Privacy Policy

Last updated: March 4, 2026

1. Who we are

Plumb LLC is a Colorado limited liability company ("Plumb," "we," "us," or "our"). We operate the Plumb memory infrastructure service, including the open-source MCP server and the hosted tier available at plumb.run (the "Service").

Questions? Email us at privacy@plumb.run.

2. Scope of this policy

This policy applies to the hosted tier of Plumb only. If you self-host the open-source Plumb MCP server, your data stays entirely on your own infrastructure and we never see it. This policy does not apply to self-hosted deployments.

3. What data we collect

Account data

When you create an account we collect your email address and a hashed password (via Supabase Auth). We do not collect your name unless you provide it.

Memory data

The core function of Plumb is storing memory on your behalf. On the hosted tier, this includes:

  • Raw conversation logs — the full text of exchanges between you and your AI agents, as submitted via the MCP ingest tool.
  • Extracted facts — structured facts automatically derived from your conversations, with confidence scores and timestamps.

This data is stored in a Postgres database hosted on Supabase infrastructure and served via Fly.io. It is logically isolated per user account.

Usage data

We collect basic usage metrics (API call counts, storage usage) for billing and abuse prevention. We do not use third-party analytics on our website or API.

Payment data

Payment processing is handled by Stripe. We do not store credit card numbers or payment details — Stripe handles that directly. We receive and store a Stripe customer ID and subscription status.

4. How we use your data

  • To provide the Service — storing and retrieving your memory data via the MCP API
  • To manage your account and subscription
  • To respond to support requests
  • To detect and prevent abuse or unauthorized access
  • To comply with legal obligations

We do not sell your data. We do not share your memory data with third parties except as described in Section 5.

5. Third-party services

We use the following sub-processors to operate the Service:

  • Supabase — database hosting and authentication
  • Fly.io — API server hosting
  • Stripe — payment processing

Each sub-processor is bound by their own privacy policies and data processing agreements. We do not use your memory data to train AI models, and we do not share it with AI providers.

6. Data retention

Your memory data is retained for as long as your account is active. If you cancel your subscription, your data is retained for 30 days and then permanently deleted, unless you export it first (see Section 7).

7. Your rights

You have the right to:

  • Export your memory data by contacting us at privacy@plumb.run — we will provide your data in a machine-readable format
  • Delete your account and all associated data — email privacy@plumb.run and we will permanently delete everything within 30 days
  • Correct inaccurate account data
  • Object to processing in certain circumstances

If you are in the European Economic Area (EEA), you have additional rights under GDPR, including the right to lodge a complaint with your local supervisory authority.

8. Security

Memory data is encrypted at rest and in transit. Access is restricted to authenticated API requests using your account credentials or API key. We take reasonable steps to limit internal access to your conversation content and do not access it except as necessary to provide the Service or respond to a support request.

9. Children

The Service is available to users aged 13 and older. Users under 18 must have parental or guardian consent. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us data, contact us at privacy@plumb.run and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the date at the top of this page. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.