If you have any questions or concerns regarding the data protection practices, please do not hesitate to contact:
Tuya Customer Service Department: dial 1-844-672-5646; email to email@example.com or ,
You are not obliged to provide to us your Personal Data (as defined below). However, we may be unable to provide you with certain products and/or Services if you decline to provide such data.
Personal Data means, unless otherwise provided by applicable laws in your region of residence, information that can be used to identify a particular individual, either by that information alone, or in combination with other information.
User Data refers to the data submitted by users or collected by Tuya in order to provide its services, such as user name, contact information, etc., when user registers for an account on Tuya's website, interfaces with Tuya's products or services. For clarity, User Data includes, but is not limited to, Personal Data.
Smart Devices refers to those nonstandard computing devices produced or manufactured by hardware manufacturers, with human-machine interface and the ability to transmit data that connect wirelessly to a network, including: smart home appliances, smart wearable devices, smart air cleaning devices, etc.
What Personal Data do We Collect
1. Information You Voluntarily Provide Us.
• Account Data: When you register an account with us, we may collect your name and contact details, such as your name, email address, mailing address, phone number, user name, and login credentials.
• Transactional And Purchase/Payment Details: If you purchase Tuya’s Services, either online or offline, we may collect your records/dates of purchases, invoice information, billing address, payment method, or bank account, account holder information, and debit card numbers for the business partnership.
• Session Data: During your sessions of communications with our staff, such as consultations with our business team, or online interactions with the customer service team about our products or Services, we will collect your session records and relevant information, which is limited to the following: customized session ID, session time, your company name, as well as information you voluntarily provide. The purpose of such collection is to analyze your concerns raised during the session, so that we can enhance and improve our services and identify usage trends, or in order to address your problems. However, please be reminded that we will not collect any sensitive personal information related to your identity.
• Name and Occupational Information in Communications with Us: When you visit our websites, fill out our online forms, or engage with our support team, we may collect your name and occupational information, such us your name, email address, and work/company information.
• Job Application Information: When you apply to work for us, we may collect your education and professional experience related information, such as school attended, course of study, academic degree obtained, grades, employment history, professional certification/licenses received.
2. Information We Collect Automatically.
When you use our Sites and Services, we may collect certain information, including Personal Data, about your use of the Sites and Services:
• Device Information: When you interact with our Sites and Services through hardware, we may automatically collect device information, such as the unique device ID number of your device, IP address, wireless connection information, operating system type and version, browser type and version, push notification identifier, and mobile network information.
• Usage Data: During your interaction with our Sites and Services, we may automatically collect usage data relating to visits, clicks, downloads, messages sent/received, and other usage of our Sites and Services.
The major purpose of collecting and using such data is to improve the products or services we provide to you, and to collect different volumes of data because of the different types functions of the products or services.
• Log Data: When you access or use our Sites and Services, any act you engage that may pose any risk to us will be recorded in form of log files. This may include without limitation, system logs, exception logs, or logs describing how your operations may pose risk to us. Logs may be uploaded to backend.
Please note that one cannot identify a specific individual by using device information or log information alone. However, if these types of non-personal information, combined with other information, may be used to identify a specific individual, such non-personal information will be treated as Personal Data. Unless we have obtained your consent or unless otherwise provided by data protection laws and regulations, we will aggregate and desensitize such non-personal information.
3. Information We Acquire from Third Parties
In some cases, and as permitted by law, we may obtain your Personal Data from a third party. For instance:
• You may authorize a third party to transmit data to us;
• We may obtain certain data from third-party partners, for instance, public information, including company name, company contact person, company email address, etc.;
• Data related to you provided by others, for example, when other users purchase products or services for you, they may provide us with your Personal Data, which may include your name, mailing address, and contact information.
Cookies and Similar Tracking Technologies
We may also use web beacons to track usage patterns of users of the Services. Additionally, we may use HTML-based emails sent to our users to track which emails are opened by recipients. The information is used to enable more accurate reporting and make the Services better for you.
We honor do-not-track signals or similar technologies that our systems detect and identify. We do not track, plant cookies, or use advertising when such do-not-track (DNT) browser mechanism is in place on your device.
Purpose and Legal Basis for Processing Personal Data
The purpose for which we may process information about you are as follows:
• Marketing Communication. We process your Personal Data to inform you about Services that we believe may be of interest to you. If we do so, each communication we send you will contain instructions permitting you to opt-out of receiving future communications of that nature. The legal basis for this processing is your consent.
• Legal Compliance. We disclose information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
• comply with a legal obligation, process or request;
• protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law; or
• detect, prevent or otherwise address security, fraud or technical issues.
If there is any change in the purposes for processing your Personal Data, we will inform such change to you via email and/or a prominent notice on our website of such changes of purposes, and choices you may have regarding your Personal Data.
Who do We Share Personal Data with?
At Tuya, we only share Personal Data in ways that we tell you about. Without your consent, we will not disclose your Personal Data to third-party companies, organizations, or individuals except in the following cases:
• Sharing subject to your express consent: upon your express consent, we may transfer your User Information to third parties. For instance, if you have indicated that you wish to receive accurate push notifications and diversified services that we provide, we may share your Personal Data with certain third parties.
• To our third-party service providers who perform certain business-related functions for us, including:
- cloud service providers who provide Tuya with fundamental structural plans regarding cloud services, including network, server and virtual services, website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, e-mail delivery services, and other similar services to enable them to provide services to us;
- customer service providers who provide Tuya with customer support services, including customer service system support and personnel service support;
- enterprise authentication service providers who helps us with verification of enterprise accounts, contract signing and authentication of enterprise status;
- when place an order on Tuya’s websites, we may share your information with third parties to allow you to receive our products and/or services that you order.
• To our customers and other business partners who provide you, directly or indirectly, with your Smart Devices, and/or networks and systems through which you access and use our Sites and Services.
• To an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings). In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, and choices you may have regarding your Personal Data.
• As we believe in good faith that access to, or use, preservation, or disclosure of the information is reasonably necessary or appropriate to:
(a) Comply with applicable law, regulation, legal process, or lawful governmental request;
(c) Protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.
(d) Perform risk management, screening and checks for unlawful, fraudulent, deceptive or malicious activities.
Tuya operates globally, and Personal Data may be transferred, stored and processed outside of the country or region where it was initially collected. Also, the applicable laws in the countries and regions where we operate may differ from the laws applicable to your country of residence. Under the Personal Data protection framework and in order to facilitate our operation, we may transfer, store and process your Personal Data in jurisdictions other than where you live.
The European Commission has determined that certain countries outside of the European Economic Area (EEA), the UK or Switzerland can provide adequate protection of Personal Data. Where Personal Data of users in the EEA, Switzerland, or the UK is being transferred to a recipient located in a country outside the EEA, Switzerland, or the UK which has not been recognized as having an adequate level of data protection, we ensure that the transfer is governed by the European Commission’s standard contractual clauses. You can review the agreement on the basis of approved EU standard contractual clauses per GDPR Art. 46. For more information, see here.
We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your Personal Data. Tuya provides various security strategies to effectively ensure data security of user and device. As for device access, Tuya proprietary algorithms are employed to ensure data isolation, access authentication, applying for authorization. As for data communication, communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported. As for data processing, strict data filtering and validation and complete data audit are applied. As for data storage, all confidential information of users will be safely encrypted for storage. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you could immediately notify us of the problem by emailing firstname.lastname@example.org in accordance with the section below.
Data Subject Rights
We respect your rights and control over your Personal Data. You may exercise any of the following rights by:
a) Forward your privacy request through online communication by clicking here , or;
You do not have to pay a fee for executing your personal rights. According to different data protection laws, your request of personal rights will be handled within 15 business days, or within 30 calendar days due to different response requirement.
In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Data deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.
• Request access to the Personal Data that we process about you;
• Request that we correct inaccurate or incomplete Personal Data about you;
• Request deletion of Personal Data about you;
• Request restrictions, temporarily or permanently, on our processing of some or all Personal Data about you;
• Request transfer of Personal Data to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated;
• Opt-out or object to our use of Personal Data about you where our use is based on your consent or our legitimate interests.
Your California Privacy Rights
California Civil Code Section 1798.83 permits users of the Software that are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please contact us in accordance with the “email@example.com” section below. We do not disclose Personal Data to third parties for their direct marketing purposes without your consent. Visit our Statement on California Privacy Notice page for more information.
2- Personal Data will no longer be retained when you request to remove your Personal Data, we will accordingly complete the task.
When we are unable to do so for technical reasons, we will ensure that appropriate measures are put in place to prevent any further such use of your Personal Data.
Protecting the privacy of young children is especially important to us. The Services are not directed to individuals under the age of thirteen (13) (or such other age provided by applicable law in your country/region of residence), and we request that these individuals do not provide any Personal Data to us. We do not knowingly collect Personal Data from any child unless we first obtain permission from that child’s parent or legal guardian. If we become aware that we have collected Personal Data from any child without permission from that child’s parent or legal guardian, we will take steps to remove that information.
For European Union or United Kingdom data subjects, you have the right to lodge a complaint with a supervisory authority concerning Tuya’s data processing activities. For questions, or to exercise your rights as an EU or UK data subject, please contact our EU/UK Representative here: