September 2021 Privacy Policy

Plume Design, Inc. and its subsidiaries and affiliates (collectively, “Plume”, “we”, “our” or “us”) design products and services that optimize Wi-Fi connectivity and provide visibility and control to connected devices on the Wi-Fi or wired network. This Privacy Policy (“Policy”) explains how we collect, use, share, and safeguard your Personal Information (as defined below). It also tells you about rights and choices that you may have with respect to your Personal Information, and how you can contact us if you have any questions or concerns.

This Policy applies to the Plume products and services, including our websites, apps, devices and other software or hardware that we may offer, collectively referred to as our “Services.” It applies to the activities for which Plume is a “data controller” or “business” which means that Plume decides why and how Personal Information is processed. We may also process Personal Information as a “data processor” or “service provider” when providing services to our business customers. In that context we process Personal Information on their behalf and they determine why and how the Personal Information is processed. To learn more about this processing of Personal Information, please refer to their respective privacy policies, unless you are specifically referred to this Policy.

Please review this Policy carefully to understand what we do with your information, and where applicable, the following sections:

  • European and UK Users. If you are located in the European Economic Area (“EEA”) or the United Kingston (“UK”) and subject to the EU General Data Protection Regulation (2016/679) (“EU GDPR”), or the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the “UK GDPR” and, together with the EU GDPR, the “GDPR”) applies to our processing of your Personal Information, please review this Policy and review Additional Information for European and UK Users for a description of your rights.
  • California Users. If you are a California resident and the California Consumer Privacy Act (with any implementing regulations and as may be amended from time to time, “CCPA”) applies to the processing of your Personal Information, please review Additional Information for California Residents below for supplemental information and disclosures regarding rights of California residents.

This Policy contains the following sections:

  1. Personal Information We Collect & How We Collect It
  2. How We Use Personal Information
  3. How We Disclose Your Personal Information
  4. Data Retention
  5. Children’s Privacy
  6. Data Security
  7. Your Rights And Choices
  8. Cross-Border Data Transfers
  9. Additional Information for European and UK Users
  10. Additional Information for California Residents
  11. Changes To This Policy
  12. How To Contact Us

1. PERSONAL INFORMATION WE COLLECT & HOW WE COLLECT IT

We collect Personal Information from various sources which are described below. For the purpose of this Policy, “Personal Information” means any information relating to any identified or identifiable individual. Where applicable, we will indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide your Personal Information, when requested, you may not be able to benefit from our Services if that information is necessary to provide you with them or if we are legally required to collect it.

A. PERSONAL INFORMATION PROVIDED BY YOU

When you create a Plume account

You must create a Plume account to set up your Plume network. When you create a Plume account, we ask for some Personal Information, including your name and email address. Your email address will be your Plume account username, which you will need to use to log in to your account.

When you buy from our store

If you pre-order or purchase Plume products from our website, we request that you provide your name, email address, billing and delivery address, credit card information and any other information necessary to complete the transaction. We store this information so we can process your order through our fulfillment partners. If you are logged into your Plume account when you purchase something on our website, we associate that order with your Plume account. We do not view or store your credit card information: this is handled by our third-party payment processor - Stripe - who will collect and process your credit card details until the delivery of Plume’s product.

When you sign up for our newsletter

You may choose to submit your name and email address via a submission form located on our website. Your email address may be used to send you news about our or third-party products, services and promotions. We may use one or more service providers to administer these messages, but we do not share your email address with any other third parties without your permission. Each marketing communication we send you will contain instructions permitting you to opt out of receiving future marketing communications.

When you contact us

Whenever you contact Plume for help, we collect your name and email address along with additional information you provide in your request so that we can verify your account, assist you and improve our Services. If you contact us for support when already logged in to your account, the request form or e-mail may contain pre-populated account information, so you don’t have to type it manually. You may also contact Plume on public forums such as Twitter or Facebook; note that your communications will be public if you contact us through these channels.

Contests and giveaways

Plume may offer opportunities to participate in contests, giveaways and other promotions. Any information you submit in connection with these activities will be treated in accordance with this Policy unless the rules for those offers provide otherwise.

