Google Meet security & privacy for admins

This article is for administrators. If you're a user, go to the Meet help center. For details about security for Education editions, go to Meet security and privacy for education.

As an admin, you can protect your organization’s data and privacy using Google Meet features.

Protect privacy & data

Expand all  |  Collapse all

Privacy & compliance

Google helps protect your privacy by keeping you in control, maintaining and evolving security features, and complying with data protection laws and other industry standards.

  • Control over your data—Meet adheres to the same privacy commitments and data protections as the rest of Google Cloud’s services. 
    • Customers own their data, not Google.
    • Google does not use customer data for advertising or sell customer data to third parties.
    • Customer data is encrypted in transit and customer recordings stored in Google Drive are encrypted at rest by default.
    • Meet does not have user attention-tracking features or software.
    • You can set retention policies for Meet recordings with Google Vault to help fulfill legal obligations.
    • Google does not store video, audio, or chat data unless a meeting participant initiates a recording during the Meet session.

For more details, go to the Privacy Resource Center.

Encryption

To help ensure data security and privacy, Meet supports the following encryption measures:

  • All data in Meet is encrypted in transit by default between the client and Google for Meet meetings on a web browser, on the Meet Android and iOS apps, and in meeting rooms with Google Meet hardware.
  • If you join a Meet meeting by phone or use a phone for audio in a meeting, the audio uses the telephone carrier’s network and might not be encrypted.
  • Meet recordings stored in Google Drive are encrypted at rest by default.
  • Meet adheres to Internet Engineering Task Force (IETF) security standards for Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). Learn more about the DTLS extension to establish keys for SRTP.

Advanced encryption

  • Meet encryption provides security to keep all data private. You can add an additional layer of encryption with Google Workspace Client-side encryption (CSE).
  • CSE uses your organization's encryption keys to encrypt Meet video and audio streams on the client’s browser before the streams are transmitted to other meeting participants or Google.
  • To use CSE, connect Google Workspace to an external encryption key service and identity provider (IdP). For more details, go to Use client-side encryption for users' data.
Anti-abuse measures

Meet employs anti-abuse measures, such as anti-hijacking controls for meetings and dial-in participants, to keep your meetings safe. Here are some of the key anti-abuse measures we have in place:

  • Meeting codes—Each meeting code is 10 characters long, with 25 characters in the set, making it difficult to guess a meeting code.
  • In-meeting features—If you turn on host management, your users have more control in meetings. For details, go to Host Management.
  • Extra precautions for external participants—External participants can only join a meeting directly if they’re on the calendar invite or if they've been invited by someone in your organization from within the Meet meeting. And, they can only join a meeting within 15 minutes of the meeting time. 
  • Dialing in by phone—Phone number and PIN combinations are only valid during the scheduled meeting time, and PINs are generally 9 digits or more. Phone participants can only join within 15 minutes of the scheduled meeting time.

Advanced anti-abuse measures

  • If the meeting has Google Workspace Client-side encryption (CSE), external participants without an invitation cannot request to join the meeting. 
  • If the meeting doesn’t have CSE, any other external participants can request to join the meeting. Only someone in your organization can accept the request.
  • Phone participants cannot join CSE meetings.
Secure deployment, access & controls

Meet takes multiple precautions for secure access:

  • Accessing Meet—For users on Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge browsers, we don't require installation of any plugins or software. Meet works entirely in the browser. You don’t have  to push out any security patches for Meet on end-user machines. On mobile devices, we recommend the Google Meet app from Google Play (Android) or the Apple App Store (iOS). For more details, go to Requirements for using Google Meet.
  • 2-Step Verification—We support multiple 2-Step Verification options for Meet, including security keys, one-time passwords and prompts, and SMS text messages. Learn more
  • Advanced Protection Program—Enroll in Google’s Advanced Protection Program, which provides the strongest protections available against phishing and account hijacking. Learn more
  • Additional authentication methods—Single sign-on (SSO) through SAML is available for Meet with all Google Workspace editions. 
  • Logs—Audit logging for Meet is available in the Google Admin console. For more details, go to Meet log events.
  • Track access—We offer Access Transparency, a feature that logs any Google admin who accesses Meet recordings stored in Google Drive, along with the reason for access. For more details, go to Access Transparency.
  • Recordings—The data regions feature can be used to store Meet recordings in Drive only in specific regions (for example, the U.S. or Europe). Regional storage limitations do not apply to video transcodes, processing, indexing, and so on.
Incident management

Incident management is a major aspect of Google’s overall security and privacy program and is key to complying with global privacy regulations, such as GDPR. We have stringent processes in place around incident prevention, detection, and response. For more details, go to Data incident response process.

Incident prevention

  • Automated network and system logs analysis—Automated analysis of network traffic and system access helps identify suspicious, abusive, or unauthorized activity, which are escalated to Google’s security staff.
  • Testing—Google’s security team actively scans for security threats using penetration tests, quality assurance measures, intrusion detection, and software security reviews.
  • Internal code reviews—Source code review discovers hidden vulnerabilities, design flaws, and verifies if key security controls are implemented.
  • Google’s vulnerability reward program—Potential technical vulnerabilities in Google-owned browser extensions, mobile, and web applications that might affect the confidentiality or integrity of user data are sometimes reported by external security researchers.

Incident detection

  • Product-specific tooling and processes—Automated tooling is employed wherever possible to enhance Google’s ability to detect incidents at the product level.
  • Usage anomaly detection—Google employs many layers of machine learning systems to differentiate between safe and anomalous user activity across browsers, devices, application sign-ins, and other usage events.
  • Data center and workplace services security alerts—Security alerts in data centers scan for incidents that might affect your company’s infrastructure.

Incident response

  • Expert response—Dedicated subject matter experts deployed to respond to any type or size of data incident.
  • Notifications—A process for promptly notifying affected organizations, in line with Google’s commitments in our Terms of Service and agreements.
Safety best practices

Establishing a trusted meeting space is important to create a safe experience for all attendees. 

  • Be mindful when sharing meeting links in public forums. 
  • If a meeting screenshot needs to be shared publicly, make sure the URL, located in the address bar of the browser, is removed from the screenshot. 
  • Use Google Calendar to send Meet invites for private meetings with a trusted group of participants. For more details, go to Start or schedule a Google Meet meeting.
  • Be mindful when inviting external attendees and admitting anonymous users that request to join a meeting. Anonymous users self-assign their name for meeting participation, so we recommend vetting them by observing their audio and video feeds after they join the meeting. 
  • If you notice disruptive behavior during a meeting or a user you don't recognize, use Host Management or moderator security controls to remove people from a meeting.  For more details, go to Add or remove people from a Google Meet meeting.
  • Turn on 2-Step Verification to help prevent account takeovers, even if someone obtained your password. For more details, go to Make your account more secure.
  • Take Google’s Security Checkup, a step-by-step tool to give you personalized and actionable security recommendations to strengthen the security of your organization’s Google Account. Start your Security Checkup.

Report abuse

You can report abuse if you believe that someone is violating the Google Meet acceptable use policies.

Related topics


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

 

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
15982358084727761510
true
Search Help Center
true
true
true
true
true
73010