Privacy and Security on TikTok
At TikTok, we know that creativity and expression are personal. And so is privacy. That’s why we empower our community with a range of controls to manage their online presence and decide the TikTok experience that’s right for them. We also know that when someone joins our community, they’re entrusting us with their information. We take great care to safeguard that information and educate our community on the privacy and security tools available to them.
TikTok collects information in order to provide a useful and relevant experience for our community. Some of our features may only be available in certain markets, since we develop products to meet the needs of different communities. As a result, we may collect more or less information in a market depending on the features available there.
- Phone number or email so we can register an account.
- Birthday so we can confirm a person’s age and provide an age-appropriate app experience.
- Physical address for those who participate in the TikTok Creator Fund (for tax purposes), and for creators who won a prize (for the purpose of mailing the prize to them).
- Payment information so we can pay creators in the TikTok Creator Fund, and for accounts that use the TikTok wallet or our virtual gifting feature.
- Likes, shares, and search history on our app so we can recommend more relevant content.
- Browsing history in the TikTok in-app browser to help make platform improvements, such as optimizing page load times and ad measurement. This is separate from and not relevant to the use of other apps on a person’s phone, including web browsers.
- Device ID characteristics which help us perform a number of security functions, like mitigating spam and protecting TikTok accounts against malicious activity. We also use this information to help advertisers optimize and measure the effectiveness of their ad campaigns.
- Coarse location inferred from IP addresses to show relevant content and ads based on the region a person is in.
TikTok user data is stored in protected data centers in the US and Singapore, and we’ve announced plans to establish a data center in Ireland. Certain elements of user data are encrypted at rest and in-transit using industry standard algorithms. The encryption keys are maintained in our key management system which is operated by our US-based security team.
You’re in control
TikTok offers a range of privacy controls so people can choose the settings that are right for them. We actively work to educate our community about their privacy choices through in-app videos, our Help Centre, and more.
Account holders can request a copy of their TikTok data at any time, which currently includes information about their profile, activity, and app settings.
Respecting privacy in advertising
Our goal is to help businesses reach the people they care about in a creative and meaningful way, while also giving our community control over what information is shared.
You can manage how certain data affects the ads you see through the privacy settings of your TikTok app or your device.
Ads on TikTok can be based on:
- General information: For example, TikTok might show ads for a certain mobile app if it’s supported on that device’s operating system.
- Account information: For example, the age associated with a user’s account can affect whether TikTok shows that user an ad for a car rental service available to people aged 25 and over.
- In-app activity: For example, a pet supply store might want to advertise a sale on dog toys to people interested in dogs; we might show this ad to users who like a lot of videos about dogs.
- Off-app activity: For example, a fashion brand may want to promote their summer clothing collection to customers who’ve purchased from their website or app in the past. The brand can share information with us so we can show its ads to the TikTok users we think it’s trying to reach.
We work diligently to protect people’s information and stay ahead of constantly evolving security threats. Our global security team uses cutting-edge technology and multi-layered defenses to make it harder for malicious actors to get into our systems and regularly works with outside experts to test our infrastructure and processes. We’ve partnered with HackerOne to operate a global bug bounty and vulnerability disclosure program, and our internal team actively works to improve our defenses against the latest attacks.
Security is a job that is never finished, but we will continue to build best-in-class infrastructure and processes. We will also test our work, validate it, and work with our partners across industry and government to make sure we’re doing everything we can to protect our community.
Securing your account
As we continuously work to keep our community’s information secure, we also empower people with tools and information for good security habits. Some tips:
Keep your contact information updated: Link your most up to date phone number and/or email address to your TikTok account. Email may be a method of alerting you of any suspicious activity on your account and can be used in confirming your identity if you ever get locked out. Learn how
Create a strong and unique password: Choose a password that’s memorable for you but difficult for others to guess. Unique means having a different password for each of your accounts, and strong means making the password complex by using at least 12 characters including numbers and symbols. Be sure to set up strong and unique passwords/PINs for all of the devices you use to access TikTok such as laptop, phone, and other mobile devices. A password manager can help take the guesswork out of remembering dozens of unique usernames and passwords.
Turn on 2-step verification: 2-step verification adds an extra layer of security to your account in case your password is compromised. This will also protect your account from unrecognized and unrecognized devices or third party applications. Learn how
Security alerts: Our teams continuously monitor for suspicious or unauthorized activity. Keep track of recent unusual security events that you do not recognise.
Verify your devices: You can view phones and other mobile devices that are currently using or have recently accessed your TikTok account. This will display all devices associated with your account, how you logged into the account (e.g. Facebook account), and when. Check this information to make sure no one else has signed in to your account. Learn how
Avoid phishing attacks: Phishing is a common method attackers use to trick others into giving up their personal information such as passwords, credit card numbers, social security, or other sensitive data. Never trust any third-party websites that promise to give away free likes, fans, crowns, coins, or other incentives as they may be able to take your login info. Be sure to always verify any links sent to you via private message before accessing the page.
Don’t be fooled if someone contacts you pretending to be from TikTok. Remember: any legitimate email from our teams would never ask you for your password!
If you find videos or receive messages on TikTok that you think might be spam or phishing, please report them so our teams can continue to keep our community safe. You can also report videos by holding down on the content in question and tapping ‘report.’