View all legal items

PLUME DESIGN, INC. CUSTOMER PRIVACY POLICY

FOR U.S.A. and CANADA

Last Updated: December 20, 2022

Plume Design, Inc. and its subsidiaries and affiliates (collectively, Plume or we) offers software, mobile applications (Plume Mobile Apps), hardware, Plume’s user experience management platform and other related services that deliver smart home and enterprise-grade small business services built on self-optimizing WiFi technology (Plume Services). Plume provides this Plume Privacy Policy to explain the personal information that Plume processes and how and why Plume processes it.

This Plume Privacy Policy also describes the rights and choices that you may have with respect to your Personal Information and how to exercise those rights. Privacy laws vary depending on each individual’s place of habitual residence. This Plume Privacy Policy applies to individuals who reside in the U.S. and Canada. To learn about the privacy choices that Plume makes available for you, please see Section 8 below

If you are a U.S. resident, please also see our Privacy Rights Notice (California / U.S.), effective January 1, 2023, to learn more about how to exercise the privacy rights available under state law.

Throughout this Plume Privacy Policy, we use the following terms with the following meanings:

  • CSP means a communication service provider that is a Plume customer
  • controller means the person or entity that determines why and how personal information is processed
  • Customer Network means the Wi-Fi network created through use of the Plume Services by a Plume customer or a CSP’s customer, together with Customer Network Equipment
  • Customer Network Equipment means Plume’s SuperPods and similar Wi-Fi extenders, OpenSync-enabled gateways and other on-premise Wi-Fi network equipment, whether CSP-provided equipment or equipment acquired by the customer
  • personal information means information that identifies or can be used to identify an individual person and, under some privacy laws that may apply to Plume, information that identifies a specific entity
  • processing means any operation (or set of operations), such as collecting, combining and storing, performed on personal information
  • processor means the person or entity processing personal information for or on behalf of a controller

Plume’s processing of personal information is subject to the laws in the jurisdictions in which Plume operates.

IF YOU HAVE QUESTIONS ABOUT PLUME'S PERSONAL INFORMATION PROCESSING PRACTICES, PLEASE CONTACT PLUME USING THE CONTACT INFORMATION HERE

This Plume Privacy Policy is divided into the following sections:

  1. WHEN AND WHERE DOES THIS PLUME PRIVACY POLICY APPLY?
  2. WHAT PERSONAL INFORMATION DOES PLUME COLLECT AND WHY?
  3. HOW DOES PLUME USE PERSONAL INFORMATION?
  4. DOES PLUME USE AUTOMATED PROCESSING?
  5. HOW DOES PLUME SHARE PERSONAL INFORMATION?
  6. HOW DOES PLUME PROTECT PERSONAL INFORMATION?
  7. HOW LONG DOES PLUME RETAIN PERSONAL INFORMATION?
  8. WHAT CHOICES ARE AVAILABLE FOR PERSONAL INFORMATION?
  9. HOW DOES PLUME PROTECT CHILDREN'S PRIVACY?
  10. DOES PLUME TRANSFER PERSONAL INFORMATION TO OTHER COUNTRIES?
  11. WHEN IS THIS PLUME PRIVACY POLICY CHANGED?
  12. WHO DO I CONTACT WITH QUESTIONS?

 

  1. WHEN AND WHERE DOES THIS PLUME PRIVACY POLICY APPLY?

    When the Plume Privacy Policy applies depends on your relationship with Plume.

    • The Plume Privacy Policy applies when you are asked to acknowledge it and when Plume is the controller of personal information. For example:

      • When you submit personal information to create an account through Plume’s online store, you are asked to acknowledge that this Plume Privacy Policy applies to your personal information. Plume is the controller of that persona information.
      • Plume is a controller of personal information that Plume processes for service management purposes, such as to identify and track and record support, to ensure the security and integrity of the Plume Services, for billing and account management and to analyze, measure the effectiveness of and improve the Plume Services.
      • Plume is the controller of personal information generated by or derived from use of the Plume Services. Plume refers to this data as Services Data.
    • When a Plume customer asks you to agree to the customer’s privacy policy before you connect to a Customer Network, then the customer’s privacy policy applies. Generally, Plume is a processor of personal information when a customer’s privacy policy applies – except for personal information that Plume collects for service management purposes or that is part of Services Data.

If a particular Plume-branded website or service links to a different privacy policy, then that privacy policy – not this Plume Privacy Policy – applies. Please make sure to check the other privacy policy to learn how your personal information is processed.

  1. WHAT PERSONAL INFORMATION DOES PLUME COLLECT AND WHY?

    Plume processes personal information to provide and promote the Plume Services, and for the other purposes listed below. The specific types of personal information that Plume collects from or about you depends on how you interact with Plume, the Plume Services used and the applicable law.

a. Information you choose to give us

We collect the personal information you choose to share with us. The personal information that you choose to give to us typically includes the following types of personal information:

Types of Personal informationWhy this Personal Information is Collected
Contact and account information
Name, email address or other username, password, telephone number and similar contact information and purchase related contact information (e.g., billing and delivery address, payment information and similar information necessary to complete a purchase); profile nicknames and profile photos.
  • To create and maintain your account to use the Plume Services
  • To create a customer profile, such as a user profile displaying devices connected to a Customer Network
  • To enable Plume’s communication service provider (CSP) and other partners to use Plume Services for data analyses about Customer Networks and for targeted marketing to their customers
  • To verify identity for certain Plume Services, such as for the guest user of a WorkPass Customer Network
  • To complete a purchase of Plume products, such as Plume SuperPods) from Plume’s online store
  • Payment card information is handled by a third-party payment processor, not Plume
  • To provide information that you request, such as when you download resources, participate in an event or sign up to receive emails from Plume
  • For marketing and to administer promotions that Plume may offer from time to time
  • For customer service
  • and to respond to inquiries
  • To send information that we think will interest our customers, which is sometimes personalized based on the information associated with their accounts
  • To request customer feedback, such as through a survey about a new product
  • For research and innovation, such as algorithmic data matching that enables Plume and its business partners to better understand how Customer Networks are used
Location Data
location is derived from IP addresses on a Customer Network
  • To provide certain features of the Plume Services
  • To customize the experience of the Plume Services
  • To deliver targeted advertising
  • To provide customer support
Information associated with a social media account
  • When you connect with Plume through a social media platform, such as Meta or Twitter, we collect the personal information permitted by the social media platform and your account permissions
Personal information you share through the Plume Services
  • To manage promotions and other features of the Plume Services that allow you to share your personal information
  • When you receive customer support
  • To respond to your request such as a form filled out on Plume’s website to download content or attend an event

b. Information about use of Plume Mobile Apps

When you download and install one of the Plume Mobile Apps on your mobile device or tablet (Mobile Device), the information that Plume collects depends on your Mobile Device’s operating system and permissions. The Plume Mobile Apps need to use certain features and data from your Mobile Device in order to function such as mobile operating system and version, usage data and crash reports for the Plume Mobile Apps. Some information also is automatically collected by the Plume Services (as described in sub-section c below)..

To learn more about the specific information collected by one of the Plume Mobile Apps, please check your Mobile Device’s settings or review the permissions information available on the particular mobile app platform (e.g., Google Play or App Store) from which you downloaded the Plume Mobile App. Certain Plume Mobile Apps also allow you to check or change your status for certain data collection in the Plume Mobile Apps’ settings. If you change your settings, certain features may not function properly.

To stop collection of all information through a Plume Mobile App, please uninstall the Plume Mobile App.

c. Information automatically collected by the Plume Services

The Plume Services automatically collect certain information generated from and about use of the Plume Services and Customer Networks. Automatically collected information is used to help ensure that the Plume Services deliver the best Wi-Fi experience, quality of service and security for Customer Networks. Some automatically collected information is personal information under certain laws.

Category of Personal Information that Plume Automatically CollectsTypes of Personal Information Automatically Collected
Information about Customer Networks
  • network addresses, Internet connections and operating statistics of Customer Network Equipment
  • type, operating system and other identifying information about Customer Network Equipment and computers and Mobile Devices connected to a Customer Network
  • Internet service provider (ISP) name and Internet protocol (IP) address, ISP speeds and outages
  • data about movement of computers and Mobile Devices while connected to Customer Networks
  • log information from Customer Network Equipment, such as connected computers and Mobile Devices, and their software and hardware versions and connection time
  • Customer Network metadata, such as dynamic host configuration protocol fingerprint, hypertext transfer protocol user agent information, Universal Plug and Play discovery protocol and multicast domain name system discovery information related to identifying devices and IP addresses
  • domain name system requests
  • current and historical data transfer speeds and data amount consumed
  • hostname and nicknames given to Customer Network Equipment and access points
  • source and destination traffic headers, IP addresses, ports, size and counts of transferred bytes and packets, metadata from certificate handsh ake in a TLS / Https connection and DNS requests
Digital well-being data
(Data about use of a Customer Network available to a Customer Network’s administrator when certain safety controls and security features are turned on in the Plume Services.)
  • computers and Mobile Devices currently connected to a Customer Network
  • how long a specific computer or Mobile Device is connected
  • whether and which computer or Mobile Device was used to attempt access to a blocked domain
Information specific to a Customer Network created using HomePass
  • motion in the home, which are collected as disruptions in Wi-Fi waves in the Customer Network and which collectively provide a pattern of motion and motion history
  • metadata about time spent using various Internet applications that are accessed through the Customer Network
Information specific to a Customer Network created using WorkPass
  • data collected from or about users of a small business’ Customer Network that allow the Customer Network administrator to identify who is connected to the Customer Network, such as name, email address, city, country, year of birth, gender telephone number, profile photo and social media handle before access to the Customer Network is granted. Many of these data are optional and/or dependent on the user’s social media profile settings.
Data collected using cookies, pixel, web beacons and similar data collection technology (collectively, data collection technology)
  • browser type, operating system version, domains, IP address, browser type, internet service provider and mobile network of visitors to Plume’s websites
  • how a computer or Mobile Device interacts with Plume’s websites, including the date and time accessed, search requests and results, mouse clicks and movements, specific webpages accessed, links clicked and videos watched
  • data about the third-party sites or services accessed before interacting with Plume’s websites, which is used to make advertising more relevant for users
  • interactions with Plume’s marketing communications, such as whether and when a Plume email is opened, to help Plume measure the success of email marketing campaigns
Please see Plume’s Cookie Policy for more information.

d. Information collected from third parties

From time to time, Plume receives personal information from third parties that helps Plume learn more about customers and more effectively promote and improve the Plume Services.

The types of personal information that we receive from third parties are:

  • Information from internet-connected devices and services when using the Plume Command (Voice Assistant) service, such as technical data and usage information from a Google or Amazon device connected to a Customer Network. Plume does not receive or process audio files.
  • Location information use of MaxMind's GeoIP service
  • Personal information associated with purchases through Plume's on-line store. Plume does not have access to complete bank account numbers, credit card numbers or debit card numbers. Payments for purchases are processed by third-party payment processors.
  • Personal information from marketing services providers to help identify individuals who may be interested in learning more about the Plume Services and to supplement personal information Plume already has.
  • Personal information from the third-party advertising partners that use cookies on the Plume website to collect information about browsing activities over time and across websites. Through a process called “retargeting,” these advertising partners place cookies in your browser when you visit our website so that they can identify you and serve you ads on other websites around the web based on your online activity. Please see Plume’s Cookie Policy for more information.
  • Personal information from publicly available sources
  • Personal information from law enforcement and other government authorities (but only in rare cases)

When Plume combines personal information from third-party data sources to enhance the personal information that Plume or its customers hold, Plume requires that each third party confirm in writing the lawfulness of its sharing of personal information with Plume.

e. Other information collected with your consent

Plume may ask you for your consent to collect specific types of personal information, such as when you choose to participate in events, request exclusive content or participate in testing new products or features.

3. HOW DOES PLUME USE PERSONAL INFORMATION?

Plume uses personal information to provide and improve the Plume Services, manage our business (including advertising and marketing), protect customers and other users, enforce our legal rights and comply with law.

  • To operate and provide the Plume Services for Plume's business customers:

    • create user accounts and verify user identity
    • provide customer support and respond to customer requests
    • identify security threats (e.g., malicious Internet locations or websites) and activity that may indicate unauthorized use of Customer Networks
    • schedule network optimizations and firmware updates for Customer Network Equipment
    • enable Customer Network administration, such as by offering tools for administrators to manage access, security and confidentiality policies, blocking content identified as inappropriate in accordance with content filters set by the Customer Network administrator and generating live motion visuals and motion history for Customer Networks
    • offer data analytics tools that enable customers to match and augment their own data sets with data generated by Customer Networks to help improve market and audience segments, identify and analyze trends and create better advertising campaigns

Whether Plume is a controller or processor examples of a personal information depends on the customer relationship. If you have questions about whether Plume is a processor or controller of your personal information, please contact the administrator of the Customer Network you are using or [email protected].

  • For Plume’s lawful and legitimate operational purposes. Plume processes personal information as a controller to:

    • monitor use of and protect the Plume Services and information processed through the Plume Services
    • track customer support, billing and account management
    • analyze, measure the effectiveness of and improve the Plume Services
    • identify customer needs and develop new products and services to meet them
    • conduct marketing about the Plume Services or related third-party products and services (where permitted)
    • invite customers and others to participate in market research and testing of current and new features or products
    • create statistical analyses and segment and combine data sets to identify trends
    • detect and prevent fraud (e.g., if you provide a credit or debit card, we may use third parties to check the validity of the sort code, account number and card number you submit)
    • enforce Plume’s customer contracts and other legal agreements
    • prevent, investigate and/or report security incidents, crime, fraud or other violations of law
  • To comply with applicable laws and protect legal rights. Plume processes personal information as a controller to:

    • enforce and investigate actual or suspected violations of our legal agreements
    • protect the safety, security and legal rights of customers and users of the Plume Services
    • detect, prevent and remediate fraud or other unlawful behavior, security issues and other technical issues related to the Plume Services
  • With consent. Plume processes personal information as a controller based on consent for certain marketing activities and advertising practices for automated processing (as described below).

Plume also anonymizes personal information and uses the anonymized data as permitted by applicable law and contracts. (Once personal information is anonymized in compliance with applicable law, it is no longer personal information and not subject to this Plume Privacy Policy.)

4. DOES PLUME USE AUTOMATED PROCESSING?

Plume uses automated processing tools to:

  • To analyze certain personal information for targeted marketing strategies
  • To support interconnections with Facebook, Google and similar providers for advertising on behalf of a CSP partner
  • For customer segmentation analysis, such as when Plume segments users based on machine learning-determined “traits” of a particular location
  • For data loss prevention
  • To monitor use of the Plume Services in accordance with content, governance and information security policies.
  • To comply with legal obligations and defend legal rights
  • To prevent, investigate and/or detect unauthorized or illegal use of the Plume Services

As required by applicable law, we will provide notice and obtain consent for, and/or allow you to opt out of, certain types of automated processing, such as when Plume’s automated processing produces legal or similarly significant effects for you and does not involve human input.

When consent to automated processing is required, Plume works to provide meaningful information about the logic involved in automated processing to help ensure that consent is specific, informed and voluntary and to ensure that users of the Plume Services are not adversely affected by a decision to withhold or revoke consent to automated processing.

5. HOW DOES PLUME SHARE PERSONAL INFORMATION?

How Plume shares personal information depends on the Plume Services used. Generally, Plume shares personal information according to customer contracts, with people and businesses that help operate the Plume Services and otherwise when Plume is legally permitted or required to do so.

Plume shares personal information with the following categories of recipients:

  • Professional advisors, such as lawyers, accountants, insurers and information security and forensics experts.
  • Marketing vendors that help promote the Plume Services (such as by email marketing) and supplement personal information that we already have. For example, Meta receives and uses certain data related to the use of the Plume Services to help us deliver personalized advertising on its platform and assess the effectiveness of this advertising.
  • Service providers to enable them to perform services on our behalf, including data analytics, geo-location based on IP address analytics, data security, cloud storage providers, ecommerce operations, surveys, research, administration of promotions, offers and promotions and otherwise to help us carry out our business.
  • Business customers when Plume is acting as a processor of personal information.
  • Business partners, such as the providers of the internet-connected devices and services that a customer chooses to connect to a Customer Network (e.g., Google Nest and Amazon Alexa). If you acquire the Plume Services through a CSP or reseller, Plume shares personal information with that CSP or reseller.
  • Potential or actual acquirers or investors and their professional advisers in connection with any actual or proposed merger, acquisition or investment in or of all or any part of our business. We will use our best efforts to ensure that the terms of this Plume Privacy Policy apply to personal information after the transaction or that users receive advance notice of changes to personal information processing.
  • Our affiliates and subsidiaries, such as Plume’s entities in Poland, Slovenia, Switzerland and Taiwan.
  • Competent law enforcement, government regulators and courts when we believe disclosure is necessary (i) to comply with the law, (ii) to exercise, establish or defend legal rights, or (iii) to protect the vital interests of users, business partners, service providers or another third party.
  • Other third parties with consent.

When Plume shares anonymized data, Plume takes administrative measures to prohibit efforts by recipients to re-identify the anonymized data.

6. HOW DOES PLUME PROTECT PERSONAL INFORMATION?

Plume uses technical, physical, and administrative safeguards intended to protect the personal information that we process from unauthorized access and use.

Our safeguards are designed to provide a level of security appropriate to the risk of processing your personal information and include (as applicable) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal information. Like any other organization, Plume cannot fully eliminate security risks associated with the processing of personal information.

You are responsible for maintaining the security of your account credentials. Plume will treat access to the Plume Services through your account credentials as authorized by you.

We may suspend your use of all or part of the Plume Services without notice if we suspect or detect any breach of security. If you believe that information you provided to Plume or your account is no longer secure, please notify us immediately at [email protected].

If we become aware of a breach that affects the security of your personal information, we will provide you with notice as required by applicable law. When permitted by applicable law, Plume will provide this notice to you through the email address associated with your account or other permitted method associated with your account.

UNAUTHORIZED ACCESS TO PERSONAL INFORMATION AND THE PLUME SERVICES – INCLUDING SCRAPING – IS PROHIBITED AND MAY LEAD TO CRIMINAL PROSECUTION.

7. HOW LONG DOES PLUME RETAIN PERSONAL INFORMATION?

Plume retains personal information associated with a customer’s account for as long as the account is active and as required by Plume’s customer contracts and otherwise for as long as necessary to carry out the purposes described above. Plume also retains personal information for as long as Plume believes necessary to comply with our legal obligations, resolve disputes and enforce our legal agreements.

When determining the relevant retention period, Plume takes into account the Plume Services used, the nature and length of Plume’s relationship with the customer, mandatory retention periods provided by law and other relevant criteria.

At the end of relevant retention period, Plume either deletes or anonymizes personal information or, if Plume cannot delete or anonymize the personal information, then Plume segregates and securely stores personal information until deletion or anonymization is possible. Plume uses anonymized data subject to applicable law and contracts.

8. WHAT CHOICES ARE AVAILABLE FOR PERSONAL INFORMATION?

Your rights and choices about personal information depend on your place of habitual residence, the Plume Services that you use and our obligations as the controller of your personal information. This Privacy Policy applies to individuals who reside in the U.S. or Canada

The privacy rights that may apply to you are:

  • Right to know the personal information that Plume holds about you and how it is processed
  • Right to request that Plume corrects the personal information that Plume holds about you
  • Right to receive a copy of your personal information in a structured, common and machine-readable format
  • Right to request that Plume restricts the collection, processing or disclosure of your personal information
  • Right to object to the processing of your personal information, such as when the basis of the processing is our legitimate interest (pursuant to Art. 6 para. 1f) GDPR) or the right to opt out of the sale of your personal information and targeted advertising in the U.S.
  • Right to request that Plume deletes your personal information

These rights are not absolute. In some cases, your ability to access or control your personal information is limited by applicable law.

If you are a resident of California or Virginia, please see Plume’s Privacy Rights Notice (U.S.) (U.S. State Privacy Rights Notice), which is effective January 1, 2023, for more information about the rights available to you. The U.S. State Privacy Rights Notice applies to Consumers, as defined under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (CPRA)) (together, CCPA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (CDPA), the Utah Consumer Privacy Act (UCPA), Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring (CTPA), and all laws implementing, supplementing or amending the foregoing, including regulations promulgated thereunder (collectively, U.S. Privacy Laws). The U.S. State Privacy Rights Notice also serves as our Notice at Collection for purposes of CCPA.

