With the recent CloudPets hack, and others like it (remember Hello Barbie?), it’s becoming clearer that smart toys, particularly the stuffed animal kind, could pose a privacy risk that parents should know about. Don’t get us wrong, we love smart toys and have featured many here on Cool Mom Tech, like the new Toymail Talkies for example, and we think that they can be a cool addition to your kid’s toy box.

And given their popularity, we’re pretty sure you’ll be seeing more and more of them hit the shelves in the coming months.

But, before you fork over the cash for one of these toys, we think it’s important to you ask yourself a few questions to help ensure you’re making a decision that keeps your family’s safety and privacy top of mind.

Related: Internet safety tips from an expert that you can start using right now

1. Who is the manufacturer? 

With a simple Google search, you can get a lot of information about a company, which can then help inform your purchasing decision. Is the manufacturer reputable with a positive track record? According to cybersecurity expert Troy Hunt, Spiral Toys, the maker of CloudPets, is a publicly traded company with a stock value of one penny, which could indicate that the company was actually no longer in business. As you might guess, that’s troublesome on many levels.

2. How is your data stored and who can access it? 

Along with looking at security protocols, you should explore how the data that’s being collected, which could include everything from voice recordings, photos, videos, as well as your email login information, is being stored, and who has access to it. Is your data just captured remotely on your device, or is it being backed up somewhere on the company’s servers or a cloud service? Who is able to get to that data? And which data is being stored, and where? In some cases, most of your data will live in the app on your device, while in others, most of it will live on the company’s servers. You should be able to find all this information on the product’s website privacy page, many of which are downloadable as PDFs.

3. What are the security protocols? 

You should be able to get a clear description of a smart toy’s security features on their website, as well as the levels of encryption they use when it comes to your data. When you go to the privacy page on the ToyMail website, you’ll discover a thorough explanation of their security measures, which in their case includes HTTPS, SSL, and 128-bit encryption, one of the best encryption methods out there. You may also see the term “bank level encryption,” which is actually 256-bit encryption. If you don’t see any specific methods for security, then there probably aren’t good ones, so best to do a little more digging or steer clear.


Related: How to protect your baby monitors from hackers

Bottom Line: The messages, photos, and/or videos that these smart toys are sharing (and storing) have to live somewhere, whether it’s on the device itself, in an app, or on servers. With that in mind, do some research before you purchase a smart toy and decide if you feel as though the level of security measures that are in place make you feel as though your data is adequately protected.