Privacy Policy for Kasa

Last Updated on: Mar 13, 2023.

 

TP-Link Corporation Limited (collectively, “TP-Link,” “we” “us,” or “our”) takes your privacy seriously. We abide by applicable privacy laws and regulations to protect your personal data. Accordingly, we developed this privacy policy ("Policy”) in order for you to understand what types of personal data we collected, how we use it, for what reason do we need to process your personal data, who we share it with, when and how we destroy it, what rights do you have concerning your personal data and what measures we take to protect it.

TP-Link Corporation Limited is the controller (i.e., we are responsible for, and control the processing of, your personal data) with regard to the data processing activities described herein. If you have any questions or concerns, please feel free to contact our Data Protection Officer at privacy@tp-link.com.

TP-Link provides:

(1) TP-Link hardware products (“Products”), (2) website(s) that may be accessed at https://www.tp-link.com and https://www.kasasmart.com  (“Site”), (3) services, including technical support and services accessible through the Site(s) (“Web Apps”), (4) software that may be downloaded to your smartphone or tablet to access services (“Mobile Apps” such as Kasa), and (5) subscription services, including services that can be accessed using the Web Apps and Mobile Apps (“Subscription Services”). The term “Services” means the Sites, Web Apps, Mobile Apps, and Subscription Services, which may be used in conjunction with Products and in other ways provided by TP-Link. Some Products and Services of TP-Link can be used together or in ways that integrate with products and services from third parties.

This Privacy Policy may change at any time and we may notify you by updating the Privacy Policy's effective date above. If there are material changes, we will place a prominent notice on this website. We encourage all users to occasionally refer to this Privacy Policy so that they can remain aware of our current practices. If you do not agree with the terms of the updated Privacy Policy, you must stop using the Products/Services. Your continued use of the Products/Service after any Privacy Policy changes means that you agree to the updated Privacy Policy.

1. CHANGES TO OUR PRIVACY POLICY

This Policy may change at any time as we improve and change our Products/Services. We may notify you by placing a prominent notice on our Products/Services. You should check the Products/Services frequently for updates. If you do not agree with the terms of the updated Policy, you must stop using the Products/Services.

2. SOURCES AND CATEGORIES OF PERSONAL DATA WE COLLECT

We collect personal data to the minimum scope which is necessary for the provision of our Products/Services. The personal data we collect may be freely provided by you, received from third parties under your authorization, or, in case of usage data, collected automatically when using our Products/Services.

2.1 Personal Data You Knowingly Provide to Us

When you register or update your Kasa account, we collect or process your TP-Link ID, location, user avatar, user nickname, user country code, user mobile phone identifier, etc.

When you enable device binding, we collect or process your TP-Link ID, device identifier and credentials, user personalized settings (such as device avatar, device family management, etc.).

When you enable Geofencing Smart Action, we collect or process your precise location(longitude and latitude), map position settings.

When you subscribe Kasacare through the website, we collect or process your user name, user address (including zip code), order data (including third-party platform transaction ID, third-party platform subscription ID, third-party purchase certificate, etc.), billing data (including purchase amount, commodity information, etc.). We only collect or process order data (including third-party platform transaction ID, third-party platform subscription ID, third-party purchase certificate, etc.), billing data (including purchase amount, commodity information, etc.) if your Kasa is subscribed through in-app purchase.

When you join our User Experience Improvement Program, we collect and process your general information of the mobile phone, including IMEI number (MEID number), system version number, SDK version number, system information, etc. and the usage status of the product functions based on your consent. If you wish to withdraw your consent, please go to Section 8 7) Right to withdraw your consent. You can also disable the function in “Settings-About-User Experience Program”, disabling the function means you opt out of the program.

Note: TP-Link is not responsible for the privacy practices it does not own or otherwise control. Applicable privacy laws in your country/region may impose certain obligations on you and your use of cameras or cloud storage products. You are solely responsible for ensuring that you comply with the regulation in your country/region. Depending on your country/region, you may be required to inform your guest, visitor, client, etc. that you are using a camera to record audio and video. You may need to consider their privacy rights before sharing the video or clip that involves others.

2.2 Personal Data We Receive from Third Parties

Some third-party services that you choose to integrate with may transmit personal data into your account with us. You authorize that such “Third Party Information” is covered under this Policy and we may use it just as we use your personal data. This information may include but is not limited to, for example, account credentials, names, avatars, profile information, configuration information, images, and linked users (e.g., friends).

You may also voluntarily provide your personal data to us via third-party service providers that help us operate our Services.

2.3 Personal Data We Collect Automatically

When using our Products/Services, we collect your usage data (such as user photo clicks, volume, video, voice, image quality switching, camera privacy mode, etc.), device name.

When you report abnormal problems through the feedback function of Kasa App for the purpose of customer support, we collect your TP-Link ID, user nickname, user email address, user country code, user collection data (including mobile platform, platform version, etc.), device data (including device name, device logs, etc.).

For the purpose of marketing push, we based on your consent collect your associated device, App activity data, App function usage, device usage behavior data, etc. If you wish to withdraw your consent or object to the personalization of adverts and content, please go to Section 8 7) Right to withdraw your consent.

In addition, we may also request related access permissions for the execution of related functions and services in the case where you use our Products/Services, especially where you install and launch our Products/Services.

3. HOW WE USE PERSONAL DATA

We process your personal data for specific purposes and process only the personal data relevant for achieving that purpose. Depending on our relationship with you and the Products/Services that we are providing, we use collected personal data for following purposes as assigned to the above description of the respective processing activity:

  1. for provision, management and administration of Products/Services
  2. for improvement and optimization of Products/Services and user experience
  3. for customer support
  4. for statistics and internal management
  5. for security risk management
  6. for compliance with legal obligations
  7. for marketing offers

 

4SHARING YOUR PERSONAL DATA

In order to provide you with more convenient and prompt services, we share your personal data with our partners and entrust other companies with such tasks. We share your personal data with third-party service providers provided these third parties assume confidentiality obligations regarding your personal data collected. We have concluded related data processing agreements as required in accordance with applicable data protection laws, with such third-party service providers.

4.1 Authorized Partners

We may share the information we collect about you with our authorized partners. We only share aggregated statistic data reflecting user subscription and functionality of our Products/Services.

4.2 Service Providers and Other Third-Parties

We have engaged:

  1. Google Assistant, Alexa, Smarthings, IFTTT, Brilliant, virtual assistant management technology service providers, to provide device discovery, device management, device control, and live view services for platform users. We provide account credentials, device list, device alias, and the camera's live broadcast data which can be viewed via third-party players with such third parties based on your consent. If you wish to withdraw your consent, please go to Section 8 7) Right to withdraw your consent. We suggest you check the privacy policy of Google AssistantAlexaSmart ThingsIFTTTBrilliant.
  2. Stripe, PayPal and Recurly, third-party payment channels to provide web payment services for platform users. We provide your email address, nationality and address with such third parties. We suggest you check the privacy policy of StripePayPal and Recurly.
  3. Google Play and App Store, application distribution platforms and payment channels, to provide payment services and distribute applications to platform users.
  4. Google Firebase, third-party SDK, for the purpose of App feedback function. We provide your TP-Link ID, user nickname, user email address, user country code, user collection data (including mobile platform, platform version, etc.), Kasa device data (including device name, device logs, etc.). We suggest you check the privacy policy of Firebase.
  5. AWS as our cloud storage and computing service provider. We suggest you check the privacy policy of AWS.
  6. OhmConnect,energy saving project platform, for the energy consumption statistics. We provide account credentials, device list, device status, device alias and device usage power data with OhmConnect based on your consent when you choose to use its service..
  7. Others. If we otherwise notify you and you consent to the sharing.

4.3 Change of Control

TP-Link may elect to buy or sell assets. When buying or selling assets, customer information may be one of the assets that is transferred. Personal and non-personal data may also be transferred or acquired by a third-party in the event that TP-Link is acquired, enters bankruptcy, or goes through some other change of control, as far as and to the extent permitted by applicable laws.

4.4 Legal and Law Enforcement

Please be advised that we may disclose information that you have provided us if we have a good faith belief that such disclosure is necessary to comply with the law or legal process served on us; or protect and defend the rights and property of TP-Link or others. In any event, we will disclose information only in accordance with applicable regulations.

5. SECURITY

We have implemented measures, including encryption and TLS technology, designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure. In addition, we restrict the number of staff in charge with access to your personal data to the minimum level and frequently conduct training s and educations so that they comply with the confidentiality obligations with respect to your personal data.

Your account’s privacy and security is protected by your password. In order to prevent unauthorized access to your account and personal data, you should select a strong password and protect it by limiting access to your computer, device, browser or application and by signing off after you have finished accessing your account. If you use a third-party service to sign into your account, you should protect that account accordingly as well.

While we strive to always protect the privacy of your account and personal data in our records, we cannot always guarantee it will be completely secure. The security of your personal data may be compromised by unauthorized entry, unauthorized use, hardware failure, software failure, and other factors at any time.

Here are some best practices to protect your TP-Link ID account:

1) Use complex passwords(A mixture of upper and lower letters, numbers, symbols) when signing up.

2) Use the unique password different with other website accounts to avoid involving in their accidental data breach.

3) Change your passwords regularly.

4) Use 2 Factor Authentication (2FA) if possible.

6. COOKIES AND SIMILAR TECHNOLOGIES

We and our third-party partners may use cookies, action tags, or similar technologies on your computer to provide the Services and help collect data. We use both session and persistent tracking technologies. Tracking technologies (e.g., cookies) can either be persistent (i.e., they remain on your computer until you delete them) or temporary (i.e., they last only until you close your browser). You may also encounter tracking technologies and cookies from third-parties, such as Google Analytics, Google Ads, and Facebook Pixel.

You may block or delete cookies and control data collection through your web browser settings. However, adjusting your browser preferences may impact your experience with the Products and Services. For more information about cookies and how to disable them, you can visit http://www.networkadvertising.org/choices/ and [www.allaboutcookies.org/manage-cookies/].

7. YOUR CHOICES

TP-Link gives you choices regarding your information. For example, you can:

Update your account information and settings at any time by accessing your Mobile Apps, Subscription Services, or Web Apps

Control how and when you want to receive notifications from us in mobile App

Opt-out of our email service by clicking the "unsubscribe" link at the bottom of our emails.

Not use feature and service that require you provide your information and data, such as our community post or video storage.

Request account and data deletion at https://account-delete.tplinkcloud.com/

Request account information by emailing us at privacy@tp-link.com

 

You may not opt out of administrative emails for your registered account (e.g., emails about your transactions, policy changes, forgot password and confirmation emails).

8. CHILDREN'S PRIVACY

Our Products and Services are not directed to, or intended for, individuals under the age of 16 and we do not knowingly collect personal information from individuals under the age of 16. If you believe that we have any such information, please notify us immediately using the contact information provided in Section 11 and we will delete the information as quickly as possible.

9. CALIFORNIA CONSUMER PRIVACY ACT

Click here to read additional disclosures required under the California Consumer Privacy Act.

10. CONTACT US

If you have any questions or need further assistance, please email us at privacy@tp-link.com or write us at:

TP-Link Corporation Limited

Room 901,9/F.,New East Ocean Centre, 9 Science Museum Road, Tsim Sha Tsui, Kowloon, Hong Kong