Tobii Data transparency policy

Data transparency policy

If you are developing an application that stores or transfers data generated by a Tobii product, then we require that your application complies with our data transparency policy.


The policy states


Applications that store or transfer data generated by a Tobii product need to implement active user acceptance: Informing people what you are doing with their data and why.


The application needs to visualize for the user when storage or transfer of data occurs.


The user should understand the benefits they receive by providing their data — what’s in it for me.

Why does Tobii have a data transparency policy? ​

Eye tracking and attention computing are emerging technologies in consumer, commercial, and specialized products and solutions. They hold the promise of new opportunities — in the way we interact with machines, advance the frontier of science, and in the creation of solutions that have a positive impact on people’s lives.

The data generated by our technology can reveal a lot about a person. Their reaction in certain situations, how they are feeling, their identification, and even whether they are suffering from specific medical conditions, and needs to be handled accordingly.

Tobii aspires to protect the data integrity and data privacy of every person who interacts with our technology. But we cannot do this alone.

We rely on every organization to build trust with people whose data they leverage. We rely on every product to respect users by very clearly informing them if their data is stored or transferred to another system — and more importantly why.

To help us fulfill this aspiration, we created the Tobii data transparency policy.

When does our data transparency policy apply?

Our data transparency policy applies when data generated by our products, in raw or processed form, is stored, or when it is transferred to other devices, systems, or networks.

What does this mean?

For users

As a user, you should expect all applications that store or transfer your data comply with the Tobii data transparency policy.

For software developers

As a developer, building solutions using any of Tobii’s SDKs, you must adhere to our license terms. One of the license terms requires you comply with this data transparency policy.

For hardware manufacturers and OEMs

If you are a hardware manufacturer or OEM using Tobii solutions, you can be proud that you have built your product on a technology that takes the privacy of users seriously.

If you develop software that uses eye tracking and attention computing as part of your solution, you must also adhere to our data transparency policy — just like any other software developer.

If you wish to publish your own proprietary SDKs or APIs that incorporate our technology, you must contact us to ensure that our data transparency policy is upheld.


Tobii data transparency policy

If Your Software (any application system, or API) stores or transfers eye tracking or attention computing data, you must comply with this policy and as such, Tobii requires the following to be implemented into Your Software:

Active user acceptance

Your Software needs to use a consistent format to ask the user, explicitly and clearly, for their permission to store, or transfer, their data. This request for permission must happen before the user’s data is stored or transferred. It also needs to state the purpose of storing/transferring data and that such data will not be used for any other purpose.


Your Software must show the user when the storage or transfer of data is takes place. You must provide a mechanism for visualization. This is required unless explicitly waived by Tobii.

Tobii's recommendation

Clearly inform users about the value they will receive from Your Software. This is about giving the user clear guidance and motivation about why they should provide their data to you.

Please note that the implementation of this policy may vary between different categories of products. For screen-based products, a window, such as the one below, is recommended for the Active user acceptance and What’s in it for me policy.

Tobii Data transparency policy

Active user acceptance — alternative methods of implementation and exemption

Some specific circumstances make a software-based user acceptance impossible or inappropriate. If Your Software is used in either of the situations described in A, B or C below, you may instead implement firm legal requirements on the user of Your Software to conduct an alternative approval process.

Situation A

Your Software is used to conduct research, tests or assessments on a test subject which a facilitator operates and oversees, and you prefer that active user acceptance from the test subject is provided via a separate process, instead of through Your Software. In this situation, Your Software must, instead, explicitly and in a clear and prominent manner, require that the facilitator takes responsibility to:

(i) obtain active user acceptance from the test subject via separate means; and

(ii) inform the test subject about what data was collected, the purpose of the data collection and that the data will not be used for any other purpose; and

(iii) if the test subject does not give such consent, permanently delete the data from that test subject.

Only upon confirmation of this by the facilitator will Your Software be allowed continued use. This process must be followed at least every time Your Software is started.

Situation B

Your Software is used to collect eye tracking data from an individual that is not of legal age, or a user who is not physically or mentally able or fit to provide active user acceptance. In such situation, Your Software may instead implement a process where active user acceptance is collected from a legal guardian of the user. This may be done either via Your Software, or via a different method (such as a paper-based form), prior to collecting the data. In either case, such active user acceptance form must be very explicit and in a clear way provide information about which data will be collected, and it must state the purpose of the data collection and that the data will not be used for any other purpose.

Situation C

Your Software is used to collect eye tracking data from a user who is under a medical emergency where there is an imminent risk to the user’s life or health. When the application is used in such situation, active user acceptance is not required.


Data refers to these categories:

Biometric eye tracking data

Data relating to the physical, physiological or behavioral characteristics of a person’s eyes or face.

Psychographic eye tracking data

Any insights derived from biometric data relating to a person’s physical, mental, and emotional state, or their interests

Store or transfer

Applies to any method of saving data beyond the length of the user session; or any method of sharing eye tracking and attention computing data so that it can be accessed or observed by others in retrospect, or in real-time on a separate display or device.


The review process

Tobii customers and partners that are developing solutions requiring access to our API’s, need to sign a software development license agreement (SDLA). Our SDLA for commercial use and for research use requires compliance to the Tobii data transparency policy.

If you signed a SDLA for commercial use and have been granted right to store and or transfer eye tracking or attention computing data, you also have to undergo a review process (this is not applicable for applications under the Research SDLA).

We have a review process for three reasons:

  • Ensure policy compliance

  • Help implement best practice of active user acceptance

  • Evolve the policy by learning from our customers and partners

The review is not required if you are running the project under a proof-of-concept phase (non-commercial SDLA). The review process is transparent and we share our review records with our customers and partners.

Tobii Data transparency policy

It is important to plan the review process well in time. Initiation of review process is done by contacting Tobii account manager. The Tobii account manager will then allocate a dedicated review manager. The review manager will make contact and execute the review process, answer questions and provide relevant information and support.

Compliant applications and software

Applications and software complying with our data transparency policy

Below is a list of applications and software that are in compliance with our data transparency policy. This list is continuously updated.

Tobii Pro Lab
Tobii Pro Software Development Kit
Sticky by Tobii
Tobii Pro Glasses 3 Controller
EventIDE Ltd.
Eye Tracking Analytics for League of Legends
Eye Tracking Analytics for Aim Training Aim Trainer
Tobii Ghost Streaming and Broadcasting
Ovation, LLC.
Verum Polygraph LLC
Readerseye Inc.
Qualisys Track Manager AB
AVATAR Science

Our software development licensing model