Privacy Policy
Last updated: June 28, 2026
This Privacy Policy explains how 97 Technologies LLC (“97 Technologies LLC”, “we”, “us”) handles personal data in connection with the Plumblearning platform (the “Service”).
1. Our role: your organization controls your data
Most people use Plumbas a member of an organization (an employer, school, or training provider; an “Organization”). When you do, your Organization is the controller of the personal data in its workspace and decides how it is used, and 97 Technologies LLC acts as a processorthat handles that data on the Organization’s behalf and on its instructions. For requests about your personal data — access, correction, export, or deletion — please contact your Organization’s administrator in the first instance; we will assist the Organization in responding.
We act as a controllerfor a limited set of data whose purposes we determine ourselves — for example, administering our billing relationship with an Organization, securing and operating the platform, preventing abuse, and complying with law. This Policy describes both roles.
2. Information we process
- Account data: name, email address, role, and Organization, plus authentication data such as password hashes and multi-factor settings.
- Learning activity: course enrollments and progress, quiz and assignment attempts and grades, certificates of verified completion, discussion posts, notes, and saved items.
- Usage and technical data: log and audit records of key actions (such as sign-ins and administrative changes), including IP address and browser/user-agent, used to operate and secure the Service.
- Billing data (Organizations): subscription status and plan information. Payments are processed by Square; we do notcollect or store full payment card numbers — card details are handled by Square, and we retain only limited, opaque references needed to manage a subscription.
- Communications: messages you send us for support and the email address we send transactional messages (such as invitations and password resets) to.
3. How we use information
- to provide, maintain, and improve the Service and its features;
- to authenticate users, enforce permissions, and keep Organizations’ data isolated;
- to send transactional email such as invitations, password resets, and notifications;
- to secure the Service, detect and prevent abuse, and maintain audit records;
- to administer subscriptions and billing for Organizations; and
- to comply with legal obligations and enforce our Terms.
4. Cookies
Plumb uses only strictly necessary cookies to keep you signed in and to operate core functionality. We do not use advertising or third-party analytics trackers, and we do not sell or share personal data for cross-context behavioral advertising. Where lessons embed video, we use privacy-enhanced (no-cookie) embeds where available.
5. How we share information
We do not sell personal data. We share data only as needed to run the Service:
- Within your Organization: with administrators, instructors, and managers as required for their roles (for example, an instructor can see the progress of learners in their course).
- Service providers (subprocessors) who process data on our behalf under contract and appropriate safeguards:
- Supabase— database, authentication, and file storage (hosted infrastructure);
- Railway— application and worker hosting (compute);
- Postmark— delivery of transactional email; and
- Square— payment processing for paid subscriptions.
- Legal and safety: when required by law, to enforce our Terms, or to protect the rights, safety, and security of users, the public, or 97 Technologies LLC.
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy.
6. Data retention
For data we process on an Organization’s behalf, we retain it for as long as the Organization’s account is active or as the Organization instructs, and we delete or anonymize it within a reasonable period after the account ends, except where we must keep it to comply with law, resolve disputes, or enforce agreements. Security and audit logs are retained for a limited period (currently up to thirteen months) and then purged. Certificates may be retained to support their continued verification.
7. Security
We protect data with measures including encryption in transit, role-based access controls, database-level tenant isolation, least-privilege service credentials, and support for multi-factor authentication and single sign-on. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
8. Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, or to object to certain processing. Because your Organization controls your workspace data, please direct these requests to your Organization’s administrator; we will help the Organization fulfill them. For data for which we are the controller, or if you cannot reach your Organization, contact us using the details below. We will not discriminate against you for exercising these rights.
9. International data transfers
Our infrastructure providers host data in the United States. If you access the Service from another country, your data may be transferred to and processed in the United States; where required, we and our providers rely on appropriate transfer safeguards.
10. Children’s privacy
The Service is intended for use by organizations and their authorized members, not by children directly. We do not knowingly collect personal data from children other than at the direction of an Organization. An Organization that enrolls minors is responsible for obtaining any consent required by law.
11. Changes
We may update this Policy from time to time. If we make material changes, we will update the date above and, where appropriate, provide notice through the Service.
12. Contact
For privacy questions or requests, contact 97 Technologies LLC at build@97technologies.com. If you use Plumbthrough an Organization, your Organization’s administrator is your first point of contact for your account data.