By Albert Calamug, U.S. Security Public Policy, TikTok

At TikTok, we're committed to a process of continuous innovation and improvement in our user experience and safety controls. We're proud to be able to serve a global community of more than a billion people who use TikTok to creatively express themselves and be entertained, and we're dedicated to giving them a platform that builds opportunity and fosters connection. We also take our responsibility to safeguard our community seriously, both in how we address potentially harmful content and how we protect against unauthorized access to user data.

TikTok has long stored US user data in our own data centers in the US and Singapore. Our Virginia data center includes physical and logical safety controls such as gated entry points, firewalls, and intrusion detection technologies. It's also important to maintain backup data storage locations to guard against catastrophic scenarios where user data could be lost, and our data center in Singapore serves as the backup data storage location for our US users.

For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data. We've now reached a significant milestone in that work: we've changed the default storage location of US user data. Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure. We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users' private data from our own data centers and fully pivot to Oracle cloud servers located in the US.

In addition, we're working closely with Oracle to develop data management protocols that Oracle will audit and manage to give users even more peace of mind.

We're also making operational changes in line with this work – including the new department we recently established, with US-based leadership, to solely manage US user data for TikTok. Together, these changes will enforce additional employee protections, provide more safeguards, and further minimize data transfer outside of the US. This is an important direction from a systems and data security standpoint, and part of our focus on preserving an interconnected experience for our global community while building a security-first culture.

These are critical steps, but there is more we can do. We know we are among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data. We're dedicated to earning and maintaining the trust of our community and will continue to work every day to protect our platform and provide a safe, welcoming, and enjoyable experience for our community.