Is TikTok Bad for Data Privacy?

TikTok collects large amounts of user data — including IP addresses, keystroke patterns, and even biometric faceprint data. It's a given that the platform tracks your location, your interactions, and your personal information. 

None of this is good from a data privacy perspective, but research shows that TikTok’s data collection practices are similar to those of other social media platforms — leaving average users to wonder: Is TikTok bad? Read on as we dissect TikTok’s data collection practices to find out whether TikTok is safe to use from a data privacy perspective, plus steps you can take, like using one of the best virtual private networks (VPNs), to protect your data on any social media platform.

What data does TikTok collect?

In its privacy policy, TikTok makes it quite easy to review the data it collects. The data is organized into three categories: information provided by the user, information gathered from other sources, and information that is automatically collected. Below, we will review some of the most notable data that TikTok openly collects.

Information provided by the user includes:

• Account credentials and profile details, such as username, password, age, name, email, phone number, and profile image
• Credit card numbers and third-party payment information
• Content generated by the user, such as uploaded videos and photos, comments, audio recordings, and hashtags
• The contents and history of sent and received messages, which include correspondences with other users and vendors, as well as chat history with the virtual assistant
• With permission, any videos, text, and images saved in a device’s clipboard
• With permission, social network and phone contacts

Information collected automatically includes:

• Cookies that give TikTok insight into how users interact with content
• Metadata, which is data used to describe other data, such as when a piece of user-generated content was created, how it was created, who created it, and where it was created
• IP addresses and geolocation-related data. Tagging restaurants or tourist attractions also provides TikTok with user location data; however, it claims that current versions of TikTok will not collect “precise” GPS data from users in the U.S.
• Information about the device that uses TikTok, such as time zone settings, screen resolution, device model and system, and audio settings
• Keystroke patterns
• Biometric identifiers like faceprints and voiceprints.

Information from other sources includes:

• Public profile information and browsing activities from third-party services, such as Meta, X, Instagram, and Google
• Cookie identifiers, hashed email addresses, and browsing activities from other websites, apps, stores, and other corporate entities that are affiliated with TikTok
• When and where a user is mentioned in user content, messages, complaints, and feedback

TikTok’s privacy policy also explicitly states, “We may collect information about you from other publicly available sources.”

While the above is not the full list of user data that TikTok collects, it still represents a large amount of information. In 2021, privacy researcher Pallaeon Lin from the University of Toronto's Citizen Lab conducted research on TikTok and concluded that its data collection isn’t significantly worse than that of other social platforms, such as Meta or tech corporations like Google.

Lin added that these tests found TikTok to be free of explicit vulnerabilities and malware-like behavior — at least at the time of testing — but Lin was unable to see what happened to user data once it was collected.

What does TikTok do with my data?

Since privacy researchers are unable to see what happens to user data once it is collected, we must rely solely on TikTok’s statements. In its privacy policy document, TikTok states that user data is used to support the improvement and continued development of the app, to provide customized ad experiences, to promote safety, to prevent fraud, and for other purposes.

TikTok continues to outline that it shares collected user data with business partners and service providers for mostly benign purposes, such as payment processing, transaction fulfillment, database management, data processing, and analytics. Among the groups of service providers and business partners are:

• Customer and technical support providers
• Researchers
• Advertising, marketing, and analytics vendors
• Payment processors and transaction fulfillment providers

Amid the security controversies in the U.S., TikTok has implemented a security proposal called “Project Texas” to instill more confidence that TikTok operates without influence from the Chinese government. This proposal implements stricter protections for U.S. user data, migrates U.S. user data to databases located on American soil, and grants access to the protected data only to a U.S.-based TikTok subsidiary called USDS.

TikTok notes, however, that in some limited cases, non-USDS employees may gain access to protected data for legal or compliance purposes, but this access must first be authorized by USDS.

Whether this move will shift U.S. officials’ perspectives remains to be seen, but it is also intended to provide peace of mind to average U.S. TikTok users.

How to protect your data on TikTok

Unfortunately, TikTok isn’t the only entity seeking access to your personal data. Since TikTok is such a widely used app, it presents a ripe opportunity for bad actors. To keep your data safe, consider adjusting your privacy settings. For additional protection, consider taking the following actions.

1. Make your TikTok account private

Set your account to private so only people connected to you will be able to access your content. This setting is also important in making TikTok safe for kids and minors, as all accounts are set to public by default.

1. Open your profile page.
2. Select the menu button located in the top-right corner of the app and choose Privacy and settings.
3. Under the Privacy and safety option, toggle Private account to on.

2. Limit who sends you direct messages

Messages from unknown users can contain phishing attempts, such as malicious links or TikTok scams, that could compromise your data. This is why we recommend that only friends can send you direct messages.

1. Navigate to Privacy and safety and select Who can send messages to me.
2. Choose the option that works best for you: Everyone, Friends, or Off.

3. Limit who comments on your posts

Malicious actors can hide viruses in links, even in comments, which is why we recommend allowing only friends to comment on your posts.

1. Under Privacy and safety, select Who can send me comments.
2. Selecting Friends will allow only people you know to comment on your posts.
3. You can also disable comments completely on specific posts by selecting 'Comments off' in the menu button of the post.

4. Control how your account is suggested to others/searched for

Changing this setting can reduce the number of fake or malicious accounts that will try to add you in order to send you scams and malware.

1. Within Privacy and settings, select Suggest your account to others.
2. Turn off the toggle Suggest your account to others.
3. With this setting turned off, your account will not come up in search engine results and will not be suggested to users with whom you are not already connected.

5. Use two-factor authentication

Two-factor authentication (2FA) can prevent someone from logging into your account on a different device even if they have your password information.

1. Select Profile.
2. Select the menu button located in the top-right corner of the app.
3. Select Security and login > 2-step verification.
4. Select your preferred verification method (SMS, email, or password).
5. Select Turn on. Enter your password and any additional credentials necessary. The app will guide you through the rest of the process.

6. Keep TikTok updated and use antivirus

When new forms of malware are discovered, companies like TikTok update their apps to protect against these viruses. Be sure to always keep TikTok up to date with the most recent patch to take advantage of these protections. Since companies can’t always catch every new virus before it spreads, you should consider installing some form of antivirus on the device on which you use TikTok.

7. Use a virtual private network (VPN)

VPNs are powerful services that hide your real IP address and encrypt your internet traffic in order to keep your identity, location, and data private. Since VPNs allow you to choose IP addresses around the world, the TikTok app won’t be able to use your real IP address to geolocate you.

However, geo-spoofing can cause some problems, depending on where the VPN routes your IP address to. For instance, if you route your IP address to a location where TikTok is banned, the app may not work. Conversely, if you reside in a region where TikTok is banned, you can choose an IP address in an area where TikTok is allowed to use the app. We cover step-by-step instructions for how to use TikTok with a VPN.

Best VPNs for TikTok

The best VPNs for TikTok will enhance your online safety and keep your data out of TikTok’s hands. In addition to a strict no-logs policy and strong encryption protocols, a TikTok VPN should offer obfuscated servers to conceal your VPN use, a larger server network, and security extras such as ad blockers for malware protection. 

#1 Rated VPN for Privacy and Security

5.0

AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

Editorial Rating

Learn More

On NordVPN's website

2025 Editor’s Choice

Best Overall VPN

VPN

NordVPN

Save up to 76% off

• #1 rated VPN with over 7,000 ultra-secure, high-speed servers in 118 countries
• Reliably unblock popular streaming services like Netflix with a single click
• All-in-one security product with antivirus, ad blocker, password manager, and more

Includes GPS Spoofing for Android

4.8

AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

Editorial Rating

Learn More

On Surfshark's website

2025 Editor’s Choice

Best Value VPN

VPN

Surfshark

Save up to 86% + 3 extra months

• Unlimited simultaneous connections for all your devices (Rare perk)
• Block YouTube ads and malware when connected
• 3,200+ servers worldwide that are fast and reliable

FAQs

Bottom line: Is TikTok safe?

In a world where every app, website, and corporate entity is vying for your personal data, “safe” is a relative term. It is publicly known that TikTok collects vast amounts of data from its user base and shares that data with numerous third parties. However, its practices are not significantly different from those of other social media apps.

If you have high-level privacy concerns, TikTok may not be a safe option for you. Otherwise, to stay safe on social media platforms like TikTok, be sure to adjust your privacy settings, install antivirus software, and use a VPN.

#1 Rated VPN for Privacy and Security

5.0

AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

Editorial Rating

Learn More

On NordVPN's website

2025 Editor’s Choice

Best Overall VPN

VPN

NordVPN

Save up to 76% off

• #1 rated VPN with over 7,000 ultra-secure, high-speed servers in 118 countries
• Reliably unblock popular streaming services like Netflix with a single click
• All-in-one security product with antivirus, ad blocker, password manager, and more

Author Details

Juliana Kenny

About the Author

Juliana Kenny is a seasoned writer with over 14 years of experience writing for cybersecurity topics. Holding a B.A. in both English and French, her work explores the convergence of security and technology. She specializes in endpoint security, cloud security, and networking technologies like secure access service edge (SASE).