Privacy Policy

Effective: 14 May 2026 · Last updated: 14 May 2026 · Version 1.1

Scope. Plume Host directs its services to customers in the United States and Latin America. We do not actively offer or market services in the European Economic Area, the United Kingdom, or Switzerland. This policy describes our practices for customers in our target markets.

This Privacy Policy describes how Plume Host LLC ("Plume Host", "we", "us", "our") collects, uses, and shares personal information when you visit our websites, create an account, or use our services.

1. Information We Collect

Information you give us

Account details: name, email address, mailing address, phone number, country of residence, and (for invoicing) tax identifiers.
Payment information: processed by our payment providers (e.g. Stripe, PayPal, Mollie). We do not store full card numbers on our servers; we receive limited transaction data such as the last four digits, card brand, and authorization status.
Support communications: the contents of any ticket, email, or message you send us.

Information collected automatically

Service logs: IP address, browser user agent, request timestamps, URLs accessed, error codes, and similar technical data used to operate and secure the services.
Cookies: we use strictly necessary cookies (authentication, cart) and first-party analytics cookies. We do not run third-party advertising trackers and we do not sell or share personal information for cross-context behavioral advertising.

Customer content on our servers

Files, databases, and emails you upload to your hosting account are stored on our infrastructure to deliver the service. We treat this content as confidential and do not inspect it except where strictly necessary to operate the service, investigate abuse, or comply with the law.

2. How We Use Information

Provide, maintain, and improve the services.
Process payments, send invoices, and prevent fraud.
Communicate operational notices (maintenance, security incidents, billing).
Respond to support requests.
Comply with legal obligations and enforce our Terms and AUP.

3. Categories of Personal Information We Collect, Use, and Disclose

For purposes of California, Brazilian, Mexican, and similar disclosure laws, the categories of personal information we have collected in the prior 12 months are:

Category	Examples	Source	Disclosed to	Retention
Identifiers	Name, email, mailing address, phone, IP address	You; automatic logs	Payment processors; infrastructure providers; tax authorities	Account lifetime + 7 years
Commercial information	Plan purchased, invoice history	You; our billing system	Payment processors; tax authorities	Account lifetime + 7 years
Internet / network activity	Access logs, user-agent, URLs	Automatic	Infrastructure providers; law enforcement on valid request	30–90 days
Geolocation	Coarse location from IP	Automatic	Infrastructure providers	30–90 days
Tax/identification numbers	VAT, RFC, CUIT, CPF when provided	You	Tax authorities; accountants	Account lifetime + 7 years
Customer content	Files, databases, emails you upload	You	Infrastructure provider for storage; law enforcement on valid request	Until you delete or terminate, + ~30 days residual + backup rotation

We do not sell personal information, and we do not share it for cross-context behavioral advertising.

4. Sharing

We share data only with the following categories of recipients, and only as needed to deliver the service:

Infrastructure providers: Namecheap, Inc. (server, registrar), cPanel, L.L.C. (control panel), Proton AG (email).
Payment processors: e.g. Stripe, PayPal, Mollie.
Billing software: WHMCS by WHMCS Limited, self-hosted on our infrastructure.
Authorities: when required by law, court order, or to protect rights, property, or safety.

We require all sub-processors to maintain data-protection standards consistent with this policy. A current sub-processor list is available on request. We will notify customers by email or client-area announcement at least thirty (30) days before adding a new sub-processor that processes personal data.

5. International Transfers

Our servers and most of our processors are located in the United States. If you access our services from outside the United States, your information will be transferred to and processed in the United States and other jurisdictions where our processors operate. We rely on appropriate safeguards under applicable Latin American data-protection laws, including data-transfer agreements where required.

6. Retention

Account and billing records: retained for the duration of the customer relationship plus seven (7) years to meet tax and accounting obligations.
Server logs: typically 30–90 days.
Customer content: stored until you delete it or terminate your account. After termination, residual data is purged within thirty (30) days, except for backups, which expire on their normal rotation.

7. Security

We protect personal information using technical and organizational measures appropriate to the risk, including HTTPS/TLS encryption in transit, encrypted credentials at rest, restricted access controls, and routine software updates. In the event of a personal data breach, we will notify affected customers and, where required by law, regulators without undue delay.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict our processing of your personal information, and to object to certain processing. You may also lodge a complaint with your local data-protection authority. To exercise rights, email hola@plume.host. We will respond within thirty (30) days. We will not discriminate against you for exercising any right.

8.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, disclose, and (if applicable) sell or share.
Delete personal information we have collected, subject to legal exceptions.
Correct inaccurate personal information.
Opt out of "sale" or "sharing" for cross-context behavioral advertising. We do not sell or share for this purpose; no opt-out action is required on your part.
Limit use of sensitive personal information. We do not use sensitive personal information for purposes that would trigger this right.
Non-discrimination. We will not deny services, charge different prices, or provide a different level of quality for exercising your rights.

To submit a request, email hola@plume.host with subject "California Privacy Request". You may designate an authorized agent.

8.2 Brazil Residents (LGPD)

Under the Lei Geral de Proteção de Dados (Law No. 13,709/2018), you have the right to confirmation of processing, access, correction, anonymization or deletion of unnecessary or excessive data, portability, information about shared processing, revocation of consent, and to file a complaint with the ANPD (Autoridade Nacional de Proteção de Dados). Our Operator / Encarregado for LGPD matters can be reached at hola@plume.host.

8.3 Mexico Residents (LFPDPPP)

Under the Ley Federal de Protección de Datos Personales en Posesión de los Particulares, you have ARCO rights — Access, Rectification, Cancellation, and Opposition — as well as the right to revoke consent. Submit ARCO requests by email to hola@plume.host. You may also file a complaint with the INAI.

8.4 Other Latin American Jurisdictions

Customers in Argentina (Ley 25.326), Colombia (Ley 1581 de 2012), Chile (Ley 19.628 as amended), Uruguay, Peru, and other countries with personal-data laws have similar rights of access, correction, deletion, and objection. Submit requests by email to hola@plume.host.

8.5 European Economic Area, United Kingdom, and Switzerland

Plume Host is directed at customers in the United States and Latin America. We do not target, market, or actively offer our services to data subjects in the European Economic Area, the United Kingdom, or Switzerland. We do not maintain establishments in these jurisdictions and do not appoint a representative under Article 27 of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") or the UK GDPR.

If you reside in these jurisdictions and you choose, on your own initiative, to acquire our services, we will honor reasonable requests to access, rectify, erase, restrict, port, or object to processing of your personal information on a best-effort basis. Submit such requests by email to hola@plume.host. By using the service you acknowledge that your personal information will be transferred to and processed in the United States, and that Plume Host does not represent or warrant compliance with the EU GDPR, the UK Data Protection Act 2018, or the Swiss Federal Act on Data Protection ("revFADP"). Persons in those jurisdictions seeking a service provider subject to those frameworks should select a different provider.

9. Automated Decision-Making

We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects on individuals.

10. Children

Our services are not directed to children. We do not knowingly collect personal information from children under thirteen (13) in the United States (per COPPA), under the age of consent established by the applicable Latin American country (typically 13–18), or under the equivalent age in any other jurisdiction. If we learn we have collected such information, we will delete it promptly.

11. B2B Customers and Data Processing

Business customers who act as a controller of personal data of their own end users (e.g. agencies hosting client sites) may request a Data Processing Addendum by emailing hola@plume.host.

12. Changes

We may update this policy from time to time. Material changes will be announced via the client area or by email at least thirty (30) days before they take effect. The "Last updated" date at the top reflects the current version.

13. Contact

Plume Host LLC · 5830 E 2nd St, Ste 7000 #35042, Casper, Wyoming 82609, United States · EIN 36-5177229 · hola@plume.host