Capcut User Data |work|

REPORT: CapCut User Data Privacy, Security, and Regulatory Analysis

Date: May 2024 Subject: Analysis of Data Collection Practices and Security Risks associated with CapCut

1. The Obvious: They collect everything you’d expect

Before we sound the alarm, let’s look at the standard data collection. According to CapCut’s privacy policy, the app automatically collects:

• Device info: IP address, operating system, browser type, and phone model.
• Usage data: Which buttons you click, how long you edit, and when you crash.
• App content: The videos you export (even if you don’t post them to TikTok).

Most editing apps do this for performance analytics. But the next categories are where it gets tricky. capcut user data

How to Protect Your CapCut User Data

If you cannot switch software due to CapCut’s unique features (like auto-captioning), you can mitigate risks by following these steps:

6. Use a Dedicated "Burner" Device

For high-risk creators (journalists, activists), consider using an old smartphone with no SIM card, no personal accounts, and a VPN. Edit on that device, transfer the final video via USB (not Wi-Fi) to your main phone. REPORT: CapCut User Data Privacy, Security, and Regulatory

The "Digital Trail": Where Does Your Data Go?

Once collected, CapCut user data does not stay on your phone. Here is the standard flow:

1. To ByteDance Servers: Data is transmitted to servers located in Singapore, Virginia (USA), and Ireland (EU), depending on your region. However, back-end access for developers may still route through Beijing.
2. To AI Model Training: Anonymized (or allegedly anonymized) video snippets are used to train ByteDance’s machine learning models for features like "Pose Estimation" and "Matting."
3. To Advertising Partners: If you use the free version with ads, your device ID and interests are shared with third-party ad networks (Google AdMob, Pangle, etc.).
4. Legal Compliance: Under Chinese law (Cybersecurity Law), ByteDance may be required to share certain user data with Chinese authorities upon request, even for non-Chinese users.

A. Data Sovereignty

CapCut claims that data for US and European users is stored in data centers located in the US and Singapore. However, ByteDance is subject to Chinese national security laws. Article 7 of China's National Intelligence Law states that organizations must "support, co-operate with and collaborate in national intelligence work." This creates a legal pathway for the Chinese government to request access to CapCut user data, regardless of where the server is physically located. Device info: IP address, operating system, browser type,

B. Third-Party Service Providers

Data is shared with companies that provide analytics, cloud storage, and advertising services.

• Advertising: Data is shared to target users with personalized ads.
• Analytics: Third-party trackers (SDKs) embedded in the app report user behavior back to marketing firms.