Transparency

Google processes your data to fulfill our contractual obligation to deliver our services. Google’s customers own their data, not Google. The data that companies, schools and government agencies put into our systems is theirs. Google does not sell your data to third parties. Google offers our customers a detailed Data Processing Amendment that describes our commitment to protecting your data.

For security events that may affect the confidentiality, integrity, or availability of systems or data, Google has an incident management process in place. This process specifies courses of action and procedures for notification, escalation, mitigation, and documentation. To help ensure the swift resolution of security incidents, the Google information security team is available 24/7 to all Google employees. Google Support, Security, or Product Management will notify the affected customers of incidents that affect the confidentiality, integrity or availability of their data. Once an initial notification is made, follow-up notifications and calls may take place as needed for the affected parties to understand the incident.

Access rights are based on a Google employee’s job function and role—using the concepts of least-privilege and need-to-know—commensurate with the employee’s defined responsibilities. Google employees are only granted a limited set of default permissions to access company resources. Google requires the use of a unique user ID for each employee. This account is used to identify each person’s activity on Google’s network, including any access to employee or customer data.

Your data is stored in Google's network of geographically distributed data centers. Google's computing clusters are designed with resiliency and redundancy in mind, eliminating any single point of failure and minimizing the impact of common equipment failures and environmental risks. Storing your data in a particular country does not necessarily protect the data from access by foreign governments. Google Cloud Platform (GCP) allows customers to choose to store their data in Europe, North America, or Asia. Important: The customer must specify this location when they configure their application. If a data location is not specified, the GCP services will default to North America.

We publish a regular Transparency Report detailing how government requests for data and governments and other parties affect your security and privacy online. This is because we think you deserve to know. We have a track record of telling you what’s going on and standing up for your rights. We were the first to publish a Transparency Report in 2010, and we now publish information about all types of legal process we receive, including processes issued under national security authorities. We still need more transparency from governments and a better balance between civil liberties and national security.

Google’s Transparency Report shows disruptions to Google products and services at any point in more than 30 countries. Causes for these disruptions vary, and include network outages and government-mandated blocks.

Google will take down malware, pornography, child sexual abuse imagery, copyrighted, or trademarked content when notified by a third party, or if our systems detect these types of content on Google servers.

Google will contact the primary account administrator in the event content is taken down.

Need to report abuse? See our Reporting Abuse Incidents page.