Privacy and security on TikTok
At TikTok, we know that creativity and expression are personal. And so is privacy. That's why we empower our community with a range of controls to manage their online presence and decide the TikTok experience that's right for them. We also know that when someone joins our community, they're entrusting us with their information. We take great care to safeguard that information and educate our users on the privacy and security tools available to them.
TikTok collects information in order to provide a useful and relevant experience for our community. Some of our features may only be available in certain markets, since we develop products to meet the needs of different communities. As a result, we may collect more or less information in a market depending on the features available there.
- Phone number or email so we can register an account.
- Birthday so we can verify a user's age and provide an age-appropriate app experience.
- Physical address for those who participate in the TikTok Creator Fund (for tax purposes), and for users who won a prize (for the purpose of mailing the prize to them).
- Payment information so we can pay creators in the TikTok Creator Fund, and for accounts that use the TikTok wallet or our virtual gifting feature.
- Likes, shares, and search history on our app so we can recommend more relevant content.
- Browsing history in the TikTok in-app browser to help make platform improvements, such as optimizing page load times and ad measurement. This is separate from and not relevant to the use of other apps on a user's phone, including web browsers.
- Device ID characteristics which help us perform a number of security functions, like mitigating spam and protecting user accounts against malicious activity. We also use this information to help advertisers optimize and measure the effectiveness of their ad campaigns.
- Coarse location inferred from IP addresses to show relevant content and ads based on the region a user is in.
TikTok user data is stored in protected data centers in the US and Singapore, and we've announced plans to establish data centers in Ireland and India. We deploy strong restrictions on employee access, follow local laws in the markets we serve, and keep up to date with guidance from local data regulators to align with best practices.
You're in control
TikTok offers a range of privacy controls so people can choose the settings that are right for them.
Account holders can request a copy of their TikTok data at any time, which currently includes information about their profile, activity, and app settings.
Respecting privacy in advertising
TikTok provides a platform for businesses of all sizes to build and engage with their audiences through creative storytelling. Whether they're starting trends, connecting communities, or bringing awareness to critical public service initiatives, we've witnessed the positive impact that brand creativity brings to the TikTok community and the experience of our platform.
One of the reasons digital platforms like TikTok are so accessible is personalization. If a business owner wants to reach people who like cats, they can run an ad on TikTok or another online platform. Likewise, you're more likely to see ads for products you might actually want to buy. In order for advertisers to measure the effectiveness of their campaigns, we work with measurement partners and offer solutions to measure performance while respecting the privacy of our users. Learn more about TikTok for Business.
Our goal is to help businesses reach the people they care about in a creative and meaningful way, while also giving our community control over what information is shared. Users can manage personalized ad settings and make other choices about what they share from their profile.
We work diligently to protect people's information and stay ahead of constantly evolving security threats. Our global security team uses cutting-edge technology and multi-layered defenses to make it harder for malicious actors to get into our systems and regularly works with outside experts to test our infrastructure and processes. We've partnered with HackerOne to operate a global bug bounty and vulnerability disclosure program, and our internal team actively works to improve our defenses against the latest attacks.
Security is a job that is never finished, but we will continue to build best-in-class infrastructure and processes. We will also test our work, validate it, and work with our partners across industry and government to make sure we're doing everything we can to protect our community.
Securing your account
As we continuously work to keep our community's information secure, we also empower users with tools and information for good security habits. Some tips:
- Keep your contact information updated: Link your phone number and/or email address to your TikTok account. That way, you have multiple sign-in methods, should one be compromised. Email may also be a method of alerting you of any suspicious activity on your account and can be used in confirming your identity if you ever get locked out. Learn how.
- Create a strong and unique password: Choose a password that's memorable for you but difficult for others to guess. Unique means having a different password for each of your accounts, and strong means making the password complex by using at least 12 characters including numbers and symbols. Be sure to set up strong and unique password/PINs for all devices you use to access TikTok such as laptop, phone, and other mobile devices. A password manager can help take the guesswork out of remembering dozens of unique usernames and passwords.
- Turn on 2-step verification: 2-step verification adds an extra layer of security to your account in case your password is compromised. This will also protect your account from unrecognized and unauthorized devices or third party applications. Learn how.
- Security Alerts: Our teams continuously monitor for suspicious or unauthorized activity. Keep track of recent unusual security events that you do not recognize using this tab.
- Verify your devices: You can view phones and other mobile devices that are currently using or have recently accessed your TikTok account. This will display all devices associated with your account, how you logged into the account (e.g. Facebook account), and when. Check this information to make sure no one else has signed in to your account. Learn how.
- Avoid phishing attacks: Phishing is a common method attackers use to trick others into giving up their personal information such as passwords, credit card numbers, social security, or other sensitive data. Never trust any third-party websites that promise to give away free likes, fans, crowns, coins, or other incentives as they may be able to take your login info. Be sure to always verify any links sent to you via private message before accessing the page.
Don't be fooled if someone contacts you pretending to be from TikTok. Remember: any legitimate email from our teams would never ask you for your password!
If you find videos or receive messages on TikTok that you think might be spam or phishing, please report them so our teams can continue to keep our community safe. You can report videos by holding down on the content in question and tapping 'report'.