P
Plumb
Request early access

Privacy Policy

Last updated · April 23, 2026

This policy explains what data Plumb collects, why, and how we handle it. Plumb is operated by Paper Birch Labs (“we”, “us”). If anything here is unclear, email hello@plumbplanning.comand we'll explain.

What we collect

  • Account data: your Google account email, name, and profile image, obtained when you sign in with Google.
  • Workspace content: projects, clients, quotes, tasks, materials, payments, notes, and attachments you add to Plumb.
  • Integration data: if you connect Google Calendar, Xero, or Melio, the tokens and the specific records those integrations require to work (calendar events you create, invoice metadata, bill metadata).
  • Operational data: server logs with IP address, request paths, and error traces, retained for up to 30 days to debug and secure the Service.

What we don't collect

  • We don't run third-party advertising or behavioral trackers.
  • We don't sell or rent your data to anyone.
  • We don't read your Xero invoices or Melio bills beyond what's required to display read-only status next to a project.

How we use it

We use the data above to:

  • Run the Service and show you your own data.
  • Sync to your connected calendar/accounting providers when you ask us to.
  • Contact you about your account (billing, major changes, security).
  • Improve reliability and fix bugs.

Sharing

We share data only with the infrastructure providers needed to run the Service: our hosting platform and our database host. These vendors process data on our behalf under standard data processing agreements and are not permitted to use it for any other purpose.

We will disclose data if legally required (subpoena, court order) and will attempt to notify you first unless prohibited by law.

Retention and deletion

We keep your workspace data for as long as your account is active. If you delete your account, we delete your workspace content within 30 days. Backups are overwritten on a rolling 35-day cycle.

You can export your data, delete specific records, or request full deletion at any time by emailing us.

Integrations and revocation

You can disconnect Google Calendar, Xero, or Melio from Plumb at any time. When you do, we delete the stored OAuth tokens for that provider within 24 hours and stop reading from it. Revoking access on the provider's side also works — we'll detect the revocation on the next sync attempt and clear the tokens.

Security

We use industry-standard encryption in transit (TLS) and at rest. Access to production systems is limited to a small number of engineers and logged. If we become aware of a security incident that affects your data, we'll notify you within 72 hours with what we know and what we're doing about it.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data. Email us and we'll help you exercise them. We don't charge a fee for reasonable requests.

Children

Plumb isn't intended for anyone under 18. We don't knowingly collect data from children.

Changes

If we make a material change to this policy, we'll email the address on file and update the date above.

Contact

Questions, requests, or concerns? Email hello@plumbplanning.com.