The letter dated on Thursday came in response to questions raised in a June 27 letter by a few senators including Republicans Marsha Blackburn and Ted Cruz, TikTok said. 

TikTok, owned by Chinese technology-conglomerate ByteDance, is one of the world's most popular social-media apps, with more than 1 billion active users globally. It counts the US as its largest market.

TikTok chief executive Shou Zi Chew told senators in the letter the short video app was working with Oracle Corp on "new advanced data security controls that we hope to finalize in the near future”.

Last month, TikTok said it had completed migrating US users' information to servers at Oracle but it was still using US and Singapore data centers for backup. 

TikTok's letter acknowledged that China-based employees "can have access to TikTok US user data subject to a series of robust cybersecurity controls and authorization-approval protocols overseen by our US-based security team."

TikTok said it expected "to delete US users' protected data from our own systems and fully pivot to Oracle cloud servers located in the US”.

TikTok has sent a response to the senators' letter, a company spokesperson said in a statement. "We look forward to connecting with members of Congress to discuss the substance of our letter."

TikTok is working to build US-based engineering capacity to further reduce the need for data access across regions, the spokesperson added.

Senator Blackburn, of Tennessee, said TikTok "should have come clean from the start but instead tried to shroud their work in secrecy". She said TikTok needs to "come back and testify before Congress”.

The TikTok letter came nearly two years after a US national-security panel ordered ByteDance to divest TikTok because of fears that US user data could be passed on to China's communist government.

That order was not enforced after Joe Biden succeeded Donald Trump as US president last year. The panel, however, known as the Committee on Foreign Investment in the United States (CFIUS), is still conducting a national-security review of the company, according to the letter.

"We know we are among the most-scrutinized platforms from a security standpoint and we aim to remove any doubt about the security of US user data," the letter said.

TikTok has said in the past that employees in China have data access to US user data. In a 2020 blogpost Roland Cloutier, TikTok's chief information-security officer, said, "Our goal is to minimize data access across regions so that, for example, employees in the APAC region, including China, would have very minimal access to user data from the EU and US." 

A BuzzFeed story in June showed ByteDance engineers in China had access to US data between September 2021 and January. 

Shared algorithms

The letter also said, "ByteDance developed the algorithms for both Douyin and TikTok, and therefore some of the same underlying basic technology building blocks are utilized by both products." TikTok is known as Douyin in China.

But TikTok's business logic, algorithm, integration and deployment of systems is specific to the TikTok application and separate from Douyin, the letter said.

While the code for the app, which determines the look and feel of TikTok, has been separated from Douyin, the server code was still partially shared across other ByteDance products. The server code provides basic functionality of the apps such as data storage, algorithms for moderating and recommending content and the management of user profiles. 

The Chinese government took a stake and a board seat in a key ByteDance entity in 2021. 

TikTok explained in its letter to the senators that its acquisition of 1 percent of Beijing Douyin Information Service Ltd was necessary to obtain a news license in China.

Popular

Stocks in Asia rise, yen wobbles after volatile start to week

In Numbers: How women fare in Indonesia

Indonesia may offer dual citizenship to attract overseas workers, minister says