Tapo logo

Tapo

Privacy Policy

Last Updated: November 30, 2025

1. Introduction

Tapo: Craft Adventures is operated by Linfield Labs AB ("we," "us," "our"). This Privacy Policy explains how we collect, use, store, and protect personal data when parents or guardians use the Tapo World mobile app and related website (the "Service"). We comply with the EU General Data Protection Regulation (GDPR), the Children's Online Privacy Protection Act (COPPA), and other applicable privacy laws. For privacy questions, contact privacy@linfieldlabs.com.

2. Who Uses the App

The app interface—including account creation, login, and data entry—is intended for parents or guardians. Kids participate in the craft activities offline, guided by the parent. We do not collect personal data directly from children under 13.

3. Data We Collect from Parents

Category Examples Purpose
Account Information Parent display name, email address, password (hashed) Create/manage parent accounts, personalize content
Progress & Journal Content Completed adventures, medals, Maker Journal photos/notes (uploaded by parent) Sync progress, show rewards, enable journaling
Purchase & Entitlement Data App Store transactions, RevenueCat entitlements Unlock premium story packs, restore purchases
Device & Usage Info Device type, OS version, in-app events, crash logs Diagnostics, stability improvements
Support Interactions Emails or feedback forms Respond to requests, troubleshoot issues

We do not collect precise geolocation, audio recordings, advertising identifiers, or biometric data.

4. How We Use Data

  • Provide and maintain the Service (login, progress sync, story audio, journal entries)
  • Authenticate parents and secure accounts
  • Process purchases and restore entitlements through App Store / RevenueCat
  • Improve reliability via crash/usage analytics
  • Respond to support requests and protect against fraud
  • Comply with legal obligations (tax and audit records)

5. Legal Bases (GDPR)

  • Performance of a Contract (Art. 6(1)(b)) – running the app you signed up for
  • Consent (Art. 6(1)(a)) – optional marketing or email updates (if ever offered)
  • Legitimate Interests (Art. 6(1)(f)) – product analytics, service protection
  • Legal Obligations (Art. 6(1)(c)) – accounting and regulatory compliance

6. Sharing & Service Providers

We never sell personal data. We only share what's necessary with trusted processors:

  • Supabase (EU hosting) – database, authentication, Maker Journal storage
  • RevenueCat & Apple – purchase processing and entitlement syncing
  • Analytics/Crash Services – aggregated diagnostics, no targeted advertising
  • Support Tools – to respond to parent inquiries
  • Regulators – if required by law

When data leaves the EU/EEA, we rely on Standard Contractual Clauses or other lawful safeguards.

7. Children's Privacy & COPPA

  • Kids interact with crafts in the real world; they do not create accounts or enter data in the app.
  • All content stored in the app (progress, journal photos) is entered by the parent.
  • Parents control the account and can delete data at any time (see Section 10).
  • Because we do not collect personal data directly from children, COPPA consent requirements are satisfied by limiting access to parents/guardians.

8. Data Retention

  • Parent account and progress data remain while the account is active.
  • Maker Journal content stays until the parent deletes it or closes the account.
  • Purchase records are kept as long as needed for financial/legal compliance.
  • Support communications are stored for up to 24 months unless deletion is requested earlier.

9. Your Rights (EEA/GDPR)

Parents can contact privacy@linfieldlabs.com to exercise:

  • Access, correction, deletion
  • Restriction or objection to processing
  • Data portability
  • Withdrawal of consent (without affecting prior lawful processing)
  • Complaint to a supervisory authority (e.g., Sweden's IMY)

10. How to Delete Your Data

Use the in-app Delete Account option (Profile → Delete Account) to permanently remove your parent account, Maker Journal entries, progress, and purchases stored in Supabase.

Or email privacy@linfieldlabs.com and we will respond within 30 days.

11. Security

We use encrypted transport (HTTPS), hashed passwords, and access controls. While no system is perfectly secure, we take reasonable steps to protect personal data and encourage parents to keep credentials confidential.

12. International Transfers

If data is processed outside the EU/EEA, we rely on Standard Contractual Clauses or equivalent safeguards so that your information receives the same level of protection.

13. Updates

We may update this policy to reflect new features or legal requirements. Significant changes will be communicated in-app or via email. Continued use after the effective date indicates acceptance.

14. Contact Us

Linfield Labs AB

Email: privacy@linfieldlabs.com

Mailing Address: (add your physical address)

EU Supervisory Authority (Sweden)

Swedish Authority for Privacy Protection (IMY) – https://www.imy.se

← Back to Home
Privacy Policy Terms of Service Home