Under Project Texas, TikTok’s proposed data security plan, the company’s sensitive U.S. user data will be stored in a cloud operated by Oracle, accessible only by vetted TikTok employees housed in a subsidiary overseen by the federal government — that is, aside from a few ambiguous “limited exceptions” for third-party access. It’s not clear what kinds of third-party access will qualify for these exceptions, which is concerning, as a review of active ByteDance job postings shows employees of the Chinese parent company still interact extensively with TikTok, and may have ample reason to request cloud access from Oracle.

According to TikTok, Oracle will allow for flexibility in its data access restrictions under “emergency situations” when TikTok needs to act quickly to “protect public safety,” as well as for routine business operations necessary for TikTok to “maintain global interoperability and continue to run [its] business.” Active ByteDance job postings describe extensive cross-collaboration between the company’s US-based employees and TikTok, as well as network infrastructure and corporate processes that span all ByteDance products — interactions that would seem to necessitate access to TikTok data, and may therefore be eligible for Oracle’s exceptions.

Job listings on ByteDance’s website suggest the Chinese-owned company has: