Privacy Policy

NEEDS LEGAL REVIEW. This is a starter draft. Do not treat as final until a qualified attorney has reviewed it.

This Privacy Policy explains what information Pluripo (“we”, “us”) collects about you when you use Pluripo (the “Service”), how we use it, and the choices you have. It is incorporated into the Terms of Service by reference.

1. Information we collect

• Account data. When you sign in with Google, we receive and store your email address, your Google account’s stable subject identifier (an opaque ID used to recognize you on subsequent sign-ins), and the name on your Google profile. We use this information to create and authenticate your account.
• Billing data. When you subscribe or purchase top-up credit, our payment processor (Stripe) creates a customer record on your behalf. We store the Stripe customer identifier and your subscription status. We do not store your card number, expiration, or CVV — those remain with Stripe.
• Usage data. When you make a request through the Service, we store the request itself (including your prompt text and the model output returned to you), the token counts reported by the upstream provider, the cost computed at provider rates, and the timestamp of the request. We retain this information to meter usage against your subscription allowance and top-up balance, to bill correctly, to investigate abuse, and to provide support.
• Session data. When you sign in, we issue an opaque session token that authenticates your subsequent requests. We record the issue timestamp, the last-used timestamp, and an optional human-readable label per session. We do not persist your IP address beyond the short time window we use for rate-limit enforcement.

2. How we use information

We use the information described above to:

• Provide, operate, and improve the Service.
• Authenticate you and protect your account.
• Meter usage, bill correctly, and reconcile payments.
• Enforce the Acceptable Use Policy, investigate suspected fraud or abuse, and protect Pluripo and its users.
• Respond to your questions and support requests.
• Comply with legal obligations and respond to lawful requests from authorities.

We do not sell your personal information, and we do not use your information for advertising.

3. Subprocessors

We rely on a small number of third-party providers to operate the Service. A current list with each provider’s purpose, region, and privacy-policy link is published at Subprocessors.

4. Data sharing

We do not sell your personal information. We share information only:

• With the subprocessors listed above, strictly to operate the Service on our behalf.
• With your consent, when you explicitly direct us to share information with a third party.
• As required by law, valid legal process, or to protect the rights, property, or safety of Pluripo, its users, or the public.
• In connection with a merger, acquisition, or sale of assets, in which case the acquirer will be bound by this Privacy Policy or a substantially similar one.

5. Retention

• Personally identifying information (PII). We delete the PII associated with your account — your email address, Google subject identifier, and profile name — within 30 days of your account-deletion request. Active sessions are revoked immediately at the time of deletion.
• Stripe customer identifier. We retain your Stripe customer identifier on the deleted account record so that webhooks arriving from Stripe after deletion (for example, the final period’s invoice) can be reconciled correctly. The Stripe customer identifier is an internal Stripe reference, not personal information you provided to us.
• Usage records. We retain usage records (request metadata, prompts, outputs, token counts, timestamps) for up to seven (7) years to satisfy tax, accounting, and audit requirements. After your account is deleted, the link between usage records and your identity is severed; the records become anonymized usage history.
• Backups. Database backup snapshots created before your deletion request may contain pre-deletion PII. Backup snapshots are configured to expire within 30 days, after which the pre-deletion PII is no longer recoverable.
• Revoked sessions. Revoked session records are purged 90 days after revocation.

6. Your rights

Depending on where you live, you may have one or more of the following rights under the GDPR, CCPA/CPRA, or similar laws:

• Access and export. You can download a JSON dump of your account data and a monthly usage summary at any time from the account portal (Account → Download my data). The export includes account metadata, subscription state, top-up history, monthly usage totals, and session history. It satisfies our obligations under GDPR Articles 15 and 20 and the analogous CCPA right to know.
• Deletion. You can initiate account deletion at any time from the account portal (Account → Delete account). PII is removed within 30 days; anonymized usage records are retained per the retention section above.
• Correction. Most account fields are populated from your Google profile. To correct other information, email privacy@pluripo.com.
• Objection and restriction. You may email privacy@pluripo.com to object to or request restriction of a specific processing activity. We will respond within the timeframe required by applicable law.
• Opt-out of sale. Pluripo does not sell personal information, so there is no sale to opt out of. We will continue not to sell your information without affirmative opt-in.
• Right to lodge a complaint. If you are in the EU/EEA or UK, you have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@pluripo.com. We may need to verify your identity before acting on a request.

7. Cookies

The Service uses only strictly-necessary session cookies. Details are in our Cookie Policy.

8. International transfers

NEEDS LEGAL REVIEW.

Pluripo’s primary processing region is [REGION PLACEHOLDER — Fly.io region]. If you access the Service from a country other than that region, your information will be transferred to and processed in that region. Where transfers are subject to the GDPR or UK GDPR, we rely on Standard Contractual Clauses or other lawful transfer mechanisms recognized by the European Commission or the UK ICO.

9. Security

We protect your information with:

• TLS encryption in transit between your client, our backend, and our subprocessors.
• Row-locked transactional accounting to prevent concurrent-update corruption of usage and balance records.
• Secrets (provider API keys, OAuth client secrets, database credentials) stored in a dedicated secret store and never bundled into the VSCode extension.
• Periodic backups with the retention described above.

No system is perfectly secure. If we become aware of a breach affecting your information, we will notify you in accordance with applicable law.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please email privacy@pluripo.com and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Non-material changes (typo fixes, link updates) take effect when posted. Material changes (new categories of information collected, new purposes of use, new subprocessors of a different kind) trigger an in-app notice on your next sign-in.

12. Contact

For any privacy-related question, request, or complaint: privacy@pluripo.com.