Compliance
We conduct regular internal security audits and work with external auditors to review our hardware, software, and physical security configurations. We are SOC 2 Type 2 and SOC 3 compliant.
Our security vulnerability program rewards users and security researchers who find issues with our software and web services. If we discover a vulnerability, we follow a formal incident response framework to ensure rapid mitigation and transparent customer communication.
SOC 2 (Type II)
Security, Availability, and Confidentiality Report
SOC 3
General Control Report
ISO 9001
Global Quality Standard
TISAX
Automotive Industry Standard
Product Security
Account Security
We serve our website exclusively via HTTPS, and serve all our APIs over HTTPS and TLS 1.2+ by default. We offer two-factor authentication for logins to help you protect your account, and we let you create multiple customizable access tokens for granular control over access to your account resources.
Software Security
We have a continuous software update process to keep our systems up-to-date with the latest stable versions of compute images (Ubuntu, Debian, Amazon Linux) and application runtimes (NodeJS, Python). We monitor documented threats from public security research databases (such as the ), and we run automated vulnerability scanners at regular intervals across our infrastructure and before each deployment. Our developers receive training for secure software development, including (OWASP) guidelines. All major code changes are subject to a multi-point code review with specific attention paid to security.
Private Maps
From raster imagery from a drone to GPS traces from a fleet of vehicles, data uploaded by Enterprise users can be secured with private maps. New maps are private by default and existing maps can be made private with a single click. Access tokens provide a powerful way to control permissions: in our management interface, users can create, revoke, and monitor the usage of resources based on tokens.
Infrastructure Security and Resilience
Physical Security
Our infrastructure runs inside data centers designed and operated by Amazon Web Services (AWS). AWS data centers feature state of the art environmental security controls to safeguard against fires, power loss, and adverse weather conditions. Physical access to these facilities is highly restricted and they are monitored by professional security personnel. Our offices are equipped with access control, intrusion detection, and video surveillance systems.
DDoS mitigation
Maps and location can be politically charged subjects. We maintain firewalls on our edge servers and origin load balancers to protect against bandwidth and protocol-based attacks, and we use intelligent web application firewalls and elastic scaling of our compute capacity to mitigate attacks at the application layer, including complex and evolving attacks.
Data security
All customer data is stored with at least dual redundancy and we've designed our storage solution for 99.999999999% long term durability. All TikTok成人版 accounts come with built-in encryption-at-rest. We store and secure Mobile Telemetry in a dedicated pipeline.
Logging
We log activity across our platform, from individual API requests to infrastructure configuration changes. Logs are aggregated for monitoring, analysis, and anomaly detection and archived in vaulted storage. We implement measures to detect and prevent log tampering or interruptions.
Security Response
All TikTok成人版 engineering teams, in addition to Security, maintain a 24/7/365 on-call team to respond to any threats or vulnerabilities that are identified.
Risk Management
Vendor Management
We have a defined vendor management program that assesses vendors and sub-processors prior to engaging to ensure that our stringent security requirements are being met.
Payment Processing
We process payments with , which has been audited by a auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of PCI DSS certification available. Payment information is transmitted directly to Stripe via HTTPS for secure storage and is never transmitted to or stored on TikTok成人版 servers.