Google Meet security & privacy for admins

This article is for administrators. To find information for users, go to the Meet help center.
For details about security for Education editions, go to Meet security and privacy for education.

Google Meet has many features to help protect your data and safeguard your privacy.

You can report abuse if you believe that someone is violating the Google Meet acceptable use policies.

Open all   |   Close all

Privacy & compliance

There are several ways Google helps protects your privacy: by keeping you in control, by maintaining and continually evolving security features, and by complying with data protection laws and other industry standards. This lets you take advantage of Meet:

  • Control over your dataMeet adheres to the same robust privacy commitments and data protections as the rest of Google Cloud’s enterprise services. Learn more about privacy.
    • Customers own their data, not Google.
    • Google does not use customer data for advertising or sell customer data to third parties.
    • Customer data is encrypted in transit and customer recordings stored in Google Drive are encrypted at rest by default.
    • Meet does not have user attention-tracking features or software.
    • You can set retention policies for Meet recordings with Google Vault to help fulfill legal obligations.
    • Google does not store video, audio, or chat data unless a meeting participant initiates a recording during the Meet session.
  • Compliance—Our products, including Meet, regularly undergo independent verification of their security, privacy, and compliance controls. We consistently achieve certifications, attestations of compliance, or audit reports against global standards. We’ve also created resource documents and mappings against frameworks and laws where formal certifications or attestations might not be required or applied. Learn more about compliance.

    Our global list of compliance offerings for Meet include:
  • TransparencyWe follow a rigid process for responding to any government requests for customer data. We also disclose information about the number and type of requests we receive from governments through our Google Transparency Report. Learn more about transparency.
  • Smart features and personalization—You or your users decide whether smart features in Gmail, Chat, and Meet, and personalization features in other Google products, can use data from Gmail, Chat, and Meet. You can configure these settings for users, and users can always choose their own settings. Learn more about Smart features and personalization
Encryption

To help ensure data security and privacy, Meet supports the following encryption measures:

  • All data in Meet is encrypted in transit by default between the client and Google for video meetings on a web browser, on the Meet Android and iOS apps, and in meeting rooms with Google Meet hardware.
  • If you join a video meeting by phone, the audio uses the telephone carrier’s network and might not be encrypted.
  • Meet recordings stored in Google Drive are encrypted at rest by default.
  • Meet adheres to Internet Engineering Task Force (IETF) security standards for Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). Learn more about DTLS.
  • Meet encryption provides robust security to keep all data private. You can add an additional layer of encryption with Google Workspace Client-side encryption (CSE).
    • CSE uses your organization's encryption keys to encrypt Meet video and audio streams on the client’s browser before it is transmitted to other meeting participants or Google.
    • To use CSE, you'll need to connect Google Workspace to an external encryption key service and an identity provider (IdP). For details, see Use client-side encryption.
Anti-abuse measures

Meet employs a vast array of anti-abuse measures to keep your video meetings safe. These include anti-hijacking controls for both web video meetings and telephony dial-ins. Here are some of the key anti-abuse measures we have in place:

Web browser or apps

  • Meeting codes—Each meeting code is 10 characters long, with 25 characters in the set. This makes it harder to brute force “guess” meeting codes.
  • Meeting details—Can be changed in the invite. Completely changing the video meeting invite changes both the meeting code and the phone PIN. This is especially useful if a user is no longer part of the meeting invite.
  • Joining a meeting—The following restrictions apply when people join a video meeting:
    • External participants can join directly, only if they are on the calendar invite or if they've been invited by in-domain participants from within the Meet session.
    • Any other external participants must request to join the meeting, which must be accepted by a member of the host organization.
    • We limit the ability of external participants to join the meeting more than 15 minutes in advance. Within this time, external participants on the calendar invite can join the meeting directly.
    • Additional features, such as the ability of an in-domain participant to remove an attendee from a meeting, gives in-domain participants more control over handling undesirable behavior during meetings. For more information on attendees, go to the audit records and Meet quality tool.

Telephony

  • Meeting PINs—PINs are generally 9 digits or more.
  • Meeting details—Phone number and PIN combinations are invalid outside the scheduled meeting time.
  • Joining a meetingPhone participants may not join unless it's within 15 minutes of the scheduled meeting time.

You can report abuse if you believe that someone is violating the Google Meet acceptable use policies.

Secure deployment, access & controls

Meet offers multiple precautions to keep your data private and secure:

  • Accessing Meet—For users on Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge browsers, we don't require any plugins or software to be installed. Meet works entirely in the browser. This limits the attack surface for Meet and the need to push out frequent security patches on end-user machines. On mobile devices, we recommend you install the Google Meet app from Google Play (Android) or the App Store (iOS). Learn more about accessing Google Meet.
  • 2-Step Verification—We support multiple 2 Step Verification (2SV) options for Meet: security keys, Google Authenticator, Google prompt, and SMS text message.
  • Advanced Protection ProgramMeet users can enroll in Google’s Advanced Protection Program (APP). APP provides our strongest protections available against phishing and account hijacking, is specifically designed for the highest-risk accounts, and we’ve yet to see people successfully phished if they participate in APP, even if they are repeatedly targeted. Learn more about advanced protection.
  • Additional authentication methods—Single sign-on (SSO) via SAML is available for Meet with all Google Workspace editions and Google’s multi-factor authentication (MFA) stack can be used when using the corporate identity provider.
  • Logs—Audit logging for Meet is available in the Admin console. Learn more about the Google Meet audit log.
  • Log accessWe offer Access Transparency, a feature which logs any Google admin access to Meet recordings stored in Drive, along with the reason why that access happened. Learn more about Access Transparency.
  • RecordingsThe data regions feature can be used to store Meet recordings in Drive only in specific regions (for example, the U.S. or Europe). Regional storage limitations do not apply to video transcodes, processing, indexing, and so on.
Incident response

Incident management is a major aspect of Google’s overall security and privacy program and is key to complying with global privacy regulations such as GDPR. We have stringent processes in place around incident prevention, detection and response. Learn more about the incident management.

Incident prevention

  • Automated network and system logs analysis—Automated analysis of network traffic and system access helps identify suspicious, abusive, or unauthorized activity and are escalated to Google’s security staff.
  • Testing—Google’s security team actively scans for security threats using penetration tests, quality assurance (QA) measures, intrusion detection, and software security reviews.
  • Internal code reviews—Source code review discovers hidden vulnerabilities, design flaws, and verifies if key security controls are implemented.
  • Google’s vulnerability reward program—Potential technical vulnerabilities in Google-owned browser extensions, mobile, and web applications that might affect the confidentiality or integrity of user data are sometimes reported by external security researchers.

Incident detection

  • Product-specific tooling and processes—Automated tooling is employed wherever possible to enhance Google’s ability to detect incidents at the product level.
  • Usage anomaly detection—Google employs many layers of machine learning systems to differentiate between safe and anomalous user activity across browsers, devices, application logins, and other usage events.
  • Data center and / or workplace services security alerts—Security alerts in data centers scan for incidents that might affect the company’s infrastructure.

Incident response

  • Security incidents—Google operates a world-class incident response program that delivers these key functions:
    • Pioneering monitoring systems, data analytics, and machine learning services to proactively detect and contain incidents.
    • Dedicated subject matter experts deployed to respond to any type or size of data incident.
    • A mature process for promptly notifying affected customers, in line with Google’s commitments in our Terms of service and customer agreements.
Safety best practices
Establishing a trusted meeting space is important to create a safe experience for all attendees. 
  • Be mindful when sharing meeting links in public forums. 
  • If a meeting screenshot needs to be shared publicly, make sure the URL, located in the address bar of the browser, is removed from the screenshot. 
  • Consider using Google Calendar to send Meet invites for private meetings with a trusted group of participants. Learn about using Meet with Calendar.
  • Be sure to vet and only accept new attendees that you recognize before allowing them to enter a meeting.
  • If you notice disruptive behavior during a meeting, use moderator security controls such as removing or muting a participant
  • Turn on 2-Step Verification to help prevent account takeovers, even if someone obtained your password. Learn how to make your account more secure.
  • Consider enrolling in the Advanced Protection Programthe strongest set of protections Google has against phishing and account hijacking. Learn more about the Advanced Protection Program.
  • Take the Google Security Checkup. We built this step-by-step tool to give you personalized and actionable security recommendations to help you strengthen the security of your Google Account. Start the Google Security Checkup.

Related topics

 


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

 

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
true
false
true
true
73010
false
false