CapCut claims that data for US and European users is stored in data centers located in the US and Singapore. However, ByteDance is subject to Chinese national security laws. Article 7 of China's National Intelligence Law states that organizations must "support, co-operate with and collaborate in national intelligence work." This creates a legal pathway for the Chinese government to request access to CapCut user data, regardless of where the server is physically located.
How does CapCut stack up against Western alternatives? capcut user data
| App | Data Collection Level | Server Location | Notable Risk | | :--- | :--- | :--- | :--- | | CapCut | High (Telemetry + Content access) | Multi-region (China-affiliated) | Foreign intelligence laws | | Adobe Premiere Rush | Moderate (Focus on account/usage) | US (AWS/Google Cloud) | Targeted ads | | DaVinci Resolve | Low (No cloud editing required) | Local device (optional cloud) | Minimal telemetry | | InShot | Moderate (Ads focused) | Third-party CDN | Ad profiling | CapCut user data A
In April 2023, a security flaw was exposed when it was reported that a Citibank employee accidentally exposed sensitive customer data while using CapCut’s "screen recording" or "video capture" features. This highlighted a risk inherent in the app's permissions: Enterprise Risk. The app requests broad permissions to access the camera, microphone, and screen recording capabilities. If installed on a device used for work, it poses a risk of capturing proprietary or sensitive information in the background or during recording sessions. Article 7 of China's National Intelligence Law states
This is a gray area. When you use voice changers or audio filters, CapCut processes the waveform of your speech. While ByteDance claims it does not create voiceprints for identification, the raw audio snippet is sent to their servers for real-time processing.