Tapo logo

Tapo

Privacy Policy

Last Updated: November 2, 2025

1. Introduction

This Privacy Policy describes how Linfield Labs AB ("we," "us," or "our") collects, uses, and protects personal data when you use the Tapo World website and app ("Service").

Your privacy is important to us. We comply with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data We Collect

We may collect:

  • Account Information: name, email, password
  • Device Information: device type, operating system, app usage data
  • Child Information (Optional): name or nickname, age range
  • Interaction Data: gameplay activity, preferences, parental usage
  • Purchase Data: when subscriptions exist

We do not collect audio, video, or precise location data unless explicitly stated.

3. How We Use Your Data

We use personal data to:

  • Provide and improve the Service
  • Customize play experiences
  • Provide customer support
  • Communicate updates and product information
  • Maintain security and prevent fraud

4. Legal Bases for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal bases:

  • Consent (Article 6(1)(a) GDPR) - e.g., optional child profile info, marketing communications
  • Performance of a contract (Article 6(1)(b) GDPR) - providing the Service you have requested
  • Legitimate interest (Article 6(1)(f) GDPR) - analytics, service improvements, fraud prevention
  • Legal obligations (Article 6(1)(c) GDPR) - tax and accounting records, compliance with applicable laws

You have the right to object to processing based on legitimate interests. For more information, see Section 8 (Your Rights).

5. Sharing of Data

We may share data with:

  • Service providers (analytics, hosting, customer support)
  • Payment processors
  • Authorities when required by law

We do not sell personal data.

6. Data Retention

We retain data only as long as needed to:

  • Provide the Service
  • Meet legal obligations

You may request deletion at any time.

7. Children's Privacy

Parents are the intended digital users. Children do not directly use the app interface.

We collect only minimal child information voluntarily provided by the parent. Parents may delete this information at any time.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access your personal data.

Right to Rectification (Article 16 GDPR)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure ("Right to be Forgotten") (Article 17 GDPR)

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the original purpose.

Right to Restrict Processing (Article 18 GDPR)

You have the right to request restriction of processing of your personal data under certain circumstances.

Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another controller.

Right to Object (Article 21 GDPR)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Article 7(3) GDPR)

Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at privacy@linfieldlabs.com. We will respond to your request within one month (which may be extended by two further months if necessary).

Right to Lodge a Complaint: If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. For Sweden, this is the Swedish Authority for Privacy Protection (IMY).

9. Security

We use reasonable technical and organizational measures to protect personal data. No system is completely secure.

10. International Transfers

If data is transferred outside the EU/EEA, we use approved safeguards such as Standard Contractual Clauses.

11. Updates to This Policy

We may update this Policy from time to time. Significant changes will be communicated to you.

12. Contact Us

For privacy inquiries or to exercise your GDPR rights:

Linfield Labs AB

Email: privacy@linfieldlabs.com

Data Protection Officer (if applicable): For inquiries regarding data protection, you may contact our data protection officer at the email address above.

EU Supervisory Authority

If you are located in the EU/EEA and have concerns about our data processing, you may contact your local data protection authority:

Sweden: Swedish Authority for Privacy Protection (IMY)

For other EU countries, find your local supervisory authority at: EDPB Member States

← Back to Home
Privacy Policy Terms of Service Home