Security
Overview
Effective June 24, 2026
This page describes the practical measures Plumes uses to protect accounts, personal data, tutoring sessions, and the people who use the platform. Security is treated as an ongoing practice, not a one-time setting.
Because students, tutors, and guardians share information through Plumes, we combine technical safeguards with clear roles and responsibilities. Everyone who uses the platform plays a part in keeping accounts and data safe.
This text is designed to be practical and safety-first. It describes our intended practices and is not a guarantee, a certification, or a substitute for independent security or legal review tailored to your specific situation.
1. Data Protection
Data sent between your browser and Plumes is encrypted in transit using HTTPS. Account, profile, booking, and communication data is stored in a managed Postgres database with encryption at rest provided by our hosting infrastructure.
We rely on established cloud providers for hosting, storage, and authentication, and we configure access so that data is reachable only through authorized application paths rather than open public access.
We aim to collect only the data needed to operate the service and to limit who can access it. Database access rules restrict records to the users and roles entitled to see them.
2. Account And Access Security
Sign-in is handled through a managed authentication service, and you can sign in with your email or a supported provider such as Google. You are responsible for keeping your credentials private and for signing out on shared devices.
Sessions are maintained with secure cookies, and access is checked on every protected request. We apply rate limiting and authorization checks on the server so that requests are validated before any data is returned.
Plumes uses role-based access. Students, tutors, and administrators each see only the features and data appropriate to their role, and administrative actions are restricted to authorized accounts.
3. Sessions And Communications
Online sessions use secure in-app video generated for each booking. Meeting access is limited to the participants associated with a session.
Where session transcripts or smart notes are produced, they are processed to populate the relevant session record and are made available to the participants entitled to that session, consistent with our data protection practices.
Messaging and file sharing are intended for legitimate tutoring use. Do not share malware or unlawful content, and only upload files you have the right to use. Misuse may lead to account restrictions after review.
4. Student Safety And Minors
Use by minors should be supervised by a parent, guardian, or authorized institution where required. Adults who create or manage accounts for minors are responsible for permissions and supervision, as described in our Terms of Service.
We aim to minimize the personal data associated with student accounts and to limit its visibility to the tutors and guardians involved in a learning arrangement.
If you believe a minor's information has been exposed or that an account is being misused, contact us using the details below so we can review the situation promptly.
5. Reporting A Concern And Contact
If you discover a vulnerability or a potential security issue, please report it to us privately rather than sharing it publicly. Responsible disclosure helps us protect users while a fix is prepared.
When reporting, include enough detail to reproduce the issue, such as the steps taken, the affected page or feature, and the time it occurred. Please do not access, modify, or delete data that is not yours while investigating.
Security questions and reports can be sent to the contact address below. We review reports and aim to respond with appropriate next steps.