TikTok sought to reassure US senators this week that it is taking all necessary steps to limit access to users' data from outside the United States, including by employees of its parent company, the Chinese group ByteDance.
The social media company responded by letter Thursday to questions from nine Republican US senators about its data storage and access policies, AFP said.
The letter was initially published by the New York Times, but TikTok has since confirmed its content to AFP.
In response to earlier inquiries from US authorities, TikTok had indicated in mid-June that all of its data on US-based users were now stored on US-based servers operated by the American company Oracle.
In its letter on Thursday, TikTok confirmed claims made in a BuzzFeed article that employees based in China had access to US users' data, but only within "robust cybersecurity controls and authorization approval protocols" overseen by the company's "US-based security team."
The company reiterated to the senators that the Chinese Communist Party (CCP) had never requested data on American users.
"We have not provided US user data to the CCP, nor would we if asked," it said.
TikTok officials also said that while ByteDance engineers could work on the platform's algorithms, the new protocol ensures that they can only do so in Oracle's computing environment, without extracting data from it.
The popular social media platform is currently being evaluated by the Committee on Foreign Investment in the United States (CFIUS), an inter-agency government review board that assesses risks of foreign investments on US national security.
During his White House tenure, former president Donald Trump was concerned about the security of the platform's data and tried to force ByteDance to sell its subsidiary to Oracle.
He also issued executive orders to outright ban the service in the United States, but those never came into force and were later revoked by his successor, Joe Biden.
President Biden has nonetheless tasked his administration with measuring the possible risks associated with foreign ownership of social media websites and apps.