TikTok states that personal information users include in their content or submissions may include legally sensitive categories such as health information, sexual orientation, immigration status, and financial data, and that TikTok processes this information under applicable state privacy law standards.
This analysis describes what TikTok's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause operationalizes TikTok's processing framework for sensitive personal information under state privacy regimes, establishing that such processing occurs pursuant to legal authorization rather than independent corporate discretion, while clarifying the categories of information subject to heightened privacy protections under these statutes.
Interpretive note: The specific processing limitations and user controls for sensitive personal information categories are not detailed in this policy, with health data addressed in a separate document, creating potential gaps that depend on the adequacy of that separate policy.
If a user's content includes information about their health, religion, immigration status, or sexual orientation, the policy states TikTok processes that information under applicable state law standards; users should consider their privacy settings before posting content containing these categories.
How other platforms handle this
Depending on where you live, you may have certain rights regarding your personal information. These rights may include the right to know what personal information we have collected about you, the right to delete your personal information, the right to correct inaccurate personal information, the rig...
Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without parental consent. California residents between 13 and 15 years of age may opt in to the sale or sharing of their personal information, but we will not se...
If you are a California resident, you may have additional privacy rights under the California Consumer Privacy Act (CCPA). These rights include the right to know about the personal information collected about you and the purposes for which it is used and shared, the right to delete personal informat...
Monitoring
TikTok has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Information You Provide may include sensitive personal information, as defined under applicable state privacy laws. We process such information in accordance with applicable law, such as to provide the Services and other permitted purposes under state privacy laws, like the California Consumer Privacy Act ("CCPA"). You may choose whether or not you include sensitive personal information in your user content or in other information you voluntarily submit. The type of information that state privacy laws, such as the CCPA, have identified as sensitive personal information include the following: racial or ethnic origin, national origin, religious beliefs, mental or physical health diagnosis, sexual life or sexual orientation, status as transgender or nonbinary, citizenship or immigration status, or financial information.— Excerpt from TikTok's TikTok Privacy Policy
1) REGULATORY LANDSCAPE: CCPA and CPRA establish specific rules for the processing of sensitive personal information, including a right to limit use of sensitive personal information to necessary purposes. Similar heightened protections exist under Colorado, Connecticut, Virginia, and other state comprehensive privacy laws. Washington's My Health My Data Act imposes specific obligations for consumer health data, addressed separately in TikTok's Consumer Health Data Privacy Policy referenced in the document. The CCPA's definition of sensitive personal information is explicitly cited in the policy. 2) GOVERNANCE EXPOSURE: Medium. The policy discloses that sensitive personal information may be present in user content and states it is processed in accordance with applicable law, but the specific processing limitations, consent mechanisms, and user controls for sensitive data categories are not detailed in this policy, with health data addressed in a separate policy document. 3) JURISDICTION FLAGS: California CPRA's right to limit sensitive personal information processing applies to all California users. Washington's My Health My Data Act imposes broad obligations for health-related data that extend beyond HIPAA's scope. Illinois, Texas, and other states with specific sensitive data categories may impose additional obligations. 4) CONTRACT AND VENDOR IMPLICATIONS: Advertisers and analytics partners receiving data from TikTok should assess whether any sensitive personal information categories could be present in the data they receive and whether their use of that data satisfies applicable state law requirements. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether TikTok's privacy controls and settings provide users with a meaningful ability to exercise CPRA's right to limit sensitive personal information processing, and whether the separation of health data into a distinct Consumer Health Data Privacy Policy creates any gaps in the overall sensitive data compliance framework.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause operationalizes TikTok's processing framework for sensitive personal information under state privacy regimes, establishing that such processing occurs pursuant to legal authorization rather than independent corporate discretion, while clarifying the categories of information subject to heightened privacy protections under these statutes.
If a user's content includes information about their health, religion, immigration status, or sexual orientation, the policy states TikTok processes that information under applicable state law standards; users should consider their privacy settings before posting content containing these categories.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by TikTok.