Data and Security

Where is TikTok's data stored?

TikTok has long stored US user data in the US and Singapore. For more than a year, we’ve been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data.

We’ve now reached a significant milestone in that work: we’ve changed the default storage location of US user data. Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure. We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users’ private data from our own data centers and fully pivot to Oracle cloud servers located in the US. In addition, we’re working closely with Oracle to develop data management protocols that Oracle will audit and manage to give users even more peace of mind.

Has TikTok ever shared user data with the Chinese government?

TikTok has never provided any US user data to the Chinese government, nor would it do so if asked.

Would TikTok share user data if the Chinese government if asked?

TikTok has never provided any US user data to the Chinese government, nor would it do so if asked.

What type of data does TikTok collect on its users?

The TikTok app is not unique in the amount of information it collects, compared to other mobile apps. In line with industry practices, we collect information that users choose to provide to us and information that helps the app function, operate securely, and improve the user experience. Also like our peers, we constantly update our app to keep up with evolving security challenges. We encourage our users to download the most current version of TikTok.

Who has access to US TikTok user data?

As a rule, security teams want to minimize the number of people who have access to data and limit it only to people who need that access in order to do their jobs. We have policies and procedures that limit internal access to user data by our employees, wherever they’re based, based on need. Like many global companies, TikTok has engineering teams around the world—including in Mountain View, London, Dublin, Singapore, and China—and those teams might need access to data for engineering functions that are specifically tied to their roles. That access is subject to a series of robust controls, safeguards like encryption for certain data, and authorization approval protocols overseen by our U.S.-based security team. To facilitate those approvals, we also have an internal data classification system; the level of approval required for access is based on the sensitivity of the data according to the classification system. The intention of these processes and protocols is to ensure that the data is only accessed by those that need it to allow our business and our service to function. Read more here.

How does TikTok use the data collected on users?

We use the information collected to fulfill and enforce our Terms of Service, to improve and administer the Platform, and to allow you to use its functionalities. To learn more please read through our Privacy Policy. 

How long does TikTok hold onto user data?

We retain your information for as long as it is necessary to provide you with the service so that we can fulfill our contractual obligations and exercise our rights in relation to the information involved. Where we do not need your information in order to provide the service to you, we retain it only as long as we have a legitimate business purpose in keeping such data or where we are subject to a legal obligation to retain the data. We will also retain your data if necessary for legal claims. For more information, click here.

Can a user request to have their data removed and deleted from TikTok?

Any user may submit a request to access or delete the information we have collected about you by sending a request to us at the email or physical address provided in the Contact section at the bottom of our privacy policy. We will respond to your request consistent with applicable law and subject to proper verification. And we do not discriminate based on the exercise of any privacy rights that you might have.

What external experts have reviewed the TikTok app to assess its security?

The security and privacy of our global community is always a top priority. Staying ahead of next-generation cyberthreats requires continuously strengthening the security of our platform, which is why we continually work to validate our security standards and collaborate with industry-leading experts to test our defenses.

In the past year, we’ve expanded our vulnerability disclosure policy to include a global bug bounty program with HackerOne. We’ve strengthened our global security organization and established global Fusion Center operations in Washington DC, Dublin, and Singapore. We’ve earned ISO 27001 certifications in the US, UK, Ireland, Singapore, and India for investing in the people, processes, and technology to keep our community safe. The ioXt Alliance also certified TikTok for meeting rigorous standards and commitments to cybersecurity, transparency and privacy.

What is your leadership structure and who is responsible for decision making at TikTok?

As a global company, TikTok’s teams are based around the world, with our senior leadership based in the US and Singapore.

Where are TikTok product development teams located?

Team members that work on product development and related features are located in the US, Europe, Singapore, and China. Our global approach towards product development is similar to the approach of other large global tech companies that likewise have product development or innovation teams in various global locations, including the US, Europe, India, and China.

We employ access controls and a strict approval process overseen by our US-based leadership team, including technologies like encryption and security monitoring to safeguard sensitive user data and prevent malicious behavior linked to fraudulent activity.

What network calls does TikTok make when a user first installs and opens the app?

TikTok makes a limited number of network calls when a user first opens the app after installing it. TikTok’s initial network connections (or network calls ) are made to third parties to help initialize and support the app, including for network performance and security, user certification, platform interoperability, and marketing campaign measurement.

Does TikTok collect MAC addresses?

No, the current version of the TikTok app does not collect MAC addresses, and we encourage our users to download the most current version of TikTok.

Does TikTok use End-to-End Encryption (E2EE) on Direct Messages?

Direct messages on TikTok are encrypted at rest and while in transit. End-to-end encryption is not currently available. We place a premium on ensuring that our younger users have a safe experience by default on TikTok. Like many companies, we maintain the ability to decrypt user data in response to valid legal process and to enforce our Community Guidelines, and we regularly publish Transparency Reports to provide visibility into this work. We maintain internal controls to ensure that only personnel with proper authorization and a demonstrated need to perform their job have access to certain decrypted data like contact information or direct messages.

Follow these 3 easy tips to help keep your account secure. ##TikTokTips

♬ original sound - tiktoktips

For more Safety and Security tips visit TikTok.com/safety ##tiktoktips

♬ original sound - tiktoktips

Trust and Safety

What is TikTok doing to create a safe and secure platform?

Protecting the privacy and safety of our users’ data is critical to TikTok. Our security team is led by our Chief Security Officer, Roland Cloutier, who has decades of industry and US law enforcement experience. Our US Head of Safety leads a team in California that works diligently to protect users against content and accounts that violate our policies, like dangerous challenges and COVID-19 misinformation. We are committed to being transparent about how we execute our policies and safeguard our platform. We share regular Transparency Reports and you can learn more about our efforts to keep TikTok safe and secure on our Transparency webpage. In everything we do, we view through the lens of maintaining the privacy of our users. To learn more about our security and data privacy roadmap click here.

How is TikTok combating misinformation and election interference on the platform?

Our Community Guidelines prohibit misinformation that could cause harm to our community or the larger public, including content that misleads people about elections or other civic processes, content distributed by disinformation campaigns, and health misinformation. We always strive to be more transparent about our policies and content moderation, and today we’re updating these guidelines to better reflect the scope of our existing policies. These updates were developed with industry experts, and the language reflects input from members of our Content Advisory Council. Read more in our recent blog on the subject.

How does TikTok manage and mitigate against cyberbullying?

We have a clearly defined set of Community Guidelines. TikTok is an inclusive platform built upon the foundation of creative expression, and we expect that inclusivity from our user community. We encourage users to celebrate what makes them unique, while finding a community that does the same. Youth safety experts sit on our Content Advisory Council and we partner with youth safety organizations including the PTA, the Family Online Safety Institute, and Connect Safely. We also automatically disable direct messaging for registered accounts under 16.

How does TikTok protect children on the platform?

The privacy of users under the age of 13 (“Younger Users”) is important to us. Our app has a 13+ rating so parents can use parental controls to prohibit their child from downloading it. For those that do, we provide a separate TikTok experience for users under 13-years-old. In this experience users can watch videos, but they can’t upload their own, comment, or send messages. For more information on our United States data collection practices for Younger Users, please visit the Privacy Policy for Younger Users.

How does TikTok keep children safe from online grooming?

We have a zero-tolerance policy on child sexual abuse material and grooming behavior. We automatically disable direct messaging and features like livestream for registered accounts under the age of 16. We go a step further to protect children by not allowing images to be sent via direct messagings, since research shows the majority of CSAM content is spread through direct and encrypted messaging. Flagged and suspected grooming behavior is escalated to our internal Child Safety Team (CST) to investigate. In line with international standards, we report all necessary information to NCMEC which works directly with law enforcement, and ban the offending user.

How does TikTok handle content moderation to prevent inappropriate content?

TikTok uses a combination of technology and content moderation to identify and remove content and accounts that don’t meet the standards we outline in our Community Guidelines. Our systems automatically flag certain types of content that may violate our policies, which enables us to take swift action and reduce potential harm. Our team of trained moderators reviews and removes content that’s flagged by technology or reported to us, and proactively investigates evolving or trending violative content, such as dangerous challenges or harmful misinformation. TikTok works with experts, civil society organizations, and a Content Advisory Council to help us address the challenges platforms face today and prepare us for the future.

What safety controls have been put in place for Direct Messaging on TikTok?

We maintain and enforce strong policies and controls on messaging, including automatically disabling direct messaging for users under 16, and prohibiting the ability to send off-platform images or videos via direct messaging. More details about direct messaging can be found on our Support Center.

TikTok Corporate

How many people in the United States use TikTok?

100 million Americans love TikTok because it is their home for expression, entertainment, and connection. Our biggest user bases by state are California, Texas, New York and Florida.

Where are TikTok's offices located?

In the US, our headquarters is in Los Angeles. We also have offices in New York, San Francisco, Washington DC, Chicago, Austin, Seattle, and Nashville – and we’re growing!

Does TikTok operate in China?

TikTok is not available in China.

TikTok is the leading destination for short-form mobile video.
Our mission is to inspire creativity and bring joy.