Privacy
Privacy policy
Last updated: 2026-07-02
Who we are
Plurism is operated by The Gentle Equation Pty Ltd, registered in Victoria, Australia. Contact: hello@plurism.dev.
What we collect
- Account data: email and project-level metadata you create in the portal.
- Content you ingest: support threads, feedback, waitlist entries, files — whatever you send to the API.
- Operational logs: method, path, status, duration, a hashed IP subnet (first 64 bits of SHA-256 of a /24), user-agent, and a correlation ID.
What we don't collect
- No third-party analytics or ad trackers on this site.
- No cross-site tracking, no fingerprinting.
- Full client IPs are never stored — only a truncated and salted hash.
- Cookies: the only cookies on this site are strictly-necessary Cloudflare ones (e.g. bot protection). No consent banner is needed because there's nothing to consent to.
How long we keep it
- Operational request logs, webhook delivery logs, and inbound-email drop records: 30 days, pruned automatically.
- Sign-in tokens: 7 days. Billing event records: 90 days.
- Content you ingest (threads, entries, files): kept until you delete it or close your account.
- Analytics: raw events 90 days; daily aggregates roughly 15 months; the revenue ledger is kept until you close your account.
- Encrypted database backups: 30-day rolling window.
Where data lives
Application data lives in Cloudflare D1 + R2 (primary region: North America). The operational plane runs on Cloudflare Workers. Because we're an Australian company storing data on overseas infrastructure, this is a cross-border disclosure under Australian Privacy Principle 8 — we only use providers with strong contractual data-protection commitments.
Subprocessors
We use these providers to deliver the service. We'll update this list before adding new ones:
- Cloudflare, Inc. (US/global) — compute, database, file storage, networking.
- Resend, Inc. (US) — transactional + inbound email.
- Stripe, Inc. (US) — payments, once paid tiers launch.
Your users' data (controller / processor)
Data your application sends to Plurism about your users — support reporters, waitlist signups, feedback authors, analytics visitors — is processed on your behalf and on your instructions: you are the controller, we are the processor. If your users are in the EEA/UK, GDPR rights requests for that data should go to you; we'll assist. The processing commitments are in our terms.
This includes analytics. If you use Plurism Analytics, the data you send us about your visitors is: a pseudonymous visitor ID, page URLs and referrers, UTM tags, and a country code derived at our edge. Analytics data never contains IP addresses — not even hashed ones; the only IP-derived value anywhere is the subnet-truncated salted hash in our 30-day operational logs. If you pass us an email or your own user ID, we use it to stitch a visitor's activity into one profile. If you connect your Stripe account, we record revenue events (amounts and Stripe customer IDs) against those profiles. Raw events are deleted after 90 days and daily aggregates after roughly 15 months; the revenue ledger is kept so your numbers stay accurate over time. Your end users should send access or deletion requests to you — you're the controller — and we'll assist as processor.
Your rights
You can request a data export or deletion at any time by emailing hello@plurism.dev. Soft-delete is first-class in every Plurism service; hard-delete + bulk export are in active development. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. If you're unhappy with how we've handled your data, contact us first — and you can complain to the OAIC (oaic.gov.au).
Changes
If this policy changes materially, we'll notify account holders by email at least 30 days before the change takes effect.