Surveys and beta tests

Plume may also ask you to participate in surveys (processed by Plume or third parties) that help us understand your use of our Services and beta tests we conduct to test a new product or service. Any Personal Information we collect in that context will only be used in relation to that survey or beta test and as stated in any privacy notice provided to you in that context.

B. INFORMATION COLLECTED VIA AUTOMATED MEANS

When you use Plume Services

To deliver the best Wi-Fi experience, quality of service and security, we automatically collect some information when you use our Services, such as your Plume network at home (“HomePass”) or a Plume network at a small business location (“WorkPass”) such as:

  • Information about your connected devices. This information includes the type of device you use, device identifying information, operating system version, along with attributes gleaned from its network metadata including (but not limited to) its dynamic host configuration protocol (“DHCP”) fingerprint, hypertext transfer protocol (“HTTP”) user agent information, Universal Plug and Play (“UPnP”) discovery protocol and multicast domain name system (“mDNS”) discovery information which relate to identifying devices and IP addresses, a sampling of domain name system (“DNS”) requests, device hostname, the nicknames given to the device and network access points, the unique addresses of the device and network access points.
  • Person Profiles. When you sign up to use HomePass or WorkPass, you may be asked to create an account and a profile (“Person Profile”). In creating this profile you may provide Personal Information, including profile nicknames and profile photos to allow us to provide you with a user-friendly view of your connected client devices.
  • Network topology map. This information depicts the connections between client devices you use and the Plume network access points serving Wi-Fi.
  • Network and connectivity status. This information indicates the networking addresses of the devices and system used to communicate with Plume and the Internet along with the operating statistics of the Wi-Fi and Internet connections.
  • Data consumption from your devices, the Internet and Plume system interfaces. This information includes the current and historical data transfer speeds and data amount consumed.
  • Plume Services statistics and logs. We collect certain information to help us create statistics and optimize our Services. Such information includes your Internet service provider (“ISP”) name and Internet protocol (“IP”) address, ISP speeds and outages, Wi-Fi operating environment, mobility of devices within Plume, Plume HomePass App and WorkPass App usage stats (e.g., number of features used or screen views). We also collect log information such as messages from the Plume pods regarding Plume connected devices, device inventory data, and software and hardware versions.
  • Safety controls and Internet security features. Safety controls and Internet security features require the monitoring of device network traffic like source and destination traffic headers, IP addresses, ports, size and counts of transferred bytes and packets, meta-data from certificate handshake in a TLS / Https connection and DNS requests. If you are using the Wi-Fi of someone while the safety controls and security features are On, note that the user of the Plume HomePass or WorkPass App may link the activity on your device to you, and see in the Plume HomePass or WorkPass App information about your use of the Wi-Fi, such as whether your device is currently connected to the Wi-Fi, how long it has been connected, any blocked domain name that you tried to access, and the time when you tried to access it.
  • Crash reports. We collect crash reports for the Plume Software, the Plume HomePass App and the Plume WorkPass App. These reports can include information such as the type of crash, the software version you are running and the operating system version of the device running the Plume HomePass or WorkPass App.

When you use HomePass, we may also automatically collect the following information:

  • Motion at home. We collect this information for the Plume HomePass App. The information collected is regarding disruptions in Wi-Fi waves in the periphery of Plume network access points and devices connected to the Plume network to provide you with visuals of the live motion and motion history in your home.

When you use WorkPass, we may also automatically collect the following information:

  • Captive Portal and Guest Analytics. We collect this information for the Plume WorkPass App from guests of the small business. We may receive guests’ first and last name, email, city, country, year of birth, gender, phone number, profile photo and social media handle to process guest sign-in before Wi-Fi network access is granted and allow the business owner to know who is connecting to the Wi-Fi network at a small business location.

