny certain information collection and/or push notifications. You can stop all information collection from a Plume Mobile App by uninstalling it. If you uninstall a Plume Mobile App, please also consider checking your operating system’s settings to confirm that the unique identifier and other activity associated with your use of the Plume Mobile App is deleted from your Mobile Device.
Residents of the EU, UK or Switzerland
Controller: The controller for the personal data collected pursuant to this Plume Privacy Policy is Plume Design, Inc.
Lawful bases for processing personal data: Plume must inform users about the legal bases for Plume’s processing of their personal data. Plume’s legal bases depend on the context in which the personal data are processed.
- Plume processes personal data on behalf of customers to perform its customer contracts.
- Plume processes personal data when the processing is in Plume’s legitimate business interests that are not overridden by privacy or other fundamental rights and freedoms. For example, Plume may process personal data for improving and marketing the Plume Services, for fraud detection and legal compliance purposes. Plume may have other legitimate interests and will make them clear at the relevant time.
- From time to time, Plume may ask for your consent to use personal data for certain specific reasons. You may withdraw your consent at any time by contacting us at privacy@plume.com.
- In some cases, Plume also have a legal obligation to collect personal data. If Plume asks you to provide personal data to comply with a legal requirement, Plume will make this clear at the relevant time and will inform you whether providing your personal data is mandatory and the possible consequences if you do not provide your personal data.
If you have questions about or need further information concerning the legal basis on which Plume processes your personal data, please contact privacy@plume.com.
Your data protection rights: If you would like to submit a request to review your personal data, to correct, update, suppress, restrict or delete personal data about you which you have previously provided to us or if you would like to receive an electronic copy of your personal data, including for purposes of transmitting it to another company (i.e., right to portability), to object to processing based on legitimate interest, to withdraw consent or object to automated decision making and profiling, please submit this privacy request form or send an email to privacy@plume.com with “Privacy Rights Request” in the subject line.
In your request, please make clear what personal data you would like to have changed, whether you would like to have your personal data suppressed from Plume’s database or other limitations you would like to put on Plume’s processing of your personal data. For your protection, Plume may need to verify your identity and geographic residency before fulfilling your request. Plume will comply with your request as soon as reasonably practicable and within the time periods required by applicable law.
Please note that Plume often needs to retain certain personal data for recordkeeping purposes and/or to complete any transaction that you began prior to requesting a change or deletion. Plume also may not delete certain personal data for legal reasons. When this occurs, Plume will explain the reasons in the response to you.
Accountability
If you are a resident of the EEA, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data. Please see https://edpb.europa.eu/about-edpb/board/members_en for contact details.
You also may contact our local representative as required under Article 27 GDPR at eu27representative.plume@hoganlovells.com.
If you are a resident of Switzerland, you have the right to lodge a complaint to Switzerland’s Data Protection Regulator:
Office of the Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH - 3003 Berne
Tel: 41 (0)58 462 43 95 (mon.-fri., 10-12 am)
Telefax: 41 (0)58 465 99 96
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address
If you are a resident of the United Kingdom, you have the right to lodge a complaint to the UK’s Information Commission Office at https://ico.org.uk/make-a-complaint/.
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510
https://ico.org.uk/global/contact-us/
Residents of the U.S. State of California
If you are a resident of the U.S. State of California, please see our California Resident Privacy Policy on our Legal website.
IF YOU RESIDE IN A JURISDICTION WITH PRIVACY LAWS THAT OFFER YOU PRIVACY RIGHTS NOT DESCRIBED IN THIS PRIVACY POLICY, PLEASE CONTACT PLUME AT PRIVACY@PLUME.COM. PLUME RESPECTS YOUR PRIVACY RIGHTS AND WILL DO OUR BEST TO ACCOMMODATE YOUR REQUESTS.
9. HOW DOES PLUME PROTECT CHILDREN’S PRIVACY? To learn more about HomePass parental controls, please see https://support.plume.com/hc/en-us/sections/360002021834-Content-Parental-Control.
10. DOES PLUME TRANSFER PERSONAL INFORMATION TO OTHER COUNTRIES? Plume may transfer personal information across borders to any of the places where Plume and its suppliers and partners do business. Other jurisdictions may have data protection laws that are different from (and, in some cases, less protective) than the laws where you reside.
If your personal information is transferred across borders by Plume or on Plume’s behalf, Plume uses appropriate safeguards to protect personal information in accordance with this Plume Privacy Policy. These safeguards include agreeing to standard contractual clauses and similar model contracts for transfers of personal information among the Plume affiliates and among Plume’s suppliers and partners. When in place, these contracts require the affiliates, suppliers and partners to protect personal information in accordance with applicable privacy laws.
To request information about Plume’s standard contractual clauses or model contracts and other safeguards for cross-border personal information transfers, please contact privacy@plume.com.
11. WHEN IS THIS PLUME PRIVACY POLICY CHANGED? Plume may update this Plume Privacy Policy from time to time in response to changing legal, technical or business developments. The most current version is always available at plume.com/legal.
When Plume updates the Plume Privacy Policy, Plume will post the updated version and change the “Last Updated” date above. Plume also will take appropriate measures to inform you in advance of significant changes that we believe affect your privacy rights so that you have an opportunity to review the revised Plume Privacy Policy before it is effective. If your consent is required by applicable privacy laws, Plume will obtain your consent to changes before the revised Plume Privacy Policy applies to you. Please regularly check plume.com/legal to ensure you are aware of the updated version.
12. WHO DO I CONTACT WITH QUESTIONS? The entity responsible for the processing of your Personal Information is Plume Design, Inc., unless Plume is acting as processor on behalf of one of Plume’s business customers.
If you have questions or comments about the Plume Privacy Policy or Plume’s privacy practices, please contact us:
- by email at privacy@plume.com
- by mail at:
Plume Design, Inc.
Attn: Privacy
325 Lytton Ave
Palo Alto, CA 94301