Privacy Policy
Last updated: January 29, 2026
Pluume ("we", "our", or "us") operates the Pluume Chrome extension and the pluume.co website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
1. Information We Collect
We collect the following types of information:
- Account Information: When you sign up, we collect your email address and a hashed password via our authentication provider.
- Selected Text: When you explicitly select text and choose to transform it, this text is sent to our AI provider (OpenAI) for processing. The transformed text is returned to you immediately. We do NOT store the content of your original or transformed text.
- Usage Metrics: We track the number of transformation requests and token count per day solely to enforce your plan limits. We do not store the actual content of your transformations.
- Settings & Preferences: Your chosen preferences (floating button visibility, keyboard shortcuts, preferred AI model) and custom writing agents (name, system prompt, display order).
- Payment Information: If you subscribe to a paid plan, payment details are collected and processed by Stripe. We store only your Stripe customer ID.
1.1 Chrome Extension Permissions
The Pluume Chrome extension requires the following permissions:
- activeTab: To access the text you select on the current page when you explicitly activate Pluume
- storage: To save your preferences and settings locally in your browser
- contextMenus: To add a "Transform with Pluume" option in your right-click menu
- scripting: To display transformation results directly in the page
- Host permissions: To work on any website you visit (only activated when you explicitly use Pluume)
Important: The extension only processes text when YOU explicitly select it and choose to transform it. We do not monitor your browsing activity or collect data from pages you visit.
1.2 What We Do NOT Collect
To be clear, Pluume does NOT:
- Collect or store your browsing history
- Monitor which websites you visit
- Collect personal identifiable information beyond your email address
- Store the content of text you transform
- Track your activity across websites
- Collect financial information (handled securely by Stripe)
- Access password fields or sensitive form data
2. How We Use Your Information
- To provide and maintain our service
- To process your text transformation requests via our AI providers
- To manage your account, subscription, and billing
- To enforce usage limits based on your plan
- To improve our service and develop new features
- To communicate important service updates
3. Third-Party Services
We use the following third-party services to operate Pluume:
- Supabase: Authentication and database hosting. Your account data and settings are stored in Supabase's PostgreSQL database with Row Level Security enabled. Data is hosted on AWS infrastructure.
- OpenAI: Text transformation processing. ONLY the text you explicitly select and submit for transformation is sent to OpenAI's API. The text is processed in real-time and neither we nor OpenAI store your text content after processing. OpenAI's data usage policy can be found at openai.com/policies/api-data-usage-policies
- Stripe: Payment processing for paid subscriptions. Stripe handles all payment card data; we never see or store your full card number.
- Google Analytics (via Google Tag Manager): We collect anonymous usage statistics about how visitors interact with our website to improve the user experience.
4. Data Retention
We retain your account information and settings for as long as your account is active. Usage statistics (daily request and token counts) are retained indefinitely for service operation. If you delete your account, your personal data will be removed from our systems within 30 days.
5. Data Security
We implement appropriate security measures to protect your data, including:
- Encrypted connections (HTTPS/TLS) for all data transmission
- Row Level Security (RLS) on all database tables ensuring users can only access their own data
- JWT-based authentication with token refresh mechanisms
- Rate limiting to prevent abuse (30 requests per 60 seconds)
- Data hosted in secure data centers (Supabase: AWS, OpenAI: Azure/AWS)
- All data transmission uses industry-standard encryption protocols
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Deletion: Request deletion of your personal data
- Portability: Request a machine-readable copy of your data
- Objection: Object to processing of your data for certain purposes
To exercise any of these rights, please contact us at the email address below.
7. Cookies & Local Storage
Our website uses Google Tag Manager which may set cookies for analytics purposes. The Chrome extension uses Chrome's sync storage to store your authentication tokens, user settings, and agent configurations locally. This data stays on your device and syncs across your Chrome browsers if you're signed into Chrome.
8. Children's Privacy
Pluume is not intended for use by anyone under the age of 13. We do not knowingly collect personal data from children under 13.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.
10. Contact Us
If you have questions about this Privacy Policy or your personal data, please contact us at: