Is TikTok Safe?

An independent privacy and security review of tiktok.com. All claims sourced from official privacy policies, regulatory actions, and credible research.

TL;DR

TikTok collects unusually extensive data including keystroke patterns, clipboard contents, biometric identifiers (faceprints and voiceprints), device hardware serial numbers, and browsing activity within its in-app browser. TikTok's privacy policy explicitly states it collects 'keystroke patterns or rhythms' and clipboard content. The app is owned by ByteDance, headquartered in Beijing, and despite claims that US user data is stored domestically, a 2022 BuzzFeed News investigation revealed that engineers in China repeatedly accessed US user data.

tiktok.com
🔴 Very High Risk
Last verified: 2026-02-16 · How we calculate risk

📊 What TikTok Collects About You

Based on TikTok's privacy policy (2025 (TikTok Privacy Policy)):

Account & Profile
Name, age, username, password, email, phone number, profile image, and date of birth
Source: TikTok Privacy Policy
Biometric Data
Faceprints and voiceprints from user content. TikTok's US privacy policy explicitly states it collects 'biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints'
Source: TikTok Privacy Policy (direct quote)
Keystroke & Clipboard
TikTok's policy states it collects 'keystroke patterns or rhythms' and clipboard content. In 2020, Apple's iOS 14 revealed TikTok was accessing clipboard contents with every keystroke — TikTok said it would stop after being caught
Source: TikTok Privacy Policy; Private Internet Access research, 2020
Device & Technical
IP address, user agent, mobile carrier, timezone, device model, OS, screen resolution, battery state, audio settings, connected audio devices, hardware serial numbers, app and file names on device
Source: TikTok Privacy Policy
Behavioral
Videos watched and duration, interactions (likes, comments, shares), search and browsing history within the app, in-app browser activity on external websites
Source: TikTok Privacy Policy
AI Interactions
Prompts, questions, files, and other information submitted to TikTok's AI-powered features, as well as generated responses
Source: TikTok Privacy Policy
Content Analysis
Automatic analysis of uploaded videos for objects, scenery, face detection, text of spoken words, and content characteristics
Source: TikTok Privacy Policy

🔍 Tracking & Third-Party Data Sharing

TikTok's data collection is among the most extensive of any social media platform. The TikTok Pixel (similar to Meta Pixel) tracks user behavior on third-party websites. The app's in-app browser monitors browsing activity on external sites. Security researchers have flagged TikTok for collecting data that goes well beyond what's necessary for app functionality.

  • TikTok collects 'keystroke patterns or rhythms' per its own privacy policy — unusual even among social media companies
  • In 2020, iOS 14 revealed TikTok was reading clipboard contents with every keystroke, potentially capturing passwords
  • Internet 2.0, a cybersecurity firm, found TikTok's Android app embedded URLs and harvested hardware serial numbers
  • TikTok assigns device IDs and user IDs and may use this to 'identify your activity across devices' per its privacy policy
  • Pre-upload scanning: TikTok collects content 'through pre-uploading at the time of creation, import, or upload, regardless of whether you choose to save or publish' that content

🔓 Breach History

TikTok has not had a major confirmed data breach in the traditional sense. However, the key concern is ongoing access to user data by employees in China, despite claims that US data is stored domestically.

2022
BuzzFeed News investigation with leaked audio from internal meetings revealed that engineers in China repeatedly accessed US user data. Employees admitted 'everything is seen in China,' contradicting TikTok's public statements
Source: BuzzFeed News, June 2022
2023
TikTok fined €345 million by Irish DPC for violating children's privacy under GDPR, including making children's accounts public by default
Source: Irish DPC, Sept 2023

⚖️ Regulatory Actions & Fines

2023
Irish DPC fined TikTok €345 million for violations of children's data privacy under GDPR
Source: Irish DPC
2024
US Congress passed a law requiring ByteDance to divest TikTok or face a ban. The deadline has been extended multiple times (to April 2025, then June 2025)
Source: Protecting Americans from Foreign Adversary Controlled Applications Act
2020
India permanently banned TikTok along with 58 other Chinese apps citing national security concerns
Source: Indian Ministry of Electronics and IT
2023
TikTok banned from government devices in the US, EU, UK, Canada, Australia, and other countries
Source: Multiple government directives

⚠️ Key Privacy Risks Specific to TikTok

TikTok is one of the only major social media platforms that explicitly collects keystroke patterns — this data could theoretically capture typing behavior that reveals sensitive information
ByteDance is headquartered in Beijing and subject to Chinese national security laws that can compel data sharing with the government
The pre-upload scanning policy means TikTok analyzes content you create even if you decide not to post it
Multiple governments have banned TikTok from government devices, and the US has pursued legislation requiring divestiture from ByteDance — a level of regulatory concern unique among social media platforms

🛠️ Privacy Controls Available

TikTok offers some privacy controls, but the scope of data collection is difficult to meaningfully limit without stopping use of the app entirely.

  • Private account setting: Limits who can view your content
  • Download your data: Available through settings
  • Location access: Can be disabled (TikTok can still determine approximate location from IP)
  • Ad personalization: Can be partially disabled
  • Accounts for users under 18 are private by default with restricted DMs
  • No meaningful way to opt out of keystroke pattern collection or content pre-scanning

🛡️ How to Protect Your Privacy on TikTok

1. Use a VPN — Hides your IP address and encrypts your connection, preventing TikTok from linking your activity to your real location and ISP.

2. Use a privacy browser — Firefox with strict tracking protection or Brave blocks many third-party trackers. Consider browser extensions like Privacy Badger (EFF) or uBlock Origin.

3. Check your browser fingerprint — See how uniquely identifiable you are with our Browser Fingerprint Test.

4. Check for breaches — See if your accounts have been compromised with our Email Breach Checker.

5. Review your settings — Tighten TikTok's privacy settings and disable data collection where possible.

Frequently Asked Questions

Is TikTok safe to use in 2026?

TikTok is a legitimate service used by millions, but its data collection practices raise privacy concerns. Our analysis rates its privacy risk as "very high" based on data collection scope, tracking practices, breach history, and regulatory actions. Whether it's "safe" depends on your personal comfort with data exposure.

Does TikTok sell my data?

Most major services claim they don't "sell" data in the traditional sense. However, they may share data with advertising partners, use it for targeted advertising, or monetize it through data-driven ad platforms. The functional result for users is often similar whether data is technically "sold" or used for ad targeting.

How do I delete my TikTok data?

Most services offer a data download and deletion option in their account settings, typically under "Privacy" or "Your Data." Under GDPR (EU), you have the legal right to request full data deletion. In the US, some states (California, Virginia, Colorado, and others) offer similar rights. Check TikTok's privacy settings for data download and account deletion options.

When was this review last updated?

This review was last verified on 2026-02-16. We check the privacy policy at https://www.tiktok.com/legal/page/us/privacy-policy/en and update our review when significant changes occur. See our methodology page for details on our review process.

📎 Sources

  1. TikTok Privacy Policy (effective 2025 (TikTok Privacy Policy))
  2. TikTok US Privacy Policy
  3. Private Internet Access — TikTok clipboard copying research
  4. NordVPN — 'Does TikTok Spy on You?' analysis (2025)
  5. Irish DPC fined TikTok €345 million for violations of children's data privacy under GDPR — Irish DPC (2023)
  6. US Congress passed a law requiring ByteDance to divest TikTok or face a ban. The deadline has been extended multiple times (to April 2025, then June 2025) — Protecting Americans from Foreign Adversary Controlled Applications Act (2024)
  7. India permanently banned TikTok along with 58 other Chinese apps citing national security concerns — Indian Ministry of Electronics and IT (2020)
  8. TikTok banned from government devices in the US, EU, UK, Canada, Australia, and other countries — Multiple government directives (2023)
Read our full review methodology →

Test Your Privacy

Browser Fingerprint Test

See how trackable you are across the web.

Email Breach Checker

Check if your accounts were compromised.

DNS Leak Tester

Is your VPN actually working?

HTTP Header Analyzer

See what your browser reveals about you.