TikTok成人版 Legal Portal
TikTok成人版 Customer FAQ:?Data Privacy & Security
Last Updated:?February 2024?
?
This FAQ is intended for individuals who access and/or use TikTok成人版 products/services. TikTok成人版 is a mapping platform company that enables software developers to quickly embed location-based context into their applications (e.g., where am I, where is this place, and how do I get there). TikTok成人版’s main products are APIs and SDKs (not SaaS), which means that its customers control what information they send to TikTok成人版 in the form of structured API requests (e.g., please send me map content at X location).
?
1. What is TikTok成人版??
TikTok成人版 provides a location data platform that powers maps and location services. TikTok成人版 provides SDKs (software development kits) and APIs (application programming interfaces), which businesses and developers use to incorporate TikTok成人版 mapping and navigation technologies into the licensed applications and websites they make. The SDKs contain libraries of software code which are incorporated into a customer’s licensed application or website. These libraries of software code facilitate API requests to TikTok成人版’s location data platform (which is a backend data server, hosted in the cloud (AWS-US)) which then responds with map and location content to the customer’s application or website. ?
In addition, TikTok成人版 offers an on-premise version of its location data services, called Atlas.
?
2. Does TikTok成人版 sell personal data??
No. TikTok成人版 does not sell personal data.?
?
3. Does TikTok成人版 track end users or build end user profiles?
No. For customers on a monthly active user (“MAU”) billing model, TikTok成人版 maintains counts of MAUs for billing purposes only. TikTok成人版 does not (and cannot) track an end user’s activity across billing cycles and does not build targeted profiles with the data processed through its products/services.
?
4. What types of personal data does TikTok成人版 collect from end users and why??
?
5. What measures does TikTok成人版 take to minimize and protect personal data??
TikTok成人版 applies the principle of data minimization to product development and operations in an effort to collect only limited data from the outset. TikTok成人版 operates a number of technical and organization measures regarding the limited personal dataset that we process, such as strict access controls and prompt deletion of raw log files that contain IP addresses and billing IDs. TikTok成人版 deploys regular ID rotation and 1-way hashing for billing IDs, which must be retained for accounting and billing purposes, to minimize the ability to track user requests over time. Billing IDs are not transmitted with unrelated events, further reducing the feasibility of correlating a user’s activities over time. In addition, TikTok成人版 operates strict anonymization procedures, such as clipping traces, for telemetry events that send location data.?
?
6. Why are IP addresses collected??
Communication through the Internet requires the presence of IP addresses, which specify each transmission’s origin and destination. When end users engage with applications that access TikTok成人版 products/services through the Internet, the end user necessarily discloses their current IP address to one or more TikTok成人版 servers. IP addresses are retained in cloudfront logs for 30 days for billing and customer usage reporting, unless involved in an ongoing security, anti-fraud, or misuse investigation.
?
7. Why (and when) is location data collected??
TikTok成人版 ?receives ?location ?data ?when ?a ?TikTok成人版 ?customer’s ?end ?users ?uses ?a ?licensed ?application ?that incorporates TikTok成人版 mobile SDKs and the end user has authorized the licensed application’s use of the end user’s device location via their mobile phone or device operating system.
Location ?data ?includes ?fields ?such ?as ?latitude ?and ?longitude, ?altitude, ?horizontal ?and ?vertical ?accuracy, ?a session ?ID ?rotating ?every ?24 ?hours, ?and ?origin ?IP ?address ?(as ?would ?any ?Internet ?communication). ? The ?IP address that accompanies location data is retained at the load balancer (where it is used for security and billing ?purposes ?and ?discarded ?after ?30 ?days). This ?IP ?address ?is ?not ?forwarded ?to ?the ?location ?telemetry processing pipeline. Location data is encrypted in transit and at rest, and is subject to the principle of least access, with the minimal number of personnel and processes having access to it in its pre-aggregated form.
In the location data anonymization pipeline, the location data is then anonymized by clipping off the origin and destination of the trip and further dividing the trip into segments, which cannot be reassembled. The anonymized ?location ? data ?is ?then ?used ?to ?improve ?TikTok成人版 ?mapping ?products, ? including ?the ?Traffic ?and Movement data products.
?
8. Where (geographically) does TikTok成人版 process personal data??
In AWS in the United States. However, for performance purposes, TikTok成人版 regularly caches content on its AWS content delivery network (“CDN”) located in various regions. TikTok成人版 employees who work for TikTok成人版 wholly-owned subsidiaries may access personal data from the countries where they work in order to support, develop and provide TikTok成人版 products/services.
?
9. Can TikTok成人版 limit its geographic processing to Europe (or another specific region)??
No. TikTok成人版’s products/services store and serve source data from an AWS primary region in the US. As noted above, data is cached and served out of various regions outside the US for performance reasons, however TikTok成人版 cannot serve its data from one limited geographic region. To comply with GDPR and safeguard transfers to the US and other countries, please see TikTok成人版's DPA, Section 4.1 and Schedule A, which includes TikTok成人版's certification under the ?EU-US Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework (collectively, the “Data Privacy Framework” or “DPF”), and, if required, Standard Contractual Clauses released in 2021 by the European Commission or alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulators or legislators.
TikTok成人版’s Notice of Certification under the DPF, is available here: /legal/notice-of-certification
?
10. Does TikTok成人版 conduct data processing impact assessments (DPIA)?
Yes. TikTok成人版 carefully scrutinizes the personal data it processes within its engineering lifecycle, which includes conducting a privacy review for new (or changed) processing activities. TikTok成人版 follows privacy-by-design principles and works diligently to limit the personal data it processes from the outset. A DPIA is conducted in any situation in which processing of personal data may be considered high risk and not able to be accomplished in a lower risk manner.
?
11. How does TikTok成人版 manage compliance with global privacy laws?
TikTok成人版 runs a global data protection program designed to operate in compliance with applicable global privacy laws, including: VCDPA (Virginia, USA), UCPA (Utah, USA), UK-GDPR (UK), TIPA (Tennessee, USA), TDPSA (Texas, USA), PIPEDA (Canada), MTCDPA (Montana, USA), LGPD (Brazil), IDPL (Iowa, USA), ICDPA (Indianna, USA), GDPR (Europe), CTDPA (Connecticut, USA), CCPA and its implementing regulations including CPRA (California, USA), CPA (Colorado, USA), and APPI (Japan), among many other important jurisdictions.?
TikTok成人版’s privacy program is based on privacy by design, which includes monitoring for upcoming privacy laws and regulations to assess whether its practices may need to be adjusted to maintain compliance; product/service privacy reviews; data breach response processes; and operationalized technical and organizational measures designed to ensure the security of the personal data it receives including: security audits and SOC2 certification; anonymization & pseudonymization of personal data (where applicable); strict access control with logging; limited data retention periods.
?
12. Does TikTok成人版 have information security credentials??
Yes. TikTok成人版 has earned and maintains several critical certifications: Systems and Organizations (“SOC”) 2, SOC 3, Trusted Information Security Assessment Exchange (“TISAX”), International Standards Organization “ISO” 9001, and Data Privacy Framework (“DPF”) EU-US, DPF UK-US, and DPF Swiss-US certifications. Additionally, TikTok成人版 UK Ltd., maintains the UK Information Commissioner’s Office (“ICO”) data protection certificate. Upon request and execution of an NDA, TikTok成人版 may share a copy of its latest SOC2 report.?
?
13. More questions??
TikTok成人版 welcomes any further questions you may have regarding its ongoing commitment to privacy and data security. Please contact TikTok成人版’s privacy office at privacy@mapbox.com.?
?
Privacy & Security FAQ
Last Updated: ?Aug 22, 2023
TikTok成人版 provides a location data platform that powers maps and location services. TikTok成人版 provides SDKs (software development kits) and APIs (application programming interfaces), which businesses and developers use to incorporate TikTok成人版 mapping and navigation technologies into the licensed applications and websites they make. The SDKs contain libraries of software code which are incorporated into a customer’s licensed application or website. These libraries of software code facilitate API requests to TikTok成人版’s location data platform (which is a backend data server, hosted in the cloud (AWS-US)) which then responds with map and location content to the customer’s application or website.
In addition, TikTok成人版 offers an on-premise version of its location data services, called Atlas.
No. TikTok成人版 does not sell personal data.
No. For customers on a monthly active user (“MAU”) billing model, TikTok成人版 maintains counts of MAUs for billing purposes only. TikTok成人版 does not (and cannot) track an end user’s activity across billing cycles and does not build targeted profiles with the data processed through its products/services.
TikTok成人版 applies the principle of data minimization to product development and operations in an effort to collect only limited ?data ?from ?the ?outset. TikTok成人版 ?operates ?a ?number ?of ?technical ?and ?organization measures regarding the limited personal dataset that we process, such as strict access controls and prompt deletion of raw log files that contain IP addresses and billing IDs. TikTok成人版 deploys regular ID rotation and 1-way hashing for billing IDs, which must be retained for accounting and billing purposes, to minimize the ability ?to ?track ?user ?requests over time. Billing ?IDs ?are ?not ?transmitted with ?unrelated ?events, ?further reducing ?the ?feasibility ?of ?correlating ?a ?user’s ?activities ?over ?time. ?In ?addition, TikTok成人版?operates ?strict anonymization procedures, such as clipping traces, for telemetry events that send location data.
