TikTok states that personal information users include in their content or submissions may include legally sensitive categories such as health information, sexual orientation, immigration status, and financial data, and that TikTok processes this information under applicable state privacy law standards.
This analysis describes what TikTok's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Sensitive personal information categories under CCPA and analogous state laws carry heightened processing restrictions and consumer rights; the policy places responsibility on users for whether they include such information in user content, while disclosing that TikTok may process it.
Interpretive note: The specific processing limitations and user controls for sensitive personal information categories are not detailed in this policy, with health data addressed in a separate document, creating potential gaps that depend on the adequacy of that separate policy.
If a user's content includes information about their health, religion, immigration status, or sexual orientation, the policy states TikTok processes that information under applicable state law standards; users should consider their privacy settings before posting content containing these categories.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
enableGpcSdk: true, gpcSetting: { privacyPolicyLink: '/Privacy-Security-Policy-a-282.html' }
Monitoring
TikTok has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Information You Provide may include sensitive personal information, as defined under applicable state privacy laws. We process such information in accordance with applicable law, such as to provide the Services and other permitted purposes under state privacy laws, like the California Consumer Privacy Act ("CCPA"). You may choose whether or not you include sensitive personal information in your user content or in other information you voluntarily submit. The type of information that state privacy laws, such as the CCPA, have identified as sensitive personal information include the following: racial or ethnic origin, national origin, religious beliefs, mental or physical health diagnosis, sexual life or sexual orientation, status as transgender or nonbinary, citizenship or immigration status, or financial information.— Excerpt from TikTok's TikTok Privacy Policy
1) REGULATORY LANDSCAPE: CCPA and CPRA establish specific rules for the processing of sensitive personal information, including a right to limit use of sensitive personal information to necessary purposes. Similar heightened protections exist under Colorado, Connecticut, Virginia, and other state comprehensive privacy laws. Washington's My Health My Data Act imposes specific obligations for consumer health data, addressed separately in TikTok's Consumer Health Data Privacy Policy referenced in the document. The CCPA's definition of sensitive personal information is explicitly cited in the policy. 2) GOVERNANCE EXPOSURE: Medium. The policy discloses that sensitive personal information may be present in user content and states it is processed in accordance with applicable law, but the specific processing limitations, consent mechanisms, and user controls for sensitive data categories are not detailed in this policy, with health data addressed in a separate policy document. 3) JURISDICTION FLAGS: California CPRA's right to limit sensitive personal information processing applies to all California users. Washington's My Health My Data Act imposes broad obligations for health-related data that extend beyond HIPAA's scope. Illinois, Texas, and other states with specific sensitive data categories may impose additional obligations. 4) CONTRACT AND VENDOR IMPLICATIONS: Advertisers and analytics partners receiving data from TikTok should assess whether any sensitive personal information categories could be present in the data they receive and whether their use of that data satisfies applicable state law requirements. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether TikTok's privacy controls and settings provide users with a meaningful ability to exercise CPRA's right to limit sensitive personal information processing, and whether the separation of health data into a distinct Consumer Health Data Privacy Policy creates any gaps in the overall sensitive data compliance framework.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Sensitive personal information categories under CCPA and analogous state laws carry heightened processing restrictions and consumer rights; the policy places responsibility on users for whether they include such information in user content, while disclosing that TikTok may process it.
If a user's content includes information about their health, religion, immigration status, or sexual orientation, the policy states TikTok processes that information under applicable state law standards; users should consider their privacy settings before posting content containing these categories.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by TikTok.