How Google uses Store sales (direct upload) data

Google Ads Store sales (direct upload) allows you to measure offline sales using sales data that you upload (or that a third party uploads on your behalf) to produce an aggregated report demonstrating how such sales are influenced by ad campaigns Google has carried out on your behalf. Google is committed to protecting the confidentiality and security of the data you share with us. This article explains how Google handles the data files you upload (or that a third party uploads on your behalf) for use in Store sales (direct upload).

How we handle your data

The data files you upload will be used to match your customers to Google accounts and report the offline sales influenced by campaigns that Google has run on your behalf using its ads products. We'll keep your data confidential and secure using the same industry-leading standards we use to protect our own users’ data.

Here’s how the data you upload is handled:

  • Limited data use. Google will only use your data files for Store sales (direct upload) to provide you services, including technical support, and to ensure compliance with our policies. For example, we'll match the transaction data that you upload with ad click data from ad campaigns that Google has run on your behalf, to report aggregated offline conversions. To improve your Store sales measurement, Google may also combine your uploaded transaction data with data you've uploaded into other Google measurement products you use, such as Store visits. You can also instruct Google to generate Customer Match lists using transaction data uploaded for Store sales (direct upload).
  • Limited data access. Google uses employee access controls to protect your data files from unauthorized access.
  • Limited data sharing. Google won’t share your data files with any third party, including other advertisers. Where required, we may share this data to meet any applicable law, regulation, legal process or enforceable governmental request. Google uses aggregated and anonymized conversion event data for the overall benefit of advertisers for certain features such as automated bidding to improve their overall quality and accuracy.
  • Data Security. Google is committed to ensuring that the systems we use to store your data files remain secure and reliable. We have dedicated security engineering teams to protect against external threats to our systems, and we store all your data files in an encrypted format to protect against unauthorized access. We only report anonymized and aggregated data. 

Data security certifications

Privacy Shield

Google LLC is certified to the EU-US and Swiss to US Privacy Shield frameworks to ensure lawful transfer of personal data outside of the EEA. View our Privacy Shield certification.

ISO 27001

Google has earned ISO 27001 certification for the systems, applications, people, technology, processes and data centers serving a number of Google products, including Store sales (direct upload). Download the Google Ads/Analytics Scope Expansion Certificate 2017 — ISO27001 (PDF) or learn more about ISO 27001.

About the matching process

Here are more details about the matching process and how we process the files you upload (or that a third party uploads on your behalf):

  • You're responsible for putting together your data files. Customer data needs to be hashed using the SHA256 algorithm, which is the industry standard for one-way hashing. If you are performing a one-time upload of a .csv file through the Google Ads interface, you may choose to upload unhashed data since it will be automatically hashed in the browser upon submission. For all other file formats, such as XLS or Google Sheets, and for all other upload types, such as Scheduled Uploads or the Google Ads API (AdWords API), the customer data must be manually hashed using the SHA256 algorithm in the source file prior to submission.
  • Only the personally identifiable customer data in your files, such as email, phone numbers, first name, and last name should be hashed. Country, state, and zip code data shouldn’t be hashed. Please don't hash country, state, and zip code data.
  • You must upload the data files using Google Ads or the Google Ads API (AdWords API). We use Transport Layer Security (TLS) for your upload, which is the industry standard for securely transferring files.
  • Email matching: For matching based on your customers’ email addresses, after you've uploaded your data file with hashed email addresses, Google Ads will compare each hashed string in your file with the hashed string or email address of Google accounts. If there's a match, we'll mark those transaction records as matched.
  • Address matching: For matching based on your customers’ mailing addresses, Google joins hashed name and address information for Google accounts to construct a matching key. After you've uploaded your data file with hashed customer names and addresses (don’t hash zip code and country data), Google constructs a similar key based on your data and then compares each key in your file with the keys based on Google accounts. If there's a match, we'll mark those transaction records as matched.
  • Phone matching: Similar to email matching, after you've uploaded your data file with hashed phone numbers, Google Ads will compare each hashed string in your file with the hashed string or phone numbers of Google accounts. If there's a match, we'll mark those transaction records as matched.
  • Google will use the matched transaction records to combine with ad click or view information from campaigns you've instructed Google to run, to produce aggregated reports demonstrating offline sales driven by Google ads. 

Last updated: July 2019

Was this helpful?
How can we improve it?