We use cookies to personalise and enhance your experience.


Privacy Policy

Effective date: March 23, 2022

This privacy policy ("Policy") describes how Plutio ("Plutio", "we", "us" or "our") collects, protects and uses the personal data that individual users and business entities ("User", "you" or "your") provide through the plutio.com website, the related domain names, software, and any of its products or services (collectively, "Website" or "Services").
The Policy also describes the choices available to you regarding our use of your personal data and how you can access and update this information. This Policy does not apply to the practices of companies, websites, and services that we do not own or control, or to individuals that we do not employ or manage. Please read this Policy carefully before providing any personal data to us.

1- About us
2- Automatic collection of information
3- Collection of personal data
5- Managing personal data
5- Storing personal data
5- Information disclosure
7- The rights of users
7- How to exercise users’ rights
7- Complaints
8- Non-discrimination
8- Billing and payments
8- Privacy of children
8- Newsletters and service notices
9- Cookies and targeted advertising
9- Do Not Track signals
9- Links to other websites
9- Information security
10- Data breach
10- Changes and amendments
10- Contacting us


About us

The Website is owned and operated by Plutio LTD having a registered place of business at  4th Floor Silverstream House, Fitzroy Street, London, W1T 6EB, the United Kingdom.
We act in the capacity of a data controller and data processor with regard to the personal data processed through the Website in terms of the applicable data protection laws, including the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which your personal data is handled by us, as explained in detail below:

  • Data controller
    We are responsible for the collection and use of your personal data through the Website and we make decisions about the types of personal data that should be collected from you and purposes for which such personal data should be used. Therefore, we act as a data controller with regard to the personal data collected directly through the Website (e.g., when you conclude a service contract with us or communicate with us). We comply with the data controller’s obligations set forth in the applicable laws.
  • Data processor
    We act in the capacity of a data processor in situations when you upload digital files (e.g., images, videos, and PDF files) or generate other data through the Website (the “Content”) and that Content contains personal data. We do not own, control, intentionally access, or make decisions about the Content. We process the Content only in accordance with the instructions issued by a respective data controller. To ensure that the Content is processed in accordance with the strictest data protection standards, we offer a data processing agreement that is available for consultation here. (the “DPA”). To conclude the DPA, please download it, add the required information, sign it, and return a copy of the signed DPA to us at legal@plutio.com.

Automatic collection of information

When you visit the Website our servers automatically record information that your browser sends. This data may include information such as your device's IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding Website usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system. In most cases, such information is not considered to be personal data (except for your IP address). The legal basis on which we rely when processing your IP address is ‘pursuing our legitimate business interests’ (i.e., to operate, analyse and protect our Website). We store such data as long as it is necessary for analysing and protecting our Website but no longer than 1 year.


Collection of personal data

When you use the Website, we collect only a minimal amount of personal data that is used for limited, specified and legitimate purposes explicitly mentioned in this Policy. We do not use your personal data for other purposes that are different from the purposes for which it was provided. Below, you can find an overview of the types of personal data that we collect, the instances in which we do so, the purposes for which we use it, and the legal basis on which we rely when processing your personal data. 
Personal data collected directly from you:

  • User account. When you create your user account or request a free trial, we collect your (i) first name, (ii) last name, (iii) workspace name, (iv) workspace domain, (v) email address, and (vi) password. When you update your user account, we collect information about your work and your (i) image, (ii) date of birth, (iii) biography, (iv) other email address(es), (v) phone number, (vi) address(es), (vii) company name, (viii) links, (ix) tax numbers, (x) logos, (xi) email information (e.g., email address and sender name), and other information that you decide to provide about yourself or your business.  We use such data to (i) register and maintain your user account, (ii) enable your access to the Services, (iii) provide you with the requested services, (iv) customise our services for your needs, (v) contact you, if necessary, (vi) send you commercial communication, and (vii) maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our legitimate business interests’ (i.e., analyse, grow, and administer the Website). We will store your personal data until your user account is deleted or terminated.
  • Billing. When you make a payment, you will be asked to provide (i) cardholder name (ii) credit card details (number, expiration date, CVC), and (iii) billing address. We use such data to (i) process your payments, (ii) issue invoices, and (iii) maintain our business records. Please note that your payment data is processed by our third-party payment processor Stripe and, therefore, we do not store your credit card details. Stripe makes available to us only a part of your payment data. The legal bases on which we rely are ‘performing a contract with you’ and  ‘pursuing our legitimate business interests’ (i.e., to administer our business and comply with our legal obligations). We will store your personal data for the time period required by the applicable law (in the UK, we are required to store accounting records for 6 years).
  • Booking a demo. When you book a demo, we collect your (i) name, (ii) email address, and (iii) any other information that you decide to provide us. We use such data to (i) schedule your demo, (ii) contact you, if necessary, and (iii) analyse and improve the Services. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data). We store your personal data until we deliver your demo; if you decide to start using the Services, we will use your personal data to register your user account.
  • Email enquiries. When you contact us, we collect your (i) name, (ii) email address, and (iii) any information that you decide to include in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).
  • Live chat. When you use the live chat functionality, we collect any information that you decide to provide us. We use such data to respond to your enquiries and provide you with the requested information. The legal basis on which we rely is ‘your consent’.
  • IP address. When you browse the Website, we or our third-party analytics service providers (as explained in below) collect your IP address. We use your IP address to analyse the technical aspects of your use of the Website, prevent fraud and abuse, and ensure the security of the Website. The legal basis on which we rely is ‘pursuing our legitimate business interests’ (i.e., to analyse and protect the Website). We store your IP address for no longer than 1 year.
  • Cookies. When you browse the Website, we collect your cookie-related data. For more information about our cookies and the purposes for which we use them, please refer to our Cookie Policy. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to protect and conduct our business) and ‘your consent’ (for non-essential cookies).

Processing of personal data included in the Content

When you upload the Content or generate the Content, we process all information that can be found in the Content, including any personal data the Content contains (for example, your clients’ names, contact details, and business information). We process the Content to (i) provide you with the requested services and (ii) perform our other contractual obligations. The legal basis on which we rely is ‘performing a contract with you’. We store such personal data until you stop using the Services.

Personal data obtained from third parties

We may receive information about you from third parties to whom you have previously provided your personal data, if those third parties have a lawful basis for disclosing your personal data to us. For example, if social media login is enabled, we will collect the personal data that your social media provider discloses to us (e.g., your name, email address, and photo). Please note that you can control what personal data is submitted to us by adjusting the privacy settings of your social media service provider. We will use such data as described in the section “User account” above. 

Sensitive data

We do not collect or have access to any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, genetics, biometrics, religious and political beliefs, racial origins, membership of a professional or trade association, sex life, or sexual orientation.    

Refusal to provide personal data

You can choose not to provide us with your personal data when requested, but then you may not be able to take advantage of some of the Website's features. Users who are uncertain about what information is mandatory are welcome to contact us.


Managing personal data

You are able to delete or change certain personal data that we have about you. The personal data you can delete may change as the Website or the Services change. When you delete personal data, however, we may maintain a copy of the unrevised personal data in our records if we have a legal basis for doing so. If you would like to delete your personal data or permanently delete your account, you can do so on the settings page of your account on the Website.


Storing personal data

We will retain and use your personal data for the period necessary to perform our contractual obligations to you, comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law. For more details on the retention periods applicable to each type of personal data, please refer to section “Collection of personal data” above. We may use any aggregated data derived from or incorporating your personal data after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, your personal data will be securely deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.

Information disclosure

1) Disclosure to data processors

From time to time, your personal data is disclosed to our service providers with whom we cooperate (our data processors). For example, we share your personal and non-personal data with entities that provide certain technical support services to us, such as database, analytics, and email distribution services. We do not sell your personal data to third parties. The disclosure is limited to the situations when your personal data is required for the following purposes:
• Ensuring the proper operation of the Website;
• Ensuring the delivery of  services that you purchase;
• Providing you with the requested information;
• Pursuing our legitimate business interests;
• Enforcing our rights, preventing fraud, and security purposes;
• Carrying out our contractual obligations; or 
• If you provide your prior consent to such a disclosure. 

2) List of our data processors

We use a limited number of data processors. Our data processors agree to ensure an adequate level of protection of your personal data that is consistent with this privacy policy and the applicable data protection laws. The data processors that have access to your personal data are: 

  • Our database service provider MongoDB (https://www.mongodb.com) located in the United States;
  • Our newsletter, marketing, and analytics service provider User.com (https://user.com/en/) located in Poland;
  • Our payment processing service providers Stripe (https://stripe.com) and Square (https://squareup.com/) located in the United States;
  • Appointment scheduling service provider Calendly (https://calendly.com) located in the United States; and
  • Our independent contractors and consultants. 

3) Disclosure of non-personal data

Your non-personal data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving the Services, responding to lawful requests from public authorities or developing new products and services. 

4) Legal requests

If we are contacted by a public authority, we may need to disclose information about you to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

5) Successors

In case the Website is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Policy. We will notify you of any changes of the data controller. 

6) Selling personal data

We do not directly sell your personal data to third parties. However, some of your personal data, including online identifiers (e.g., cookie-generated data and IP addresses) may be used for advertising, marketing, and monetisation purposes (e.g., programmatic advertising, retargeting, third-party marketing, profiling, or cross-device tracking).

7) International transfers

Some of our data processors listed above are located outside the country in which you reside. For example, if you reside in the UK or the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the UK or EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data or we conclude a data processing agreement with the respective third party that ensures such protection. We will not transfer your personal data internationally if no appropriate level of protection can be granted.

The rights of users

You may exercise certain rights regarding your personal data processed by us. In particular, you have the right to do the following: 

  1. you have the right to withdraw consent where you have previously given your consent to the processing of your personal data;
  2. you have the right to object to the processing of your personal data if the processing is carried out on a legal basis other than consent;
  3. you have the right to learn if your personal data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the personal data undergoing processing;
  4. you have the right to verify the accuracy of your personal data and ask for it to be updated or corrected;
  5. you have the right, under certain circumstances, to restrict the processing of your personal data;
  6. you have the right, under certain circumstances, to obtain the erasure of your personal data from us;
  7. you have the right to receive your personal data processed by us in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance;
  8. You have the right to submit your complaint regarding our processing of your personal data.


How to exercise users’ rights

Any requests to exercise User rights can be directed to us through the contact details provided at the end of this Policy. These requests can be exercised free of charge and will be addressed by us as early as possible but no later than 30 days. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to correctly identify you in our system.
If we receive a request from a data subject asking to exercise the data subject’s rights with regard to the Content, we will forward such a request to the respective data controller (our client).



If you would like to launch a complaint about the way in which we process your personal data, we kindly ask you to contact us first and express your concerns. If we receive your complaint, we will investigate it and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.



We do not discriminate against you if you decide to exercise your rights. It means that we do not (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with lower quality Services.


Billing and payments

We use third-party payment processors Stripe and Square to assist us in processing your payment information securely. Such third-party processors' use of your personal data is governed by their respective privacy policies which may or may not contain privacy protections as protective as this Policy. We suggest that you review their respective privacy policies that can be found at https://stripe.com/en-be/privacy-center/legal and https://squareup.com/us/en/legal/general/privacy-no-account.


Privacy of children

We do not knowingly collect any personal data from children under the age of 16. If you are under the age of 16, please do not submit any personal data through our Website or Services. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide personal data through our Website or Services without their permission.
If you have reason to believe that a child under the age of 16 has provided personal data to us through our Website or Services, please contact us.


Newsletters and service notices

If we have your email address, we may, from time to time, send you a newsletter to keep you updated about the latest developments related to the Services, promotions, and special offers. You will receive our newsletters in the following instances:

  • If we receive your express (“opt-in”) consent to receive marketing messages;
  • If you voluntarily subscribe to our newsletter; or
  • If we decide to send you information closely related to the services already purchased by you.

You can opt-out from receiving our commercial communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters or by contacting us directly (our contact details are available in the section “Contacting us” below).
If necessary, we will send you important informational notices, such as confirmation receipts, payment information, technical or administrative emails, and other administrative updates. Please note that such notices are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.


Cookies and targeted advertising

The Website uses "cookies" to help personalize your online experience. For more information on our use of cookies, please read our Cookie Policy.
In addition to using cookies and related technologies as described above, we also may permit certain third-party companies to help us tailor advertising that we think may be of interest to users and to collect and use other data about user activities on the Website. These companies may deliver ads that might also place cookies and otherwise track user behavior. You can control how such advertising is shown to you or opt-out from targeted advertising by managing your cookies as described in our Cookie Policy and consulting the guide powered by the Digital Advertising Alliance available at https://youradchoices.com. For more information on opting-out from advertising features on your device, please visit https://www.networkadvertising.org .


Do Not Track signals

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personal data from consumers who use or visit a website or online service as they move across different websites over time. Our Website does not track its visitors over time and across third-party websites. However, some third party sites may keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.


Links to other websites

Our Website contains links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every website that may collect personal data.


Information security

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorised access, use, modification, and disclosure of personal data in our control and custody. We implement the following security measures: secured networks; use of virtual private networks (VPN); encryption; SSL protocol; secured calls; strong passwords; limited access to your personal data by our staff; anonymisation of personal data (when possible); and carefully selected data processors.
However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your personal data, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.


Data breach

In the event we become aware that the security of the Website has been compromised or users personal data has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website and send you an email.


Changes and amendments

We may update this Policy from time to time in our discretion and will notify you of any material changes to the way in which we treat personal data. When changes are made, we will revise the updated date at the top of this page. We may also provide notice to you in other ways at our discretion, such as through contact information you have provided. Any updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Website or Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your personal data in a manner materially different than what was stated at the time your personal data was collected.


Contacting us

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your personal data, you may use the following contact details:
Email address: legal@plutio.com
Postal address: Plutio  LTD, 4th Floor Silverstream House, Fitzroy Street, London, W1T 6EB, United Kingdom