Communication through the Internet requires the presence of IP addresses, which specify each transmission’s origin and destination. When end users engage with applications that access TikTok成人版 products/services through the Internet, the end user necessarily discloses their current IP address to one or more TikTok成人版 servers. IP addresses are retained in cloudfront logs for 30 days for billing and customer usage reporting, unless involved in an ongoing security, anti-fraud, or misuse investigation.
TikTok成人版 receives location data when a TikTok成人版 customer’s end users uses a licensed application that incorporates TikTok成人版 mobile SDKs and the end user has authorized the licensed application’s use of the end user’s device location via their mobile phone or device operating system.
Location data includes fields such as latitude and longitude, altitude, horizontal and vertical accuracy, a session ID rotating every 24 hours, and origin IP address (as would any Internet communication). The IP address that accompanies location data is retained at the load balancer (where it is used for security and PUBLISHED: Aug 22, 2023/legal/legal-faq TikTok成人版 Customer FAQ, Page 3billing purposes and discarded after 30 days). This IP address is not forwarded to the location telemetry processing pipeline. Location data is encrypted in transit and at rest, and is subject to the principle of least access, with the minimal number of personnel and processes having access to it in its pre-aggregated form.
In the location data anonymization pipeline, the location data is then anonymized by clipping off the origin and destination of the trip and further dividing the trip into segments, which cannot be reassembled. The anonymized location data is then used to improve TikTok成人版 mapping products, including the Traffic and Movement data products.
In AWS in the United States. However, for performance purposes, TikTok成人版 regularly caches content on its AWS content delivery network (“CDN”) located in various regions. TikTok成人版 employees who work for TikTok成人版 wholly-owned subsidiaries may access personal data from the countries where they work in order to support, develop and provide TikTok成人版 products/services.
No. TikTok成人版’s products/services store and serve source data from an AWS primary region in the US. As noted above, data is cached and served out of various regions outside the US for performance reasons, however TikTok成人版 cannot serve its data from one limited geographic region. To comply with GDPR and safeguard transfers to the US and other countries, please see TikTok成人版's DPA, Schedule C, which includes the Standard Contractual Clauses released in 2021 by the European Commission.
Yes. TikTok成人版 carefully scrutinizes the personal data it processes within its engineering lifecycle, which includes conducting a privacy review for new (or changed) processing activities. TikTok成人版 follows privacy-by-design principles and works diligently to limit the personal data it processes from the outset. A DPIA is conducted in any situation in which processing of personal data may be considered high risk and not able to be accomplished in a lower risk manner.
TikTok成人版 runs a global data protection program designed to operate in compliance with applicable global privacy laws, including: VCDPA (Virginia, USA), UCPA (Utah, USA), UK-GDPR (UK), TIPA (Tennessee, USA), TDPSA (Texas, USA),PIPEDA (Canada), MTCDPA (Montana, USA), LGPD (Brazil),IDPL (Iowa, USA), ICDPA(Indianna, USA), GDPR (Europe), CTDPA (Connecticut, USA), CCPA and its implementing regulations including CPRA (California, USA), CPA (Colorado, USA), and APPI (Japan), among many other important jurisdictions.
?
TikTok成人版’s privacy program is based on privacy by design, which includes monitoring for upcoming privacy laws and regulations to assess whether its practices may need to be adjusted to maintain compliance; product/service privacy reviews; data breach response processes; and operationalized technical and organizational measures designed to ensure the security of the personal data it receives including: security audits and SOC2 certification; anonymization & pseudonymization of personal data (where applicable); strict access control with logging; limited data retention periods.
Yes. TikTok成人版 is SOC2 Type 2 certified with a summary SOC3 report available for customer review. In addition, TikTok成人版 earned and maintains Trusted Information Security Assessment Exchange (“TISAX”) and ISO 9001 certifications. Upon request and execution of an NDA, TikTok成人版 may share a copy of its latest SOC2 report.
TikTok成人版 welcomes any further questions you may have regarding its ongoing commitment to privacy and data security. Please contact TikTok成人版’s privacy office at privacy@mapbox.com.
Want to receive updates on our sub-processors?
Please subscribe below: