Privacy Policy
Last updated: February 23, 2026
Pluume ("we", "our", or "us") operates the Pluume Chrome extension and the pluume.co website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
1. Information We Collect
We collect the following types of information:
- Account Information: When you sign up, we collect your email address and a hashed password via our authentication provider.
- Selected Text: When you explicitly select text and choose to transform it, this text is sent to our AI provider (Anthropic Claude) for processing. The transformed text is returned to you immediately. We do NOT store the content of your original or transformed text.
- Usage Metrics: We track the number of transformation requests and token count per day solely to enforce your plan limits. We do not store the actual content of your transformations.
- Settings & Preferences: Your chosen preferences (floating button visibility, keyboard shortcuts, preferred AI model) and custom writing agents (name, system prompt, display order).
- Payment Information: If you subscribe to a paid plan, payment details are collected and processed by Stripe. We store only your Stripe customer ID.
1.1 Chrome Extension Permissions
The Pluume Chrome extension requires the following permissions:
- storage: To save your preferences and settings locally in your browser
- contextMenus: To add a "Transform with Pluume" option in your right-click menu
- Content script (all URLs): To display the floating quill button and transformation results directly in the page when you select text. The script only activates when you explicitly interact with Pluume.
Important: The extension only processes text when YOU explicitly select it and choose to transform it. We do not monitor your browsing activity or collect data from pages you visit.
1.2 What We Do NOT Collect
To be clear, Pluume does NOT:
- Collect or store your browsing history
- Monitor which websites you visit
- Collect personal identifiable information beyond your email address
- Store the content of text you transform
- Track your activity across websites
- Collect financial information (handled securely by Stripe)
- Access password fields or sensitive form data
2. How We Use and Process Your Information
We process each type of data we collect for specific, limited purposes:
- Account information (email, hashed password): Used to authenticate you, manage your account, and communicate important service updates.
- Selected text: Sent to Anthropic's Claude API exclusively to perform the text transformation you requested. The text is processed in real-time and discarded immediately after the result is returned to you. We do not store, log, or use your text for any other purpose.
- Usage metrics (daily request and token counts): Used solely to enforce your plan's usage limits and to monitor overall service health.
- Settings and preferences: Used to personalize your experience within the extension and persist your configuration across sessions.
- Payment information (Stripe customer ID): Used to manage your subscription, process billing, and provide access to your Stripe billing portal.
- Anonymous analytics data: Used to understand how visitors interact with our website and to improve the user experience.
3. Data Sharing
We share your data with the following third-party service providers, and only to the extent necessary to operate Pluume. We do not sell, rent, or trade your personal data to any third party.
- Anthropic (Claude): We share the text you explicitly select and submit for transformation. This text is sent to Anthropic's Claude API for processing and returned to you in real-time. Neither we nor Anthropic retain the content of your text after processing. Anthropic's privacy policy
- Supabase: We share your account information (email, hashed password), user settings, and usage metrics. Supabase hosts our authentication system and PostgreSQL database with Row Level Security enabled. Supabase's privacy policy
- Stripe: We share your Stripe customer ID and subscription details. Stripe processes all payment card data directly; we never see or store your full card number. Stripe's privacy policy
- Google (Google Analytics via Google Tag Manager): We share anonymous, aggregated website usage data. No personal information or extension usage data is sent to Google. Google's privacy policy
We do not share data with any other third parties beyond those listed above.
4. Data Storage
Your data is stored in the following locations:
- Account data, settings, and usage metrics: Stored in a Supabase-hosted PostgreSQL database on AWS infrastructure (United States). All tables use Row Level Security (RLS) to ensure users can only access their own data.
- Authentication tokens and local settings: Stored locally in your browser using Chrome's sync storage API. This data remains on your device and syncs across your Chrome browsers if you are signed into Chrome.
- Payment data: Stored and managed entirely by Stripe on their secure infrastructure. We only store your Stripe customer ID in our database.
- Text you transform: NOT stored. Text is transmitted to Anthropic's API, processed, and the result is returned to you. No text content is persisted on our servers or by Anthropic.
5. Data Retention
We retain your account information and settings for as long as your account is active. Usage statistics (daily request and token counts) are retained indefinitely for service operation. If you delete your account, your personal data will be removed from our systems within 30 days.
6. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers (Supabase, Anthropic, Stripe) operate their infrastructure. These transfers are necessary to provide our service. We ensure that all third-party providers maintain appropriate security measures to protect your data.
7. Data Security
We implement appropriate security measures to protect your data, including:
- Encrypted connections (HTTPS/TLS) for all data transmission
- Row Level Security (RLS) on all database tables ensuring users can only access their own data
- JWT-based authentication with token refresh mechanisms
- Rate limiting to prevent abuse (30 requests per 60 seconds)
- Data hosted in secure data centers (Supabase: AWS, Anthropic: GCP/AWS)
- All data transmission uses industry-standard encryption protocols
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Deletion: Request deletion of your personal data
- Portability: Request a machine-readable copy of your data
- Objection: Object to processing of your data for certain purposes
To exercise any of these rights, please contact us at the email address below.
9. Cookies & Local Storage
Our website uses Google Tag Manager which may set cookies for analytics purposes. The Chrome extension uses Chrome's sync storage to store your authentication tokens, user settings, and agent configurations locally. This data stays on your device and syncs across your Chrome browsers if you're signed into Chrome.
10. Children's Privacy
Pluume is not intended for use by anyone under the age of 13. We do not knowingly collect personal data from children under 13.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.
12. Contact Us
If you have questions about this Privacy Policy or your personal data, please contact us at: