Privacy Policy
This policy explains what personal information Plummy collects, how we use it, and the choices you have. In this policy, "Plummy," "we," and "us" refer to the operator of the Plummy service. It applies to plummy.ai, the Plummy web app, and the messages we send on behalf of our business customers.
1. Who this policy is for
Two groups of people interact with Plummy. Business customers are the local businesses that sign up for an account. End customers are the people those businesses serve, whose contact details a business adds to Plummy so we can send a review request on the business's behalf. This policy covers both. For end-customer data, the business is the data controller and Plummy acts as a service provider or processor on its instructions.
2. Information we collect
Account information
When a business signs up, we collect the account holder's name, business name, email address, phone number, and billing details. Payments are processed by our payment provider; we do not store full card numbers.
End-customer contact details
Business customers upload or sync the names, mobile phone numbers, and email addresses of their own customers so that Plummy can send a review request. We process this information only to provide the service to that business.
Usage and device data
We collect standard log data (IP address, browser type, pages viewed, timestamps) and use essential cookies to keep you signed in and to measure aggregate product usage. We do not use advertising cookies.
3. How we use information
- To send review requests and follow-ups by text message and email on behalf of the business that added the contact.
- To provide, maintain, secure, and improve the Plummy service.
- To process billing for the $97 per month subscription and send service and account notices.
- To provide customer support and respond to your requests.
- To comply with legal obligations and enforce our Terms of Service.
We do not sell personal information, and we do not share it for cross-context behavioral advertising.
4. Text messages and email
Plummy sends review requests by SMS and email. Message frequency depends on how many customers a business adds. Standard message and data rates may apply. Recipients can opt out of texts at any time by replying STOP, and can unsubscribe from emails using the link in any message. Businesses that use Plummy are responsible for having a lawful basis and any required consent to contact their own customers, and for complying with applicable messaging laws such as the TCPA, CAN-SPAM, and equivalent rules in their region. Our Terms of Service set out these obligations in more detail.
5. Legal bases (EEA and UK)
Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract (to provide the service and billing), legitimate interests (to secure and improve the service), consent where required (for certain communications), and compliance with legal obligations. For end-customer messaging, the business customer is responsible for establishing the appropriate legal basis with its own customers.
6. How we share information
We share personal information only with service providers who help us run Plummy, under contracts that require them to protect it, including: our SMS and email delivery providers, our payment processor, our cloud hosting provider, and analytics and support tools. We may also disclose information if required by law, to protect our rights or users' safety, or in connection with a business transfer. We do not sell your data.
7. Data retention
We keep account information for as long as an account is active and for a reasonable period afterward to meet legal, tax, and security obligations. End-customer contact details are retained while the business's account is active and are deleted or returned after the account closes, subject to legal retention requirements. A business can request deletion of its end-customer data at any time.
8. Security
We use technical and organizational measures to protect personal information, including encryption in transit, access controls, and least-privilege practices. No method of transmission or storage is completely secure, but we work to protect your data and to notify affected parties of any breach as required by law.
9. Your rights
Depending on where you live, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. California residents have rights under the CCPA and CPRA, including the right to know, delete, and correct, and the right not to be discriminated against for exercising them. To exercise any right, contact us using the details below. If you are an end customer, you may also contact the business that added you, since it controls that data. You have the right to lodge a complaint with your local data protection authority.
10. International transfers
We may process and store information in countries other than your own. Where we transfer personal data across borders, we use appropriate safeguards such as standard contractual clauses where required.
11. Children
Plummy is a business tool and is not directed to children. We do not knowingly collect personal information from anyone under 16.
12. Changes to this policy
We may update this policy from time to time. We will post the new version here and update the date above. Material changes will be communicated to account holders.
13. Contact us
For privacy questions or to exercise your rights, contact Plummy at hello@plummy.ai.
This page is a general template provided for transparency. Have it reviewed by qualified legal counsel for your jurisdiction before relying on it, and confirm the operating entity name, registered address, governing law, and sub-processor list.