Explaining your privacy practices to users who see your Lead Generation Ads
Last updated, May 2024


TikTok's Advertising Policies and Lead Generation Terms require advertisers who use Lead Generation Ads on TikTok to display a Privacy Policy on their landing page.

A Privacy Policy is a document that explains how an organization collects, uses and shares users' personal information. Providing a Privacy Policy will help you to build trust with users who submit data via your Lead Generation Ads, so you should make sure that your Privacy Policy is complete and accurate.

Privacy Policy Guidelines

There is a lot of help and guidance available on how to create a good Privacy Policy. To help you get started, you should consider the following guidelines:

1.​Post your Privacy Policy where it is easy to find.

Most advertisers will put a link to their Privacy Policy in the footer of their website or in the settings menu of their mobile app. They may also include a link in places where the user inputs their personal information, such as at the point of sale, or a contact form. Check whether local laws require you to present your Privacy Policy in a particular way.

2. Make it easy to understand.

Make your Privacy Policy available in the same language(s) as your website or app so that your customers can understand it. Also check whether local laws require you to write your Privacy Policy in a particular language. Try to make the text easy to read by breaking it up into sections with headers, and by using everyday language rather than complex legal words. Check whether local laws require you to include any specific personal information (such as data protection registration details) in your Privacy Policy.

3. Answer users' common questions.

Help your users to understand what you do with their personal information. Consider the following topics:

What types of personal information do you collect?

Explain what personal information you collect from your users, for example name, email address, products they buy, or what pages they visit on your site. Tell them whether you collect this personal information from them, automatically from their device, or whether a third party gives it to you. Make sure to explain what personal information you collect from users though the Lead Generation Ads you display on TikTok.

How do you use this personal information?

As well as using users' personal information to sell your products, you may use it for other purposes such as to improve your website or respond to user questions. There could be more! Explain to users what all of these purposes are – transparency is important for trust.

In some regions, such as the European Economic Area and the United Kingdom, you need to explain the "legal basis" for why you use your users' personal information – for example, whether you have their consent, whether it is necessary to perform a contract you have with them, or whether you have a legitimate interest to use their personal information (in which case you should explain what that interest is).

If it's necessary for a user to give you personal information for contractual or legal reasons, then explain this to them, along with the possible consequences if they do not provide this personal information (for example, you may be unable to fulfill their order if they do not provide you with their contact details).

Do you share personal information with others?

You may need to share user personal information with others. For example, sometimes you may share your users' personal information with service providers who process the personal information purely on your behalf and under your instruction, for example to host a database of your users' contact details. Other times, you might share personal information with commercial partners for other reasons, such as for joint marketing activities or to run events. Examples of other recipients you may need to mention are law enforcement, tax authorities and affiliated companies. Whatever the reason, you should explain the types of third parties with whom you may share personal information in your Privacy Policy, together with the reasons why.

How long do you keep personal information?

You should only keep user personal information for as long as you need it. Make sure you explain to users in your Privacy Policy how long you will retain their personal information. For example, if you have a set period for keeping your users' personal information (e.g. for accounting reasons) or you delete the personal information when a particular even occurs (e.g. your contract with a user ends) then explain this to the user.

How can users contact you?

If users have questions or requests about how you use their personal information, they need to know how to contact you. Make this easy by providing different ways to get in touch (e.g. email or phone).

If you are required to appoint someone with specific responsibility for overseeing how personal information is used in your organization and to help answer any questions from users about that use (for example a "data protection officer"), tell your users how to contact this person.

Local laws may have specific requirements about the contact details you should provide in your Privacy Policy, so make sure to check what is required.

What rights do users have?

Depending on where you and your users are located, users may have rights about how you use their personal information. These rights can often include the right to ask you for a copy of the personal information you hold about them, or the right to ask you to delete or correct their personal information. They may have other rights, such as the right to complain, to ask you to stop processing their personal information, to ask you to give a copy of their personal information to another organization in a portable format or to withdraw any consent they have previously given. Build trust by telling users what rights they have and how they can request them.

Do you send personal information to other countries?

Help users to understand in what countries their personal information is stored and processed. For example, in what country are you located, and do you process users' personal information in a cloud service operated in a different country? Local laws may require you to put legal protections in place when you transfer users' personal information internationally, so you should check these are in place (where required) and explain to your users what these protections are.

When will you update your Privacy Policy?

The ways you use and protect your users' personal information may change over time. Make sure to keep your Privacy Policy accurate and up to date with your current uses, tell users when it was last updated, and explain how you will communicate any future changes of your Privacy Policy to them.

For more help and advice about writing a Privacy Policy, seek guidance from your local data protection authority or seek legal advice.