EN-US

Plume Trust Center

At Plume, we are committed to providing trusted consumer experiences to our customers by protecting the security, privacy, and availability of their data.

App Store Google Play Download Button Works on mobile devices with OS version 15.0 or newer
Google Play Apple store Download Button Android mobile devices with Android 7.0 or newer
App Store Google Play Download Button Works on mobile devices with iOS 15.0 or higher
Google Play Apple store Download Button Works on Android mobile devices with Android 7.0 or higher
Security
Privacy
Cloud
Compliance
Security
Plume is dedicated to the security of our products and services. We focus on security so our customers can focus on growing and innovating their services while empowering consumers to elevate their smart home experience. Plume has earned two certifications from the International Organization for Standardization (ISO): ISO/IEC 27001:2022 and ISO/IEC 27701:2019. ISO certifications are widely considered the gold standard certifications for protecting information and the systems through which that information is handled. If you have questions about Plume’s information protection programs or have experienced an information security event related to Plume’s services, please contact us at security@plume.com.
Device & Application Security
  • Plume integrates security into the product development lifecycle, following industry recognized frameworks such as OWASP SAMM. Security assessments are conducted as part of the release process. Plume’s goal is to ensure our software and firmware are designed and built securely from the ground up.
  • Security training is designed to help our employees identify, address and mitigate security threats.
  • Plume’s service providers undergo a security risk assessment as part of Plume’s Third Party Risk Management program. This program includes review of each such third party’s compliance with law.
Data Security
  • Plume uses NIST best practice frameworks to protect services and NIST standards to encrypt customer data in storage and communication between the consumer premise equipment and mobile/web applications to the cloud.
  • Network segregation and role-based access control is used to restrict unauthorized data access.
  • Data permissions are configured using the principle-of-least-privilege to limit access to only those who need it for a specific business purpose.
  • Access to production data is monitored, logged, and audited.
Vulnerability Disclosure
  • If you have questions about Plume’s information protection programs, have experienced an information security event related to Plume’s services or want to submit a vulnerability disclosure, please contact us at security@plume.com. To submit a vulnerability disclosure, you may also use this form.
  • You can expect to receive an acknowledgement within 5 business days. Periodic updates on reported issues will be sent.
  • To the best of our ability, we will confirm the existence of the vulnerability and be as transparent as possible throughout the process.
Privacy
Plume is committed to protecting individuals’ privacy. Plume’s commitment is realized by a privacy governance program guided by these core privacy principles:
  • Lawfulness, Fairness and Transparency: Processing of personal information is transparent and fair.
  • Purpose Limitation: Personal information is processed for specific, explicit, and legitimate purposes that are disclosed to the individuals and not further processed in a manner inconsistent with those disclosed purposes.
  • Data Minimization: Personal information is processed as reasonably necessary for the purposes for which the personal information was collected.
  • Accuracy: Plume strives to maintain personal information as accurate, up-to-date and complete.
  • Storage Limitation: Personal information is stored only as long as necessary for the purpose for which it was collected.
  • Integrity and Confidentiality: Plume protects the security and confidentiality of personal information through appropriate technical and organizational measures.
Privacy Governance Program

Plume’s privacy governance program includes these key practices:

  • Plume describes in its privacy policies the rights and choices that individuals may have with respect to personal information and how to exercise those rights.
  • Plume’s employees participate in privacy awareness training designed around organizational, contractual and regulatory requirements.
  • Plume incorporates privacy-by-design and privacy-by-default controls in the product development Lifecycle.
  • Plume has procedures for preventing, detecting and remediating any unauthorized access, use, unavailability or disclosure of personal information.
  • Plume’s suppliers and vendors that handle personal information are subject to binding commitments that establish their roles and limitations in processing that personal information.
  • Plume conducts periodic self-assessments to identify gaps in its privacy governance program and establish measures for eliminating the identified gaps and establishing best practices.
  • Plume takes measures to retain personal information for the duration necessary to fulfill the disclosed purposes unless a different retention period is required by customer agreements or law.
  • Plume services are hosted and operated in multiple geographic regions. In some cases, Plume may transfer personal information across jurisdictional borders. For international transfers of personal information from the EEA, UK and Switzerland, Plume’s customer and supplier contracts include the Standard Contractual Clauses issued by the European Commission under decision 2010/87/EU (including the UK and Swiss addenda). Plume complies with applicable laws with respect to other personal information transfers when the destination jurisdiction does not ensure the same level of data protection as the jurisdiction from which the personal information originates.
Cloud
Using the power of the cloud, Plume services are designed to be secure, resilient and dynamically scalable. The operational status of our US cloud and EU cloud is publicly available.
Cloud Practices
  • The Plume cloud is architected to provide high availability and data redundancy.
  • The cloud infrastructure is built and operated using a shared responsibility model leveraging certified cloud provider services supplemented by organizational and technical controls.
  • Access to corporate resources are managed using controls such as Single-Sign-On (SSO), Multi-Factor Authentication (MFA) and Virtual Private Network (VPN) based remote access.
  • Systems are configured with minimum necessary services and changes are logged and monitored.
  • Anti-malware and intrusion detection systems are used to detect and respond to anomalous behavior and malicious activity.
  • Periodic assessments are performed to detect vulnerabilities in the environment which are then mitigated based on their risk using change management and incident response processes.
Compliance
Plume is continuously working to meet and exceed its regulatory compliance obligations. Plume maintains these compliance certifications.
ISO/IEC 27001:2022 - Information Security Management System

Plume is ISO/IEC 27001:2022 certified

  • Security Information Management
ISO/IEC 27701:2019 - Privacy Information Management System

Plume is ISO/IEC 27701:2019 certified

Privacy Information Management

Data Privacy Framework

Data Privacy Framework

DPF Program Image for Trust Page