Privacy Policy

Last Updated: 2024.08.27

General rules and definitions

TP-Link Systems Inc., located at 10 Mauchly, Irvine, CA 92618, (collectively, “TP-Link” “we” “us” or “our”) takes your privacy seriously. We abide by applicable privacy laws and regulations to protect your personal data. Accordingly, we developed this privacy policy ("Policy”) in order for you to understand what types of personal data we collected, how we use it, for what reason do we need to process your personal data, who we share it with, when and how we delete it, what rights do you have concerning your personal data and what measures we take to protect it.

TP-Link provides:

(1) software that may be downloaded to your smartphone or tablet to access services (“Mobile Apps” such as Omada, Festa, VIGI etc.), 

(2) services, including technical support and services accessible through the Site(s) (“Support”),

(3) subscription services, including services that can be accessed using the Support and Mobile Apps (“Subscription Services”). The term “Services” means the Sites, Support, Mobile Apps, and Subscription Services, which may be used in conjunction with hardware products provided by TP-Link affiliates and in other ways provided by TP-Link. Some Services of TP-Link can be used together or in ways that integrate with products and services from third parties.

The Sites mentioned in (2) do not include pages linked from the Websites which are operated by local partners, such as https://www.tp-link.com/de. Supplemental data protection information is available where our partners (including affiliates) operate or provide TP-Link branded web pages or products. 

You accept and consent to the practices and policies outlined in this Privacy Policy. This Privacy Policy incorporates herein the Terms of Use; both statements should be read in conjunction with each other. This Privacy Policy may change from time to time. Your continued engagement with our Services after such revisions indicates that you accept and consent to them, so please check the Privacy Policy periodically for updates. Your use of the Products is governed by the applicable privacy policy made available to you when you download or access such Products, including on any page where you log in to a cloud account which may be linked from the Websites. For further information regarding our partners’ data protection practices in a specific country and/or region, please refer to the privacy policy tailored for that specific country and/or region via https://www.tp-link.com/en/choose-your-location/. You may consult the respective privacy policy for your country/region of residence or check the policy posted on the page you are viewing to read the data protection practices that apply.

 

1. Changes to our privacy noticed

This Policy may change at any time as we improve and change our Services. We may notify you by placing a prominent notice on our Services. You should check the Services frequently for updates. If you do not agree with the terms of the updated Policy, you must stop using the Services.

2. Sources and categories of personal data we collect

We collect personal data to the minimum scope which is necessary for the provision of our Services. The personal data we collect may be freely provided by you, received from third parties under your authorization, or, in case of usage data, collected automatically when using our Services.

As a Service for network(such as WLAN/LAN) management, Omada generally processes device configuration data and network traffic data locally. Omada aims at providing stable and secure connections for users.  Customer users' data will not be collected and transmitted to Omada except few specific scenarios. Besides, when you use Cloud-Based-Controller, we collect or process these data on AWS Cloud.

2.1 Personal Data You Knowingly Provide to Us

When you register or update your TP-Link account(TP-Link ID), we collect or process your account data(email, user nickname, user country code, user mobile phone identifier, etc.) to send you e-mail for authentication purpose (activating account, password reset etc.).

When you use TP-Link Dynamic DNS for stable remote control with TP-Link account(TP-Link ID), we collect or process your tplinkdns domain information(domain name, register date etc.).

When you use device binding, Omada collects or processes your TP-Link ID, device identifier, usage status, site location and credentials to establish convenient device management relation. 

When you use traffic monitoring, Omada collects or processes client network data, client hostname, client portal data.

When you use event logging, Omada collects or processes functions usage log data, such as account log in, device upgrade, wireless network created etc.

When you use Twilio SMS portal service, we collect Twilio account, mobile phone number and SMS content;

2.2 Personal Data We Receive from Third Parties

When you use Mapbox, we use Mapbox token for connection authentication. You can konw details in 5.2 Service Providers and Other Third-Parties.

Some third-party services(Twilio Stripe, etc.) that you choose to integrate with may transmit personal data into your account with us. You authorize that such “Third Party Information” is covered under this Policy and we may use it just as we use your personal data. This information may include but is not limited to, for example, account credentials, names, avatars, profile information, configuration information, images, and linked users (e.g., friends).

2.3 Personal Data We Collect Automatically

When you enable WiFi 6G band in an Access Point, the Omada Application has to collect the accurate location of mobile client every 24h to be compliant with FCC Automated Frequency Coordination requirements. You can read Public Notice Paragraph TOC.dot (fcc.gov) , 6 GHz AFC Resources | Wi-Fi Alliancefor more details.

When you set a LTE internet connection with a USB device, Omada collect or process username and password after you fill in.

When you use SIM Card to set a mail server, Omada collect or process phone number and messages to display them on the front-end.

When you set a VOIP connection, Omada collect or process VOIP settings(such as provider profile, call blocking profile etc.), Contacts data(Name, phone number)

When you run speedtest from APP in the device, related SDK in the device will report IP and network speed data to their server based on your consent.

For models with embedded IPOQUE DPI SDK: 

When you enable IPOQUE DPI on a gateway, Omada collects or processes collect or process mobile clients' application category data locally inside the gateway and application flow traffic data( MAC address, client IP, application type, client name, application id, up and down traffic) from clients, you can analyze the statistics based on clients' clear consent.

When you join our User Experience Improvement Program(UEIP), we collect and process your general information of the mobile phone, including IMEI number (MEID number), system version number, SDK version number, system information, etc. and the usage status of the product functions based on your consent. If you wish to withdraw your consent, please go to 7. Your Choices. You can also disable the function in “Settings-About-User Experience Improvement Program”, disabling the function means you opt out of the program.

Access

Purposes

Local Network (iOS only)

Local device administration

Notifications

Receiving system notifications

Account Deletion

TP-Link ID deletion and related information

Location

Obtaining SSID information when you onboard an Omada device

Compliant with FCC AFC requirements

Camera

Photo taking for TP-Link Account custom avatar function

Device binding with QR Code Scan

Photos

TP-Link Account custom avatar function

Support center feedback

 

3. How we share personal data

We may share your personal information internally and externally with suppliers, advisors, or partners for our legitimate business purposes, and only on a need-to-know basis. When sharing personal information, we implement appropriate checks and controls to confirm that the information can be shared in accordance with applicable laws. Here’s more detail about who we may share your information with and in what kinds of situations:

(1) With Our Authorized Partners: We may share your information with our authorized partners, including affiliates. We share information with our authorized partners to:

  • promote safety, security, and integrity and comply with applicable laws;
  • develop and provide features and integrations;
  • provide customer service and technical support; 
  • understand how customers use and interact with our Services.

(2) Service Providers: To assist in our business operations and better provide our Services (e.g., for software maintenance services, advertising technologies, e-mail services, delivery services, database management services, web analytics, and other services), we may share your information with service providers.

(3) Other Entities with Your Consent: You may choose to integrate certain third-party services with our Services. By doing so, you authorize us to transmit your personal information to third parties when you choose to integrate their services with our Services. Information collected by such third-party services is subject to their own terms and policies, all of which you should carefully and diligently review.

The Services may include links to third-party websites whose privacy practices may differ from ours. Your usage of any such websites is governed by the privacy policies of those websites and not this Privacy Policy. You should carefully review the privacy policy of any website you visit. We will consider your decision to use those third-party products and services with the Products or our Services to be a representation to us that you have consented to the third parties' terms and practices.

We have engaged:

  • Measurement LAB(M-LAB), the related APIs will report IP and network speed data to their server based on your consent. If you wish to withdraw your consent, please go to 7. Your Choices. We suggest you check the privacy policy of M-Lab (measurementlab.net)
  • Mapbox, the related APIs will report accurate location to display devices based on your consent. If you wish to withdraw your consent, please go to 7. Your Choices. We suggest you check the privacy policy of Mapbox.

  • AWS is our cloud storage and computing service provider. We suggest you check the privacy policy of AWS.

  • Stripe, third-party payment channels to provide web payment services for platform users. We provide your email address, nationality and address with such third parties. We suggest you check the privacy policy of Stripe.

  • Twilio, SMS portal authentication service provider. We Suggest you check the privacy policy of Twilio.

We will not provide your personal data to the third party without your clear consent unless such provision approved by relevant laws.

(4) Marketing and Advertising: We may provide user information to our third-party marketing service providers for our promotional and/or marketing practices. We may also disclose information that does not directly identify you to advertising and analytics providers to serve personalized ads for the Services and to better understand your use of the Services.

(5) Change of Control: We may be required to share your information as part of a merger, acquisition, asset sale, asset purchase, financing, bankruptcy, or other change of control.

(6) Responding to Legal Requests: We may share information where we have a good faith belief that such disclosure is necessary to (a) comply with an applicable law or legal process or (b) respond to actual or potential complaints or legal claims, like search warrants, court orders, production orders, or subpoenas. These requests come from third parties such as civil litigants, law enforcement, and other government authorities. Or (c) where otherwise necessary to protect our rights, interests, and/or property (including, without limitation, to enforce our agreements), or the rights, interests, and/or property of our agents, independent contractors, customers, and others.

4. Security of personal data

When you browse community or other websites, you may need to register a TP-Link ID to get all features.

We have implemented measures, including encryption and TLS technology, designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure. In addition, we restrict the number of staff in charge with access to your personal data to the minimum level and frequently conduct training and education so that they comply with the confidentiality obligations with respect to your personal data.

