Tapo Privacy Policy
Last Updated on: Oct 18, 2024.
General rules and definitions
TP-Link Systems Inc. (collectively, “TP-Link” “we” “us” or “our”) takes your privacy seriously. We abide by applicable privacy laws and regulations to protect your personal data. Accordingly, we developed this privacy policy ("Policy”) in order for you to understand what types of personal data we collected, how we use it, for what reason do we need to process your personal data, who we share it with, when and how we delete it, what rights do you have concerning your personal data and what measures we take to protect it.
TP-Link provides:
(1) software that may be downloaded to your smartphone or tablet to access services (“Mobile Apps” such as Tether, Deco, Tapo etc.),
(2) services, including technical support and services accessible through the Site(s) (“Support”),
(3) subscription services, including services that can be accessed using the Support and Mobile Apps (“Subscription Services”, such as TapoCare/KasaCare). The term “Services” means the Sites, Support, Mobile Apps, and Subscription Services, which may be used in conjunction with hardware products provided by TP-Link affiliates and in other ways provided by TP-Link. Some Services of TP-Link can be used together or in ways that integrate with products and services from third parties.
The Sites mentioned in (2) do not include pages linked from the Websites which are operated by local partners, such as https://www.tp-link.com/us. Supplemental data protection information is available where our partners (including affiliates) operate or provide TP-Link branded web pages or products.
You accept and consent to the practices and policies outlined in this Privacy Policy. This Privacy Policy incorporates herein the Terms of Use; both statements should be read in conjunction with each other. This Privacy Policy may change from time to time. Your continued engagement with our Services after such revisions indicates that you accept and consent to them, so please check the Privacy Policy periodically for updates. Your use of the Products is governed by the applicable privacy policy made available to you when you download or access such Products, including on any page where you log in to a cloud account which may be linked from the Websites. For further information regarding our partners’ data protection practices in a specific country and/or region, please refer to the privacy policy tailored for that specific country and/or region via https://www.tp-link.com/en/choose-your-location/. You may consult the respective privacy policy for your country/region of residence or check the policy posted on the page you are viewing to read the data protection practices that apply.
1. Changes to our privacy noticed
This Policy may change at any time as we improve and change our Services. We may notify you by placing a prominent notice on our Services . You should check the Services frequently for updates. If you do not agree with the terms of the updated Policy, you must stop using the Services.
2. Sources and categories of personal data we collect
We collect personal data to the minimum scope which is necessary for the provision of our Services. The personal data we collect may be freely provided by you, received from third parties under your authorization, or, in case of usage data, collected automatically when using our Services.
2.1 Personal Data You Knowingly Provide to Us
When you register or update your TP-Link account(TP-Link ID), we collect or process your email, location, user avatar, user nickname, user country code, user mobile phone identifier, etc.
When you enable device binding, we collect or process your TP-Link ID, device identifier and credentials, user personalized settings (such as device avatar, device family management, etc.).
When you enable Geofencing Smart Action, we collect or process your precise location(longitude and latitude), map position settings.
When you subscribe KasaCare/TapoCare through the website, we collect or process your user name, user address (including zip code), order data (including third-party platform transaction ID, third-party platform subscription ID, third-party purchase certificate, etc.), billing data (including purchase amount, commodity information, etc.). We only collect or process order data (including third-party platform transaction ID, third-party platform subscription ID, third-party purchase certificate, etc.), billing data (including purchase amount, commodity information, etc.) if your Kasa/Tapo is subscribed through in-app purchase.
When you activate KasaCare/TapoCare on a camera, we collect or process your video clips and upload them to the Cloud storage service on AWS.
When you enable Face Recognition in some HomeBase device (such as Tapo H500) and add a face image in the list. We collect or process facial data locally in the device. By adding a facial image recognized from the video records from related cameras directly or setting a clear facial photo for some person, the HomeBase device can process the orginial facial data and get its facial characteristic values and compare the values with those of previously provided facial data, as a result, Homebase can identify whether the person is a Familiar or a Stranger and track there activities with the help of connected cameras. In addition, Up to 50 Familiars and 50 Strangers can be previously provided. The facial data of strangers will be automatically deleted in 90 days. Once you want to disable it, you can easily click "Disable Facial Recognition" in the Facial Recognition page of HomeBase device.
When you enable Matter Device Remote Control, we collect or process your devices info (such as MAC/VendorName/IP, etc.) to TP-Link Cloud Service for device management remotely out of home.
2.2 Personal Data We Receive from Third Parties
Some third-party services(Alexa,Google Assistant, etc.) that you choose to integrate with may transmit personal data into your account with us. You authorize that such “Third Party Information” is covered under this Policy and we may use it just as we use your personal data. This information may include but is not limited to, for example, account credentials, names, avatars, profile information, configuration information, images, and linked users (e.g., friends).
You may also voluntarily provide your personal data to us via third-party service providers that help us operate our Services.
2.3 Personal Data We Collect Automatically
When you report abnormal problems through the feedback function for the purpose of customer support, we collect your email address, user country code, user collection data (including mobile platform, platform version, etc.), Tether device data (including device name, device logs, etc.).
For the purpose of marketing push, we based on your consent collect your associated device, App activity data, App function usage, device usage behavior data, etc. If you wish to withdraw your consent or object to the personalization of adverts and content, please go to 7. Your Choices.
When you join our User Experience Improvement Program, we collect and process your general information of the mobile phone, including IMEI number (MEID number), system version number, SDK version number, system information, etc. and the usage status of the product functions based on your consent. If you wish to withdraw your consent, please go to 7. Your Choices. You can also disable the function in “Settings-About-User Experience Improvement Program”, disabling the function means you opt out of the program.
In addition, we may also request related access permissions for the execution of related functions and services in the case where you use our Services, especially where you install and launch our Services.
Access |
Purposes |
Local Network (iOS only) |
Local device administration |
Notifications (iOS only) |
Receiving iOS system notifications |
Account Deletion |
TP-Link Account deletion and related information |
Data Collection and Utilization |
User experience improvement |
Location |
Only when you set Sunrise, Sunset function |
Storage |
Local storage Tapo Cam screenshots or videos |
Microphone |
Live voice call between Camera and App |
Camera |
Photo taking for TP-Link Account custom avatar function |
Photos |
TP-Link Account custom avatar function |
Bluetooth |
Some models Onboarding |
3. How we share personal data
We may share your personal information internally and externally with suppliers, advisors, or partners for our legitimate business purposes, and only on a need-to-know basis. When sharing personal information, we implement appropriate checks and controls to confirm that the information can be shared in accordance with applicable laws. Here’s more detail about who we may share your information with and in what kinds of situations:
(1) With Our Authorized Partners: We may share your information with our authorized partners, including affiliates. We share information with our authorized partners to:
- promote safety, security, and integrity and comply with applicable laws;
- develop and provide features and integrations;
- provide customer service and technical support;
- understand how customers use and interact with our Services.
(2) Service Providers: To assist in our business operations and better provide our Services (e.g., for software maintenance services, advertising technologies, e-mail services, delivery services, database management services, web analytics, and other services), we may share your information with service providers.
(3) Other Entities with Your Consent: You may choose to integrate certain third-party services with our Services. By doing so, you authorize us to transmit your personal information to third parties when you choose to integrate their services with our Services. Information collected by such third-party services is subject to their own terms and policies, all of which you should carefully and diligently review.
The Services may include links to third-party websites whose privacy practices may differ from ours. Your usage of any such websites is governed by the privacy policies of those websites and not this Privacy Policy. You should carefully review the privacy policy of any website you visit. We will consider your decision to use those third-party products and services with the Products or our Services to be a representation to us that you have consented to the third parties' terms and practices.
We have engaged:
- Google Assistant and Alexa, virtual assistant technology service providers, to provide device discovery, device management, device control, and live view services for platform users. We provide account credentials, device list, device alias, and the camera's live broadcast data which can be viewed via third-party players with such third parties based on your consent. If you wish to withdraw your consent, please go to Section 7. Your Choices. We suggest you check the privacy policy of Google Assistant and Alexa.
- Google Play and App Store, application distribution platforms and payment channels, to provide payment services and distribute applications to platform users.
- AWS as our cloud storage and computing service provider. We suggest you check the privacy policy of AWS.
- Stripe and PayPal, third-party payment channels to provide web payment services for platform users. We provide your email address, nationality and address with such third parties. We suggest you check the privacy policy of Stripe, PayPal.
-
OhmConnect, energy saving project platform, for the energy consumption statistics. We provide account credentials, device list, device status, device alias and device usage power data with OhmConnect.
We will not provide your personal data to the third party without your clear consent unless such provision approved by relevant laws.
(4) Marketing and Advertising: We may provide user information to our third-party marketing service providers for our promotional and/or marketing practices. We may also disclose information that does not directly identify you to advertising and analytics providers to serve personalized ads for the Services and to better understand your use of the Services.
(5) Change of Control: We may be required to share your information as part of a merger, acquisition, asset sale, asset purchase, financing, bankruptcy, or other change of control.
(6) Responding to Legal Requests: We may share information where we have a good faith belief that such disclosure is necessary to (a) comply with an applicable law or legal process or (b) respond to actual or potential complaints or legal claims, like search warrants, court orders, production orders, or subpoenas. These requests come from third parties such as civil litigants, law enforcement, and other government authorities. Or (c) where otherwise necessary to protect our rights, interests, and/or property (including, without limitation, to enforce our agreements), or the rights, interests, and/or property of our agents, independent contractors, customers, and others.
4. Security of personal data
When you browse community or other websites, you may need to register a TP-Link ID to get all features.
