Search
Search Menu

Kasa Smart - General Questions about Security and Privacy

Security Advisory
Updated 03-07-2019 23:57:21 PM

This FAQ will help answer your questions about security and privacy while using our Kasa Smart products.  If you have questions about the information in this FAQ please feel free to contact us at Kasa.Support@tp-link.com and we’ll be happy to help you.  

 

What type of user data does Kasa Smart by TP-Link collect, and how is it used?

When you use our devices and/or services, we collect minimal personal data.

When you use Kasa Smart devices without setting up an account, no personal data will be processed. Please note that without account registration the use of our devices and services will be very limited. If you register a user account for one of our services ("Kasa Account"), personal data will be processed in order to deliver services. Personal data might be disclosed to third parties, with your prior consent. We have implemented appropriate safeguards to secure personal data and retain that data only as long as necessary.

 

When you register a user account for one of our services ("Kasa Account"), personal data includes but is not limited to name, user name, email address, device data and payment information will be collected. This data is processed in order to deliver smart home services like turning devices on/off, accessing camera live view remotely and paying for subscription services. For more details refer to TP-Link’s Privacy Policy,  Terms of Use and Kasa Care Service Agreement.

How is my data secured to ensure my privacy?

Security and privacy is important to Kasa Smart and we take it seriously. We have implemented measures, including encryption and SSL technology, designed to secure personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

 

As per European General Data Protection Regulation (GDPR), user data is anonymized for storage and transmission purposes. Data access is limited and monitored, and video is encrypted and anonymized. None of the audio and video recordings and/or livestream can be viewed by our employees or third parties.

 

Where will my video be stored?

The hosting and storing of users video data takes place in the Amazon Web Services (AWS) virtual private cloud, a service of Amazon.com, Inc., and abides by Amazon’s requirements. Data is encrypted and stored based on customer location using AWS - specifically either in the US, Singapore or Ireland. At any time, user video and audio data is not accessible by us or any third-party companies. Other than that, data is only accessed with prior consent (e.g. when using voice integration services of Google, LLC or Amazon.com, Inc. (both US)).

 

Is any of my data sold to or shared with third parties? If so, am I informed?

We do not sell user data to third parties. We may transfer personal data to third-parties, if required for the fulfilment of our services. In this particular case, third-party services form part of our services (e.g., the hosting and storing of user video data takes place in the AWS virtual private cloud, a service of Amazon.com, Inc.). At any time, user encrypted and anonymized video and audio data is not accessible by any third-party companies.

 

Permission from the user is required in order to engage third party services. In that instance, users are made aware of what data is being shared (e.g., when using Amazon Alexa voice assistant to control devices). Kasa Smart has no influence on the processing of personal data collected by third-parties. When using third party services in connection with Kasa Smart services, Kasa Smart recommends users confer the third party’s respective privacy policy.

 

How can I delete my Kasa account?

You may delete your account at any time by contacting Technical Support at support@tp-link.com. Per GDPR compliance, after deletion of a user account, personal data will be erased without undue delay and cannot be recovered.

 

How can I keep my account secure?

Account access, privacy and security is protected by a user password. In order to prevent unauthorized access to an account and personal information, you should select a strong password and protect it by limiting access to your computer, device, browser or application. If you use a third-party service to sign into your account, you should protect that account accordingly as well. We also recommend that you remain vigilant regarding your personal home network by ensuring you use the latest software and only share credentials with those whom you trust. The security of your personal home network is the first line of defense and is essential to smart home security.

 

I have Kasa Smart Cameras so what is done to ensure my clips can only be viewed by me?

As noted above, video is stored on AWS and we have implemented measures, including encryption and SSL technology, designed to secure personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. The video is encrypted and anonymized. None of the audio and video recordings and/or livestream can be viewed by our employees or third parties.

 

What happens to my video clips after they expire or after I delete them?

You can always download clips before they expire. But once they expire, or should you choose to delete your video clip(s) from your account, they will be permanently deleted from AWS cloud and cannot be recovered.

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . We have updated our Policies. Read Privacy Policy and Terms of Use here.

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . We have updated our Policies. Read Privacy Policy and Terms of Use here.

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Livechat

__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au

Facebook

_fbp

Crazy Egg

cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs

Hotjar

OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>

Linkedin

lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or