What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR (lawful basis requirements, data subject rights, restrictions on biometric data processing under Article 9, cross-border transfer mechanisms), CCPA/CPRA (right to know, delete, opt out of sale/sharing of personal information, sensitive personal information restrictions), COPPA (age verification and minor user data restrictions), Singapore PDPA (as the entity is incorporated there), and potentially the EU AI Act (given explicit use o…

How does TikTok Ads's TikTok Privacy Policy affect users?

TikTok's policy authorizes collection of a wide range of personal data including biometric-adjacent information (face and body features from video content), keystroke patterns, precise location (with permission), clipboard content, and phone contacts, combined with off-platform behavioral data provided by advertiser partners to build cross-context advertising profiles. This data is used to serve personalized advertising both on and off the TikTok platform, to train machine learning models, and …

How often is TikTok Ads's TikTok Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when TikTok Ads updates this document?

Yes. Watcher subscribers ($9.99/month) can add TikTok Ads to their watchlist and receive same-day email alerts whenever this document or any other TikTok Ads document changes.

CA-D-000673

TikTok Privacy Policy

TikTok Ads

Last change detected May 5, 2026 Privacy policy

SHA-256: 4ea25d87dda793e626e… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at TikTok Ads ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

4 High severity

5 Medium severity

1 Low severity

Summary

This is TikTok's global privacy policy, explaining what personal data TikTok collects from users of its app and website and how that data is used, shared, and protected. The most important thing to know is that TikTok collects a broad range of data including your location, the faces and body features in your videos, your device's keystroke patterns, your contacts, and your off-platform shopping and browsing behavior supplied by advertisers, and uses all of this to build a profile of you for personalized advertising both on and off TikTok. You can review and adjust some data and ad preferences through TikTok's Privacy Settings in the app, and in some regions you have rights to access, delete, or port your personal data by submitting a request through TikTok's privacy request portal.

Technical / Legal Breakdown

This document is TikTok's global Privacy Policy (last updated July 8, 2025), governing data collection, processing, and sharing practices for TikTok apps, websites, and related services operated by TikTok Pte. Ltd. (Singapore), and applies to all users of the Platform outside jurisdictions with separate dedicated policies. The policy states that TikTok collects an extensive range of personal data including account credentials, user-generated content and associated metadata, messages and message metadata, precise and approximate location, device identifiers (including keystroke patterns and audio settings), face and body feature data extracted from videos and images, clipboard content, phone and social network contacts, and off-platform behavioral data supplied by advertisers and business partners; the terms authorize use of this data for purposes including personalized advertising on and off the Platform, training machine learning models and algorithms, inferred profiling of age, gender, and interests, and sharing with corporate affiliates, advertisers, measurement partners, and independent researchers. The policy's scope of biometric-adjacent data collection (face and body feature identification from user content) and the explicit authorization to use user content in advertising and marketing campaigns, combined with broad off-platform data ingestion from advertiser partners, are operationally notable; the agreement asserts these rights on a global basis, though applicable law in specific jurisdictions (including GDPR in the EU/EEA, UK GDPR, CCPA/CPRA in California, and PDPA in Singapore) may constrain the legal bases, consent requirements, and data subject rights that govern these practices in practice. The policy engages GDPR, UK GDPR, CCPA/CPRA, COPPA (given minor-user considerations), Singapore PDPA, and potentially the EU AI Act given AI/ML training uses; material compliance considerations include the adequacy of consent mechanisms for biometric-adjacent processing, the legal basis for cross-context behavioral advertising, and the robustness of data subject rights mechanisms across jurisdictions.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 5, 2026

high

What changed TikTok Ads updated its privacy policy on May 5, 2026, replacing the U.S.-specific version with language addressing 'other regions.' The controlled entity shifted from TikTok USDS Joint Venture LLC to TikTok Pte. Ltd., a Singapore-registered company. The document removed references to Washington state health data law compliance and restructured how information collection categories are presented, adding explicit language about user-generated content processing and associated metadata.

Why this matters The updated policy states that TikTok Pte. Ltd., a Singapore-registered entity, now provides and controls the Platform, replacing the previous U.S.-based operator. The policy removes its prior explicit reference to compliance with Washington's My Health My Data Act and similar state health data laws, without stating what replaces that compliance framework. This shift in controlling entity and removal of specific health data law compliance language may affect what consumer protections apply depending on user jurisdiction. The policy now applies to 'other regions' rather than specifically to U.S. users, creating ambiguity about which jurisdiction's consumer protections govern.

View full change record →

High — 4 provisions

Face and Body Feature Data Collection Compare →

TikTok analyzes the videos and images you upload to identify faces, body features, and other attributes, and uses this information for purposes including personalizing ads and classifying your demographic profile.

Added May 10, 2026 Standard Seen across 251 platforms
Off-Platform Behavioral Data Ingestion for Ad Targeting Compare →

Advertisers and data partners send TikTok information about your activity on other websites, apps, and in physical stores, including what you buy, and TikTok uses this to match you to your account and target you with personalized ads on and off TikTok.

Added May 10, 2026 Standard Seen across 189 platforms
Keystroke Pattern and Device Sensor Data Collection Compare →

TikTok collects information about how you type on your device, including the rhythm and patterns of your keystrokes, as well as detailed device and sensor information.

Added May 10, 2026 Standard Seen across 251 platforms
Data Sharing with Corporate Group Affiliates Compare →

TikTok may share your personal data with other companies within its corporate group, including affiliated entities and subsidiaries, for a range of stated operational purposes.

Added May 10, 2026 Standard Seen across 246 platforms

Medium — 5 provisions

Machine Learning and Algorithm Training Using Personal Data Compare →

TikTok uses your personal data, including your content, behavior, and profile information, to train its AI and machine learning systems.

Added May 10, 2026 Common Seen across 104 platforms
User Content Used in TikTok Advertising Campaigns Compare →

TikTok reserves the right to use videos, photos, and other content you post on the platform in its own advertising and marketing campaigns.

Added May 10, 2026 Standard Seen across 189 platforms
Phone and Social Network Contact Syncing

If you allow TikTok to access your phone contacts or social network contacts, TikTok collects names, phone numbers, and email addresses of your contacts and matches them against TikTok's user database.

Added May 10, 2026 Rare
Inferred Profiling of Age, Gender, and Interests

TikTok uses your behavior and content on the platform to infer personal attributes about you, including your estimated age range, gender, and interests, even if you have not provided this information directly.

Added May 10, 2026 Rare
Message Content Collection and Metadata Processing Compare →

TikTok collects the actual content of messages you send and receive through its messaging feature, as well as metadata about those messages including timing, read receipts, and who the participants are.

Added May 10, 2026 Standard Seen across 189 platforms

Low — 1 provision

Clipboard Content Access Compare →

TikTok can access the content of your device's clipboard (copied text, images, or videos) when you use certain features, such as pasting or sharing content.

Added May 8, 2026 Standard Seen across 251 platforms

Monitoring

TikTok Ads has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Behavioral Advertising and Third-Party Data Sharing and similar clauses.

Compare across platforms →