CLUME
Pricing
Log in

Privacy policy

Last updated: November 2025

At Clume, your privacy and data security are at the heart of everything we do. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

1. About Clume

Clume is a secure vault service that allows users to store encrypted data using end-to-end encryption (E2EE). We never have access to your unencrypted data, vault contents, or passwords.

2. Information We Collect

We collect only the minimum amount of information necessary to provide our service.

  • Account information: When you sign up or sign in, we collect your Google account ID, name, and email address through Google Auth.
  • Billing information: Payments and subscriptions are handled securely by Stripe. We do not store your credit card details.
  • Usage metadata: We may collect anonymous, aggregated data such as app version, device type, and performance logs to improve service reliability.
  • Vault data: All your vault contents (files, passwords, or notes) are encrypted client-side using E2EE before they ever reach our servers. We cannot see, decrypt, or recover this information.

3. End-to-End Encryption (E2EE)

All vault data is encrypted locally on your device before being uploaded to our servers. The encryption keys are derived from your password and never leave your device. This means Clume, Firebase, or Google Cloud personnel cannot access or decrypt your vault data.

4. Smart Expiry

Clume allows users to set an expiry date for vaults, after which all data is permanently deleted from our system. This deletion is automatic and irreversible.

5. How We Use Your Data

  • To authenticate users and manage accounts (via Google Auth and Firebase).
  • To process payments and manage subscriptions (via Stripe).
  • To maintain and improve the platform’s performance and reliability.
  • To comply with applicable laws and regulations.

6. Data Storage and Security

All data is stored securely on Google Cloud through Firebase infrastructure. We use industry-standard encryption (AES-256, RSA) and access controls to protect all information in transit and at rest.

Your vault data is end-to-end encrypted — only you can decrypt it. If you lose your password or master key, we cannot recover your vault.

7. Data Retention and Deletion

We retain account and billing data as long as your account is active or required for legal obligations. Encrypted vault data is automatically deleted upon expiry, manual deletion, or account closure.

8. Third-Party Services

We rely on the following trusted providers:

  • Google Firebase & Cloud: for hosting, authentication, and storage.
  • Stripe: for secure payment processing.
  • Google Auth: for account login and identity verification.

Each provider complies with GDPR and other global privacy standards.

9. Cookies and Analytics

We use minimal cookies necessary for authentication and security. Clume does not use third-party tracking or advertising cookies.

10. User Responsibility

You are fully responsible for maintaining the confidentiality and security of your vault password and master key. Clume cannot recover lost encryption keys, vault contents, or funds associated with encrypted wallet information.

11. Legal Basis (GDPR)

Our processing of your data is based on your consent, contractual necessity, and our legitimate interest in providing and improving the service.

12. Your Rights

Depending on your location, you may have the right to access, correct, or delete your personal data. To make a request, please contact us through ourcontact form.

13. Children’s Privacy

Clume is not intended for children under 16. We do not knowingly collect personal information from minors.

14. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with a new “Last updated” date.

15. Contact Us

If you have any questions, concerns, or requests, you can contact us via this form