IF YOU RESIDE IN A JURISDICTION WITH PRIVACY LAWS THAT OFFER YOU PRIVACY RIGHTS NOT DESCRIBED IN THIS PRIVACY POLICY, PLEASE CONTACT PLUME AT [email protected]. PLUME RESPECTS YOUR PRIVACY RIGHTS AND WILL DO OUR BEST TO ACCOMMODATE YOUR REQUESTS.

Plume's tools for exercising choices about personal information processing, also include:

> Opting out of Plume’s Marketing Emails. To stop receiving promotional emails from Plume, please click the “Unsubscribe” link at the bottom of the email. Your account settings also may allow you to change your notification preferences. After you opt out, we may still send you non-promotional communications, such as receipts for purchases or administrative information about your account.

> Customer Network Administrator Tools. Please contact the administrator of the Customer Network that you use about the following options:

  • Profile settings: Depending on the Plume Services used, a Customer Network administrator may assign profiles and nicknames to Customer Network Equipment and Mobile Devices connected to a Customer Network.
  • Privacy more setting: Certain Plume Services also offer a privacy mode setting. When on, this setting blocks all data exchange.
  • Internet security controls: A Customer Network’s administrator may configure policies for security protection, schedules, parental controls or content filters through the account settings.
  • Motion detection settings: A Customer Network’s administrator can disable the motion detection features that allow the Plume Services to generate live motion and motion history reports. Once disabled, Plume no longer collects information about the live motion within a Customer Network and can no longer generate the reports.

> Account deactivation. You can deactivate your Plume account through the Plume Services and by contacting Customer Support.

> Mobile Device Tools. Mobile operating systems and mobile app platforms (e.g., Google Play, App Store) have permission settings for specific types of mobile device data and notifications, such as for access to contacts, geo-location services and so-called push notifications. You can use the settings on your Mobile Device to consent to or deny certain information collection and/or push notifications. You can stop all information collection from a Plume Mobile App by uninstalling it. If you uninstall a Plume Mobile App, please also consider checking your operating system’s settings to confirm that the unique identifier and other activity associated with your use of the Plume Mobile App is deleted from your Mobile Device.

9. HOW DOES PLUME PROTECT CHILDREN'S PRIVACY?

To learn more about HomePass parental controls, please see https://support.plume.com/hc/en-us/sections/360002021834-Content-Parental-Control.

10. DOES PLUME TRANSFER PERSONAL INFORMATION TO OTHER COUNTRIES?

Plume may transfer personal information across borders to any of the places where Plume and its suppliers and partners do business. Other jurisdictions may have data protection laws that are different from (and, in some cases, less protective) than the laws where you reside.

If your personal information is transferred across borders by Plume or on Plume’s behalf, Plume uses appropriate safeguards to protect personal information in accordance with this Plume Privacy Policy. These safeguards include agreeing to standard contractual clauses and similar model contracts for transfers of personal information among the Plume affiliates and among Plume’s suppliers and partners. When in place, these contracts require the affiliates, suppliers and partners to protect personal information in accordance with applicable privacy laws.

To request information about Plume’s standard contractual clauses or model contracts and other safeguards for cross-border personal information transfers, please contact [email protected].

11. WHEN IS THIS PLUME PRIVACY POLICY CHANGED?

Plume may update this Plume Privacy Policy from time to time in response to changing legal, technical or business developments. When Plume updates the Plume Privacy Policy, Plume will post the updated version and change the “Last Updated” date above. Plume also will take appropriate measures to inform you in advance of significant changes that we believe affect your privacy rights so that you have an opportunity to review the revised Plume Privacy Policy before it is effective. If your consent is required by applicable privacy laws, Plume will obtain your consent to changes before the revised Plume Privacy Policy applies to you.

12. WHO DO I CONTACT WITH QUESTIONS?

The entity responsible for the processing of your Personal Information is Plume Design, Inc., unless Plume is acting as processor or service provider on behalf of one of Plume’s business customers. 

If you have questions or comments about the Plume Privacy Policy or Plume’s privacy practices, please contact us: