TikTok Privacy Policy Review 2026 — What They Actually Do With Your Data
TikTok has over 1.5 billion monthly active users worldwide, yet the overwhelming majority have never read its privacy policy. At roughly 5,000 words of dense legal text, that's understandable. So we ran the full document through Nudam's 6-criteria weighted scoring system to see how it actually stacks up.
The result: Grade D — 3.2 out of 10. Here's why.
The score breakdown
Data Collection scored 2 out of 10 (weight 20%). Third-Party Sharing scored 2 out of 10 (weight 25%). User Rights scored 5 out of 10 (weight 20%). Data Retention scored 3 out of 10 (weight 15%). Security scored 5 out of 10 (weight 10%). Clarity & Transparency scored 4 out of 10 (weight 10%).
Applying the weighted formula: (2×0.20) + (2×0.25) + (5×0.20) + (3×0.15) + (5×0.10) + (4×0.10) = 3.25, rounded to 3.2 — Grade D (Poor).
1. Biometric data collection without clear consent
TikTok's policy states it may collect "faceprints and voiceprints" from videos you upload. This information is buried deep in a section about "automatically collected information" rather than being presented as a distinct consent request.
In most jurisdictions, biometric data is classified as sensitive personal data requiring explicit opt-in consent — not a blanket clause hidden on page 12 of a privacy policy. The Illinois Biometric Information Privacy Act (BIPA), for instance, has led to multi-million dollar settlements against companies doing exactly this.
2. Data shared with undefined "business partners"
The policy authorizes sharing your data with "business partners, third-party platforms, and service providers." This catch-all language makes it impossible for users to know who actually receives their data. No partners are named. No data processing agreements are referenced. No exhaustive list is provided anywhere.
Compare this to companies like Apple, which publishes named lists of third-party analytics providers. TikTok's approach gives it maximum flexibility at the cost of user transparency.
3. Cross-device tracking enabled by default
TikTok links your activity across every device where you access the platform. Your phone usage, tablet browsing, and desktop activity are merged into a unified behavioral profile. This profile is used for content recommendation and advertising.
Critically, the policy describes no opt-out mechanism for cross-device tracking. It is presented as an inherent feature of the service, not as a choice users can control.
4. Data retained "as long as necessary"
When it comes to how long your data is stored, TikTok falls back to the vaguest possible language: data is kept "as long as necessary to provide the service and for the other purposes set out in this policy."
There are no per-category retention schedules. No automatic deletion timelines. No distinction between active account data and behavioral logs. Under GDPR Article 5(1)(e), controllers must specify concrete retention periods — "as long as necessary" is increasingly considered non-compliant by European data protection authorities.
5. AI training on user content with no opt-out
TikTok explicitly states it may use your content — videos, comments, messages — to "develop, train, and improve" its technology, including AI and machine learning models. While other platforms like Meta have introduced (complicated) opt-out mechanisms for AI training, TikTok's policy makes no mention of any such option.
This means every video you upload, every comment you write, and every message you send may become training data for TikTok's algorithms — permanently.
What this means for you
If you use TikTok, the platform has extensive access to your behavioral data, biometric information, and user-generated content — with broad contractual rights to share and repurpose it. The policy technically complies with minimum legal requirements in most jurisdictions, but consistently chooses the least privacy-friendly interpretation available.
Want to see TikTok's live score with all findings? Check TikTok's current score on Nudam at nudam.app/scores/tiktok.com.
Scores are generated by Nudam's AI analysis and reflect the written privacy policy, not company behavior. Learn more about our methodology at nudam.app/methodology.