We have implemented measures, including encryption and TLS technology, designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure. In addition, we restrict the number of staff in charge with access to your personal data to the minimum level and frequently conduct training and education so that they comply with the confidentiality obligations with respect to your personal data.
Your account’s privacy and security are protected by your password. In order to prevent unauthorized access to your account and personal data, you should select a strong password and protect it by limiting access to your computer, device, browser, or application and by signing off after you have finished accessing your account. If you use a third-party service to sign into your account, you should protect that account accordingly as well.
While we strive to always protect the privacy of your account and personal data in our records, we cannot always guarantee it will be completely secure. The security of your personal data may be compromised by unauthorized entry, unauthorized use, hardware failure, software failure, and other factors at any time.
Here are some best practices to protect your TP-Link ID account:
- Use complex passwords (a mixture of upper and lower letters, numbers, and symbols) when signing up.
- Use a unique password different from other website accounts to avoid being involved in their accidental data breaches.
- Change your passwords regularly.
- Use 2 Factor Authentication (2FA) if possible.
5. How we store and process your personal data
Your personal data will be transferred or transmitted to, or stored and processed in the following circumstances in accordance with the purposes stated within this Privacy Policy:
- Places we have infrastructure or data centers, including the United States, Ireland, and Singapore, among other countries where our Services are available. Typically, the primary storage region is the region that is closest to the customer’s region, often with backups to data centers in another region. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem.
- Other countries where our partners, vendors, service providers and third parties are located outside of the country where you live, for purposes as described in this Privacy Policy.
These countries may have different privacy standards that differ from those where you are. Please note that data processed in another country may be subject to different laws and may be accessible to government, judicial, law enforcement, and regulatory agencies in those countries. However, we will take measures to protect your personal data if it is transferred to these countries.
6. Retention of your personal data
We retain personal data for different periods of time depending on the purposes for which we collect and use it, as described in this Privacy Policy. We will delete or de-identify personal data when it is no longer needed to fulfill these purposes unless a longer retention period is required to comply with applicable laws. There may be technical or other operational reasons where we are unable to fully delete or de-identify your personal data. Where this is the case, we will take reasonable measures to prevent further processing your personal data.
7. Your Choices
Depending on where you reside, you may have legal rights to request the following by contacting us as detailed in the “Contact Us” section:
- Access to, or a copy of, your personal data
- Confirmation that we are processing your personal data
- Correction or amendment of your personal data
- Deletion of your personal data
- Transfer of your personal data to a third party
- Restriction or objection to certain uses of your personal data
You can also opt out of our processing or sharing of your personal data for online targeted advertising purposes by following the instructions here.
You also have other choices to manage your personal data. For example, you can:
- Opt-out of our email marketing messages by clicking the “unsubscribe” link at the bottom of our emails.
- You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.
- Opt out of the use of data by Google Analytics in supporting browsers here.
- Opt out of interest-based advertising by companies participating in the National Advertising Initiative and/or the Digital Advertising Alliance opt-out mechanisms here and here. Participating companies will place opt-out cookies on your browser to recognize your choice. Note that your choice may not be recognized if you block or clear cookies. If you use different computers or browsers, you may need to replicate your choices across those computers and browsers.
You may also send us an email to privacy@tp-link.com to request to exercise your rights described above regarding personal data. However, note that we cannot delete the email address used for administrative emails to you (e.g., emails about your transactions, policy changes, forgotten password, and confirmation emails) except by also deleting your user account.
We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. Certain information may be exempt from such requests. For example, we may not accommodate a request to exercise certain rights if we believe doing so would violate any law or legal requirement or negatively impact the information's accuracy. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeal process.
8. Children's Privacy
Our websites are not directed to, or intended for, children as defined by local legal requirements, and we do not knowingly collect personal data from children. If you believe that we have any such data, please notify us immediately using the contact information provided in the “Contact Us” section and we will delete it as quickly as possible.
9. California Consumer Privacy Act
Click here to read additional disclosures required under the California Consumer Privacy Act.
10. Notice Concerning Do Not Track
“Do Not Track” is a privacy preference that users can set in certain web browsers. We do not currently recognize or respond to browser-initiated Do Not Track signals. Learn more about Do Not Track.
11. Updates To Our Privacy Policy
This Privacy Policy may change from time to time, and we may notify you by updating the Privacy Policy’s effective date above. If there are material changes, we will place a prominent notice on this website or provide notice through other means. We encourage all users to occasionally refer to this Privacy Policy so that they can remain aware of our current practices. If you do not agree with the terms of the updated Privacy Policy, you must stop using the Services. Your continued use of the Services after any Privacy Policy changes means that you agree to the updated Privacy Policy.
12. Contact Us
If you have any questions or need further assistance, please email us at privacy@tp-link.com
TP-Link Systems Inc.
10 Mauchly, Irvine, CA 92618