In our last post, we introduced TikTokTruths and explored the facts about some of the most common misperceptions about how TikTok handles data related to things like location and GPS, keystrokes, and biometric information. In this next post in the series, we're updating the name of the series to TikTok Facts, and examining how we keep people's personal information secure as well as our approach to data storage.
We are committed to safeguarding our community and have a global workforce dedicated to ensuring the reliability, safety, and security of our platform. That includes a range of controls, authorization approval protocols, and localized storage mechanisms to restrict access to TikTok personal information. We store user data described in the What Information We Collect section in servers located in the United States, Singapore, and Malaysia. TikTok user data is protected by strong physical and logical security controls, including gated entry points, firewalls, and intrusion detection technologies.
How TikTok controls and limits access to data
We aim to minimize the number of people with access to data, limiting it to those employees who require access to perform their job. Access to user data is subject to a series of robust controls, including encryption for specific data, based on our internal data classification system. Additionally, policies and procedures restrict internal access to user data by our employees, regardless of their location, based on necessity.
This means that when a TikTok employee needs to access user data to perform a role-specific function (like debugging, troubleshooting, or performance monitoring), they are subject to comprehensive security controls and authorization protocols.
U.S. User Data
Access to U.S. user data is managed by a carefully selected and approved team called TikTok U.S. Data Security (USDS). Additional safeguards, including an independent board to which USDS leaders and employees will report, create an oversight structure designed to prevent unauthorized access to U.S. user data or systems. Visit our USDS site to learn more about how we're protecting U.S. user data.
Our Approach to Data Storage
As a global platform, we take a local approach to compliance, working with stakeholders to ensure we understand local concerns and meet our regulatory commitments. We remain committed to building on our efforts to be trusted and reliable partners through transparency and engagement in all of the markets where we operate, because security is a critical part of maintaining the integrity and safety of our platform.
Data Storage for U.S. Users
As of July 2022, all new U.S. user data is stored automatically in Oracle's U.S. Cloud infrastructure, and access is managed exclusively by the TikTok US Data Security team. USDS is dedicated to making every U.S. user on TikTok feel safe and confident their data is secure and that the platform is free from outside influence. To help ensure that there is no unauthorized access to our systems, such as no "backdoors" or data leakage, Oracle and a third-party source code inspector will work to ensure that everything is performing as intended.
Data Storage for U.K. and European Economic Area (EEA) users
We recently introduced an initiative called Project Clover to create a similar secure enclave for European TikTok user data, further aligning our overall approach to data governance with the principle of European data sovereignty. While European TikTok user data has historically been stored in the U.S., Malaysia, and Singapore, we will begin migrating it to three data center operations in Dublin and Norway this year, continuing into 2024. Like the USDS model, a third-party European security company will monitor and audit our data controls and protections, observe data flows, provide independent verification, and report any incidents.
We regularly share updates and resources with our community to reflect the current truths about security and privacy at TikTok. Explore more at the links below:
- TikTok U.S. Data Security Hub: Learn more about what we've been building to protect U.S. user data and ensure the content you see in the U.S. version of the app is free from outside manipulation.
- @TikTokTips: Check out our library of creativity as we encourage our community to #BeCyberSmart.