Your account’s privacy and security are protected by your password. In order to prevent unauthorized access to your account and personal data, you should select a strong password and protect it by limiting access to your computer, device, browser, or application and by signing off after you have finished accessing your account. If you use a third-party service to sign into your account, you should protect that account accordingly as well.

While we strive to always protect the privacy of your account and personal data in our records, we cannot always guarantee it will be completely secure. The security of your personal data may be compromised by unauthorized entry, unauthorized use, hardware failure, software failure, and other factors at any time.

Here are some best practices to protect your TP-Link ID account:

  • Use complex passwords (a mixture of upper and lower letters, numbers, and symbols) when signing up.
  • Use a unique password different from other website accounts to avoid being involved in their accidental data breaches.
  • Change your passwords regularly.
  • Use 2 Factor Authentication (2FA) if possible.

5. How we store and process your personal data

Your personal data will be transferred or transmitted to, or stored and processed in the following circumstances in accordance with the purposes stated within this Privacy Policy:

  • Places we have infrastructure or data centers, including the United States, Ireland, and Singapore, among other countries where our Services are available. Typically, the primary storage region is the region that is closest to the customer’s region, often with backups to data centers in another region. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem.
  • Other countries where our partners, vendors, service providers and third parties are located outside of the country where you live, for purposes as described in this Privacy Policy.

These countries may have different privacy standards that differ from those where you are. Please note that data processed in another country may be subject to different laws and may be accessible to government, judicial, law enforcement, and regulatory agencies in those countries. However, we will take measures to protect your personal data if it is transferred to these countries.

6. Retention of your personal data

We retain personal data for different periods of time depending on the purposes for which we collect and use it, as described in this Privacy Policy. We will delete or de-identify personal data when it is no longer needed to fulfill these purposes unless a longer retention period is required to comply with applicable laws. There may be technical or other operational reasons where we are unable to fully delete or de-identify your personal data. Where this is the case, we will take reasonable measures to prevent further processing your personal data.

7. Your Choices

Depending on where you reside, you may have legal rights to request the following by contacting us as detailed in the “Contact Us” section:

  • Access to, or a copy of, your personal data
  • Confirmation that we are processing your personal data
  • Correction or amendment of your personal data
  • Deletion of your personal data
  • Transfer of your personal data to a third party
  • Restriction or objection to certain uses of your personal data

You can also opt out of our processing or sharing of your personal data for online targeted advertising purposes by following the instructions here

You also have other choices to manage your personal data. For example, you can:

  • Opt-out of our email marketing messages by clicking the “unsubscribe” link at the bottom of our emails.
  • You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.
  • Opt out of the use of data by Google Analytics in supporting browsers here.
  • Opt out of interest-based advertising by companies participating in the National Advertising Initiative and/or the Digital Advertising Alliance opt-out mechanisms here and here. Participating companies will place opt-out cookies on your browser to recognize your choice. Note that your choice may not be recognized if you block or clear cookies. If you use different computers or browsers, you may need to replicate your choices across those computers and browsers.

You may also send us an email to privacy@tp-link.com to request to exercise your rights described above regarding personal data. However, note that we cannot delete the email address used for administrative emails to you (e.g., emails about your transactions, policy changes, forgotten password, and confirmation emails) except by also deleting your user account. 

We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. Certain information may be exempt from such requests. For example, we may not accommodate a request to exercise certain rights if we believe doing so would violate any law or legal requirement or negatively impact the information's accuracy. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeal process.

8. Children's Privacy

Our websites are not directed to, or intended for, children as defined by local legal requirements, and we do not knowingly collect personal data from children. If you believe that we have any such data, please notify us immediately using the contact information provided in the “Contact Us” section and we will delete it as quickly as possible.

9. California Consumer Privacy Act

Click here to read additional disclosures required under the California Consumer Privacy Act.

10. Notice Concerning Do Not Track 

“Do Not Track” is a privacy preference that users can set in certain web browsers. We do not currently recognize or respond to browser-initiated Do Not Track signals. Learn more about Do Not Track

11. Updates To Our Privacy Policy

This Privacy Policy may change from time to time, and we may notify you by updating the Privacy Policy’s effective date above. If there are material changes, we will place a prominent notice on this website or provide notice through other means. We encourage all users to occasionally refer to this Privacy Policy so that they can remain aware of our current practices. If you do not agree with the terms of the updated Privacy Policy, you must stop using the Services. Your continued use of the Services after any Privacy Policy changes means that you agree to the updated Privacy Policy.

12. Contact Us

If you have any questions or need further assistance, please email us at privacy@tp-link.com 

TP-Link Systems Inc.

10 Mauchly, Irvine, CA 92618