When you visit our websites and apps or open our emails

We and our third-party partners analyze log file information and other information collected through cookies, web beacons, and similar technologies. Cookies are small data files stored on your hard drive by a website. We use session cookies to keep you logged in while you use features of our website; these disappear after you close your browser. We also use persistent cookies, which stay in your browser and allow us to recognize you when you return to the website. In some of our email messages, we use a “click-through URL” linked to content on our website to help us measure the effectiveness of our customer communications. To learn more about cookies, clear gifs/web beacons and related technologies, visit www.allaboutcookies.org. In this Policy, we refer to “cookies” to say cookies and other similar technologies.

We collect certain information via cookies, including your browser type, operating system version, domains, IP address, the URL of the page that referred you, referring/exit pages, the different actions you performed, such as page views, how you interact with our Services and with third-party links, traffic and usage trends. Below is an overview of the purposes for which we and third parties process this information.

  • Functionality. Some cookies are strictly necessary to make our websites or apps available to you and you cannot use them without this type of cookie. For example, we use authentication cookies to remember that you have logged in for the duration of the session. We use this information to provide you with our Services, prevent misuse, and ensure our websites and apps are working properly.
  • Analytics. We use cookies for analytics purposes to better understand how you use our Services and how you navigate our website, to measure the effectiveness of our customer communications, to diagnose and fix technology problems, and otherwise enhance our Services. We may use our own analytics cookies or third-party analytics providers to collect and process certain data analytics on our behalf. For example, we use Google Analytics, an analytics service provided by Google. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout or via Google’s Ads Settings or Ad Settings for mobile apps. These providers may also collect information about your use of other websites, apps, and online resources.
  • Website customization. We use information collected via cookies to make the Services more useful to you by providing you with a customized experience on our websites and apps (e.g., experience relevant to your location based on your IP address).
  • Third-party advertising partners. We allow third-party advertising partners to use cookies on our website to collect information about your browsing activities over time and across websites. We also work with these third-party advertising partners to market our services to you on other websites, apps and online services. For example, we use advertising services provided by third-party ad partners, such as Google Display Network and Google Analytics Demographics. Through a process called “retargeting,” each service places a cookie on your browser when you visit our website so that they can identify you and serve you ads on other websites around the web based on your browsing activity.

To learn how to opt-out from cookies, please refer to the “your rights and choices” section below.

C. INFORMATION COLLECTED FROM OTHERS

Depending on your interactions with us and our Services, we might receive information about you from other sources such as information about internet-connected devices and services. For example, if you use the Plume Command (Voice Assistant) service, we may receive certain information about you (such as technical data and usage information) from the Google or Amazon device that you are connecting the Service with. We do not receive or process audio.

2. HOW WE USE PERSONAL INFORMATION

We process your Personal Information for the following purposes:

  • To operate and provide you with our Services and fulfill our contract with you. For example if you make a purchase from us or otherwise use our Services. This may include creating your account, verifying your identity, taking payments, communicating with you, providing customer support, arranging the delivery or other provision of products and services, better identifying your devices to more accurately represent your devices in the Plume HomePass App, providing more accurate security threat identification, providing you with more visibility into your distributed network, providing reports that help you better understand your network bandwidth and the devices that are consuming network resources, scheduling network optimizations, firmware updates and internet freeze for your devices, presenting you with live motion visuals and motion history, providing you with visibility and control over time spent by users on various Internet applications, alerting you of malicious Internet locations or websites and content that has been identified as inappropriate in accordance with the content filters set by the Plume HomePass App user, preventing home devices from being hacked, app reporting and analytics, and identifying device behavior that may indicate an anomaly or attack.
  • To enable our business in accordance with our legitimate interests. In particular, we may process your Personal Information for the following:

    • monitor use of our Services and to help us analyze, troubleshoot, protect, improve and further develop our Services and other products and services;
    • send you marketing messages about our or third-party products and services (you may opt out to receiving such messages as set out in Section 7 of this Policy);
    • to tailor our Services to you;
    • to invite you to take part in market research and testing of new features or products and to conduct these activities;
    • to de-identify information collected about your use of our Services to create statistical analysis and aggregated reports to identify trends;
    • we may use your Personal Information to prevent fraud (e.g., if you provide a credit or debit card, we may use third parties to check the validity of the sort code, account number and card number you submit); and
    • we may monitor any customer account to enforce the Plume Terms of Use and to prevent, investigate and/or report security incidents, crime, fraud or misrepresentation, all in accordance with applicable law.
  • With your consent. We may process your Personal Information with your consent, where appropriate or required by applicable law, such as for certain marketing activities and advertising practices.
  • To comply with applicable laws and protect our business interests and legal rights in connection with legal claims, compliance, regulatory and investigative purposes. For example, we may access, use, preserve, transfer, or disclose, at any time, your Personal Information as reasonably necessary:

    • To enforce this Policy or the Plume Terms of Use including investigating any potential violations;
    • To protect the safety, integrity, rights, or security of our users, our Services or equipment, or any third party; and
    • To detect, prevent, or otherwise address fraud and other criminal or unlawful behavior, security, or technical issues related to our Services or those of our business customers.
  • To provide our Services to our business customers, including small business customers, on whose behalf we may process Personal Information. To learn more about the processing of your Personal Information in this context, please refer to the privacy policy of the relevant business customer.

3. HOW WE DISCLOSE YOUR PERSONAL INFORMATION

We may share your Personal Information under the following circumstances described below or otherwise disclosed to you at the time of collection, for the purposes discussed in Section 2 above:

  • Affiliates and subsidiaries. With our affiliates and subsidiaries, such as Plume’s entities in the U.S., Canada, Poland, Slovenia, Switzerland, and Taiwan.
  • Service providers. With vendors that we have selected to provide us with services and process some Personal Information on our behalf to operate our Services (e.g., for Internet security and threat protection, motion detection, order fulfillment, email management, payment processing, data analytics, etc.). These companies are contractually obligated to safeguard any Personal Information they receive from us.
  • With your consent. We may share Personal Information with third parties with your express, affirmative consent. For example, you may give us permission to share Personal Information with others for marketing use, authorize a third-party web client or application to access your account, or ask us to share your feedback with a business.
  • Internet-connected devices. If you use certain Services, we may share some Personal Information, such as device identifying information with the providers of internet-connected devices and services such as those provided by Google and Amazon.
  • Internet services providers. If you acquired your Plume product from your Internet service provider, we may share your Personal Information with that Internet service provider.
  • In order to comply with the law or to protect ourselves. With third parties, including law enforcement authorities, if we believe that disclosure is reasonably necessary to comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or governmental or regulatory request, to enforce or apply the Terms of Use, to protect the security or integrity of the Plume Services, and/or to protect the legitimate interests, rights, property, or safety of Plume, its employees, users, or others.
  • Business transfers. We may share or transfer Personal Information as part of a business deal such as the financing, sale, merger, bankruptcy, sale of shares or assets or reorganization of our company.
  • Business customers. We may share Personal Information with our business customers when we process it on their behalf.

We also may de-identify and aggregate your Personal Information to share it with partners and the public in a variety of ways, such as by providing research reports about Wi-Fi usage. When we provide this information, we perform appropriate procedures so that the information does not identify you and we contractually prohibit recipients of the information from trying to re-identify you.

4. DATA RETENTION

We take measures to retain your Personal Information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law. Please note that we have a variety of obligations to retain your Personal Information, including to ensure that transactions can be appropriately processed, settled, refunded or charged-back, to help our service providers handle their obligations, and to comply with laws and regulations. Accordingly, we may retain your Personal Information even after you’ve closed your Plume Account to meet our obligations. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our Services, the impact on the Services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

5. CHILDREN’S PRIVACY

Plume’s services are not directed to children, and Plume does not knowingly collect information from children under the age of 13. If you learn that a child has provided us with Personal Information in violation of this Policy, then you may alert us at privacy@plume.com.

6. DATA SECURITY

Plume uses a combination of technical, organizational and administrative security controls designed to maintain the security of your Personal Information and protect it against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for your rights and freedoms posed by the processing of your Personal Information, we use commercially reasonable physical, administrative, and technological methods to transmit your Personal Information securely and store your Personal Information using Amazon’s Cloud Services. However, as our Services are hosted electronically, Plume can make no guarantees as to the security or privacy of your Personal Information.

7. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction and as otherwise provided by law, you may have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you:

  • Marketing opt out. You can opt out of receiving regular summaries, contests, giveaways, surveys and promotional emails by following the instructions contained in our marketing communications. Opting out of these promotional emails will not end transmission of administrative services-related emails that are required to use our Services.
  • Profile settings. You may assign nicknames to your network access points and devices and may create person profiles with profile nicknames and photos. You may assign personal devices to these profiles, using the device network addresses.
  • Internet security controls. You may configure policies for security protection, schedules, parental controls, or content filters through your settings. You may disable some of these security features for some or all home devices at any time through your settings, which will prohibit the monitoring and collection of device network traffic for this purpose.
  • Motion detection settings. You can disable the motion detection features that allow you to view live motion and motion history through your settings, in which case we will no longer receive visuals of and information about the live motion around network access points.
  • Account deactivation. You can deactivate your Plume account at any time by contacting Customer Support.
  • Opt out from cookies. Most Internet browsers automatically accept cookies, but you may be able to change the settings of your browser to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you set your browser to reject cookies, parts of our website may not work for you. Additionally, some of our advertising partners are members of the Network Advertising Initiative or the Digital Advertising Alliance. If you prefer to not receive targeted advertising, you may be able to opt out of some network advertising programs by visiting the Digital Advertising Alliance Opt-Out Page (https://optout.aboutads.info/?c=2&lang=EN) and the Network Advertising Initiative Opt-Out Page (http://optout.networkadvertising.org/?c=l#!/). Please note, depending on your type of device or browser, it may not be possible to delete or disable all cookies and similar technologies on your device. Your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of cookie information for analytic and internal purposes, as we do not respond to Do Not Track signals.
  • European Privacy Rights. If you are located in the European Economic Area (“EEA”), Switzerland, or the UK, please review Additional Information for European and UK Users below for a description of your rights.
  • California Privacy Rights. If you are a California resident, please review Additional Information for California Residents below for information regarding rights of California residents.
  • Canadian Privacy Rights. If you are located in Canada, you are entitled to reach out to us using the information in How to Contact Us in this Policy and ask us for an overview of your Personal Information or ask for a copy of your Personal Information stored in the Plume Claud. You may also request us to update and correct inaccuracies regarding your Personal Information.

Please note that the rights described above are not absolute, and that your requests cannot always be met entirely. For example, under specific circumstances we may not be able to delete or restrict the processing of your Personal Information as we may have legal obligations or contractual obligations to keep certain information.

We will use commercially reasonable efforts to timely respond to any changes you request. Many such changes are accomplished using batch processing (i.e. collecting a number of similar change requests and making all such changes at once), so the changes may not be immediately effective but may take 30 days or longer. If you require a more immediate change to your Personal Information and are unable to make such a change using the available website resources, please contact us.

8. CROSS-BORDER DATA TRANSFERS

Our Services are hosted and operated in multiple geographic regions. Any Personal Information that we collect may be transferred, accessed and processed outside of your country. If you are located in the EEA, Switzerland, the UK, Canada, or other regions with laws governing the processing of Personal Information that may differ from U.S. law, please note that your Personal Information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information.

We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. In particular, we may transfer Personal Information to countries for which adequacy decisions have been issued by the European Commission, the Secretary of State in the UK or other relevant bodies in other jurisdictions, or use contractual protections for the transfer of Personal Information to third parties, such as the European Commission’s Standard Contractual Clauses. You may contact us to obtain a copy of the safeguards we use to transfer Personal Information outside the EEA, Switzerland, or the UK.

9. ADDITIONAL INFORMATION FOR EUROPEAN AND UK USERS

Where we are acting as data controller, the GDPR imposes certain obligations on us and grants certain rights to data subjects located in the EEA or UK. Terms as used in this section have the same meaning provided in the GDPR.

  • Legal basis. As described above in How We Use Personal Information, we process your Personal Information for various purposes for which we have established a lawful basis for doing so.
  • Rights applicable to certain EEA or UK data subjects. If you are located in the European Economic Area (“EEA”), Switzerland, or the UK, you are entitled to reach out to us and ask us for an overview of your Personal Information or ask for a copy of your Personal Information stored by us. In addition, you may request us to update and correct inaccuracies, delete your Personal Information in certain circumstances, restrict processing of your Personal Information in certain circumstances, or exercise your right to data portability and to easily transfer your Personal Information to another company. In some cases, you may object to the processing of your Personal Information (for example, in relation to Personal Information processed on the basis of our legitimate interests) and where we have asked you for your consent to process your Personal Information, you can withdraw it at any time (which however will not impact the Personal Information processed on the basis of your consent prior to such withdrawal). We always enjoy hearing from you and appreciate your business. Should you nonetheless have unresolved concerns, you have the right to lodge a complaint with the supervisory authority of your residence, place of work or where the incident took place.
  • How to exercise your rights under the GDPR.

    • Submit requests. If you wish to exercise any of these rights as an EEA or UK data subject, please submit this form or email us at privacy@plume.com and include “GDPR Rights Request” as the subject of your communication.
    • Verification. Requests for access to or deletion of Personal Information are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant GDPR requirements, limitations, and regulations. To verify your access or deletion request, please authenticate your account by following instructions in the account verification email and providing data points that will allow us to process your request.

10. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

This section applies to California residents where we are acting as a “business” and provides additional disclosures and our notice at collection and supplements in the information included in this Policy. The rights described herein are subject to exemptions and other limitations under applicable law. Terms used herein have the meaning ascribed to them in the CCPA.

Notice at Collection and Use of Personal Information

  • Information that we collect. Depending on how you interact with us, we may collect the categories of Personal Information described above in Personal Information We Collect & How We Collect It, including:

    • Identifiers (such as your name, contact information, or IP address).
    • Additional Categories of Personal Information Listed under Cal. Civ. Code § 1798.80(e) (for example your signature or credit card number).
    • Commercial Information (for example, records of products or services purchased or considered).
    • Internet or Other Electronic Network Activity Information (such as browsing or search history).
    • Inferences Drawn from Personal Information Collected (such as profiles reelecting your preferences).
  • How we use collected information. We may use the Personal Information we collect for our business or commercial purposes, described above in How We Use Personal Information.
  • Additional information. For more information about our privacy practices and details on the information provided in this section, please review our entire Policy.

Our Collection, Disclosure, Sharing and Sale of Personal Information

  • What information we have collected, the sources from which we collected it, and our purpose for collecting the information. In the preceding 12 months, depending on how you interact with us, we may have collected the categories of Personal Information listed above from the categories of sources provided in Personal Information We Collect & How We Collect It. We may have collected all or a few of these categories of Personal Information for the business or commercial purposes identified in How We Use Personal Information.
  • Our disclosure and sharing of personal information. We do not sell any California resident’s Personal Information. We have not knowingly sold the Personal Information of California residents under 16 years old. The chart below provides the categories of Personal Information we have collected, disclosed for a business purpose, or used for business or commercial purposes in the preceding twelve months since this Policy was last updated. The examples of Personal Information provided for each category reflect each category’s statutory definition and may not reflect all of the specific types of Personal Information associated with each category.

Category

We Collect

Category of Third Party Information Disclosed to for a Business Purpose
Identifiers (like your name, billing and deliver address, and online identifiers)Yes
  • Advertising partners
  • Analytics providers
  • Technical service providers
  • Providers or partners that support our business operations (such as payment services providers; shipping companies; etc.)
Additional Categories of Personal Information in Cal. Civ. Code section 1798.80(e) (such as your credit or debit card number or other financial information)Yes
  • Advertising partners
  • Analytics providers
  • Technical service providers
  • Providers or partners that support our business operations (such as payment services providers; shipping companies; etc.)
Commercial Information (such as purchase histories or tendencies)Yes
  • Advertising partners
  • Analytics providers
  • Technical service providers
  • Providers or partners that support our business operations (such as payment services providers; shipping companies; etc.)
Internet or Other Electronic Network Activity Information (like browsing or search history or interaction with our website)Yes
  • Advertising partners
  • Analytics providers
  • Technical service providers
Inferences Drawn from Personal Information (like profiles reflecting preferences, behavior and attitudes)Yes
  • Technical service providers
  • Providers or partners that support our business operations (such as payment services providers; shipping companies; etc.)

In addition, in the preceding 12 months, we may have disclosed for a business purpose all of the categories of personal information identified above in the section, Information That We Collect, to the following categories of third parties: (i) regulators, our subsidiaries or our affiliates, or opposing counsel; and (ii) other third parties as may otherwise be permitted by law.

We may disclose your personal information to our service providers or vendors as described in How We Disclose Your Personal Information, other entities that have agreed to limitations on the use of your personal information, or entities that fit within other exemptions or exceptions in or as otherwise permitted by the CCPA. We also may disclose personal information about you or your accounts to a third party at your request or direction or with your consent.

Your California Privacy Rights

If you are a California resident, you may have or exercise the following rights:

  • Right to know and access. You may submit a verifiable request for information regarding the: (1) the categories of Personal Information we have collected about you; (2) the categories of sources from which we collected the Personal Information; (3) the business or commercial purpose for collecting or selling the Personal Information; (4) the categories of third parties with whom we share Personal Information; (5) the specific pieces of Personal Information we have collected about you; and (6) the categories of Personal Information about you we have sold or disclosed for a business purpose.
  • Right to Delete. Subject to certain exceptions, you may submit a verifiable request that we delete Personal Information about you that we have collected from you.
  • Opt-out of sale. Request that we not sell your Personal Information (we do not currently sell Personal Information).
  • Not to be discriminated against. You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights, subject to certain limitations.
  • Shine the light. We do not rent, sell, or share Personal Information with non-affiliated companies for their direct marketing uses as contemplated by California’s “Shine the Light” law (Civil Code § 1798.83), unless we have your permission.

Please note that the CCPA does not restrict our ability to do certain things like comply with other laws or comply with regulatory investigations. We also reserve the right to retain, and not to delete, certain Personal Information after receipt of a request to delete Personal Information from you where permitted by the CCPA or another law or regulation.

How to Exercise Your California Privacy Rights

  • Submit requests. To exercise your rights under the CCPA, please submit this form or email us at privacy@plume.com.
  • Verification. Requests for access to or deletion of Personal Information are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant CCPA requirements, limitations, and regulations. To verify your access or deletion request, please authenticate your account by following instructions in the account verification email and providing data points that will allow us to process your request.
  • Authorizing an Agent. You are permitted to designate an authorized agent to submit requests on your behalf. In order to be able to act, authorized agents have to submit proof that they are authorized to act on your behalf, or have a power of attorney. We may also require that you directly verify your own identity with us and directly confirm with us that you provided the authorized agent permission to submit the request.

11. CHANGES TO THIS POLICY

Because we’re always innovating and finding new ways to improve the Wi-Fi and in-home digital experience for our users, this Policy may change over time. We will post the new Policy online and we will change the “Last Updated” date. You should consult this Policy regularly for any changes. If we materially change the ways in which we use or share information from or about you or your devices previously collected from you through the Services, we will make reasonable efforts to notify you of the changes by sending a notice to the primary email address provided to us and/or by placing a notice on our Services.

12. HOW TO CONTACT US

The entity responsible for the processing of your Personal Information is Plume Design, Inc., unless we are acting on behalf of one of our business customers. If you have questions or comments about this Policy or our privacy practices, please contact us at privacy@plume.com or at:

Plume Design, Inc.

290 South California Avenue

Suite 200

Palo Alto, CA 94306

You may also contact our European local representative as required under Article 27 GDPR at eu27representative.plume@hoganlovells.com.